Merge pull request #10094 from rancher-sandbox/dependabot/npm_and_yar… #16974
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Spelling | |
| # Comment management is handled through a secondary job, for details see: | |
| # https://github.com/check-spelling/check-spelling/wiki/Feature%3A-Restricted-Permissions | |
| # | |
| # `jobs.comment-push` runs when a push is made to a repository and the `jobs.spelling` job needs to make a comment | |
| # (in odd cases, it might actually run just to collapse a comment, but that's fairly rare) | |
| # it needs `contents: write` in order to add a comment. | |
| # | |
| # `jobs.comment-pr` runs when a pull_request is made to a repository and the `jobs.spelling` job needs to make a comment | |
| # or collapse a comment (in the case where it had previously made a comment and now no longer needs to show a comment) | |
| # it needs `pull-requests: write` in order to manipulate those comments. | |
| # Updating pull request branches is managed via comment handling. | |
| # For details, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-expect-list | |
| # | |
| # These elements work together to make it happen: | |
| # | |
| # `on.issue_comment` | |
| # This event listens to comments by users asking to update the metadata. | |
| # | |
| # `jobs.update` | |
| # This job runs in response to an issue_comment and will push a new commit | |
| # to update the spelling metadata. | |
| # | |
| # `with.experimental_apply_changes_via_bot` | |
| # Tells the action to support and generate messages that enable it | |
| # to make a commit to update the spelling metadata. | |
| # | |
| # `with.ssh_key` | |
| # In order to trigger workflows when the commit is made, you can provide a | |
| # secret (typically, a write-enabled github deploy key). | |
| # | |
| # For background, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-with-deploy-key | |
| # SARIF reporting | |
| # | |
| # Access to SARIF reports is generally restricted (by GitHub) to members of the repository. | |
| # | |
| # Requires enabling `security-events: write` | |
| # and configuring the action with `use_sarif: 1` | |
| # | |
| # For information on the feature, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-SARIF-output | |
| # Minimal workflow structure: | |
| # | |
| # on: | |
| # push: | |
| # ... | |
| # jobs: | |
| # # you only want the spelling job, all others should be omitted | |
| # spelling: | |
| # # remove `security-events: write` and `use_sarif: 1` | |
| # # remove `experimental_apply_changes_via_bot: 1` | |
| # ... otherwise, adjust the `with:` as you wish | |
| # on.pull_request(_target).edited is only needed for with.check_commit_messages: title | description | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| tags-ignore: | |
| - "**" | |
| pull_request: | |
| branches: | |
| - "**" | |
| types: | |
| - 'opened' | |
| - 'reopened' | |
| - 'synchronize' | |
| permissions: {} | |
| jobs: | |
| spelling: | |
| name: Check Spelling | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| actions: read | |
| security-events: write # To be able to write SARIF events | |
| runs-on: ubuntu-latest | |
| if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }} | |
| concurrency: | |
| group: spelling-${{ github.event.pull_request.number || github.ref }} | |
| # note: If you use only_check_changed_files, you do not want cancel-in-progress | |
| cancel-in-progress: true | |
| env: | |
| UPLOAD_SARIF_LIMITED: '' # Set by `yarn lint:spelling`. | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| # We don't actually need the full `yarn install`; we just do enough to set | |
| # up `yarn` to get `yarn lint:spelling` to work. | |
| - name: Drop all dependencies | |
| run: | | |
| yq --inplace '.dependencies = {} | .devDependencies = {}' package.json | |
| rm -f yarn.lock | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version-file: package.json | |
| - run: corepack enable yarn | |
| - run: yarn install --no-immutable --mode=skip-build | |
| - run: sudo apt-get install cpanminus | |
| - name: Check Spelling | |
| run: yarn lint:spelling | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} # Needed to generate SARIF reports. | |
| RD_LINT_SPELLING: 1 | |
| - name: Upload SARIF report | |
| # Use the limited report since if we have more than 25k errors nobody is | |
| # going read through it all anyway. | |
| if: always() && env.UPLOAD_SARIF_LIMITED != '' | |
| continue-on-error: true | |
| uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 | |
| with: | |
| category: check-spelling | |
| sarif_file: ${{ env.UPLOAD_SARIF_LIMITED }} |