Skip to content

[Dependencies]: Bump actions/dependency-review-action from 3.1.1 to 3.1.2 #936

[Dependencies]: Bump actions/dependency-review-action from 3.1.1 to 3.1.2

[Dependencies]: Bump actions/dependency-review-action from 3.1.1 to 3.1.2 #936

Workflow file for this run

name: "PR: Lint"
on:
pull_request:
types: [opened, edited, synchronize, reopened, ready_for_review, unlocked]
branches:
- main
permissions:
contents: read
concurrency:
group: ${{github.workflow}}-${{github.ref}}
cancel-in-progress: true
env:
HEAD_REF: ${{github.head_ref}}
BASE_REF: ${{github.base_ref}}
jobs:
info:
if: endsWith(github.repository, '-template')
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Info"
shell: bash
run: |
echo "Branch: ${{env.HEAD_REF}}"
echo "Base Branch: ${{env.BASE_REF}}"
echo "Repo: ${{github.repository}}"
echo "Owner: ${{github.repository_owner}}"
# include-JIRA-ticket:
# if: github.event.pull_request.draft == false
# runs-on: [self-hosted, linux]
# steps:
# - name: "Initialise Workspace"
# shell: bash
# run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
# - name: "Checkout Source"
# uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - if: |-
# !endsWith(github.repository, '-template')
# && !startsWith(github.head_ref, 'release/')
# && !startsWith(github.head_ref, 'hotfix/')
# uses: seferov/[email protected]
# with:
# title-regex: '^\[FF\-\d*?\](:)?(\ )'
# error-message: 'Add Jira Ticket ID to your title'
include-changelog-entry:
if: github.event.pull_request.draft == false
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template'))
uses: actions/checkout@v4
with:
fetch-depth: 0
- if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template'))
shell: bash
run: echo "CHANGES=$(git diff --exit-code --no-patch --merge-base origin/main CHANGELOG.md 2> /dev/null && echo 0 || echo $?)" >> "$GITHUB_ENV"
- if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) && env.CHANGES == '0'
uses: actions/[email protected]
with:
script: |
core.setFailed('Changelog has not changed')
change-log-entry-is-in-unreleased:
if: github.event.pull_request.draft == false
# As LibGit2Sharp doesn't work on 20.04
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Checkout Source"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Get version from global.json"
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template'))
uses: credfeto/[email protected]
with:
file: src/global.json
fallback: 7.0.*
- name: "Install dotnet"
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template'))
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{secrets.SOURCE_PUSH_TOKEN}}
DDOTNET_ROOT: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_INSTALL_DIR: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_MULTILEVEL_LOOKUP: "false"
DOTNET_NOLOGO: "true"
DOTNET_PRINT_TELEMETRY_MESSAGE: "false"
DOTNET_ReadyToRun: "0"
DOTNET_TC_QuickJitForLoops: "1"
DOTNET_TieredPGO: "1"
with:
dotnet-version: |
6.0.*
7.0.*
${{env.DOTNET_VERSION}}
- name: "Enable dotnet tools"
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template'))
shell: bash
run: dotnet new tool-manifest
env:
DDOTNET_ROOT: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_INSTALL_DIR: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_MULTILEVEL_LOOKUP: "false"
DOTNET_NOLOGO: "true"
DOTNET_PRINT_TELEMETRY_MESSAGE: "false"
DOTNET_ReadyToRun: "0"
DOTNET_TC_QuickJitForLoops: "1"
DOTNET_TieredPGO: "1"
- name: "Install Changelog tool"
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template'))
shell: bash
run: dotnet tool install --local Credfeto.ChangeLog.Cmd
env:
DDOTNET_ROOT: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_INSTALL_DIR: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_MULTILEVEL_LOOKUP: "false"
DOTNET_NOLOGO: "true"
DOTNET_PRINT_TELEMETRY_MESSAGE: "false"
DOTNET_ReadyToRun: "0"
DOTNET_TC_QuickJitForLoops: "1"
DOTNET_TieredPGO: "1"
- name: "Check Changelog"
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template'))
shell: bash
run: dotnet changelog --changelog CHANGELOG.md --check-insert "origin/${{github.base_ref}}"
env:
DDOTNET_ROOT: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_INSTALL_DIR: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}"
DOTNET_MULTILEVEL_LOOKUP: "false"
DOTNET_NOLOGO: "true"
DOTNET_PRINT_TELEMETRY_MESSAGE: "false"
DOTNET_ReadyToRun: "0"
DOTNET_TC_QuickJitForLoops: "1"
DOTNET_TieredPGO: "1"
does-not-contain-secrets:
if: github.event.pull_request.draft == false
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Checkout Source"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Check for leaks"
uses: DariuszPorowski/[email protected]
id: gitleaks
with:
config: .gitleaks.toml
report_format: "sarif"
fail: true
redact: true
verbose: true
log_level: info
has-no-merge-conflicts:
if: github.event.pull_request.draft == false
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Checkout Source"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Check for merge conflicts"
uses: olivernybroe/[email protected]
has-no-file-or-folder-case-sensitivity-issues:
if: github.event.pull_request.draft == false
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Checkout Source"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Check for case conflicts"
uses: credfeto/[email protected]
no-ignored-files:
if: github.event.pull_request.draft == false
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Checkout Source"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Check for ignored files"
uses: credfeto/[email protected]
dependency-review:
# Check that there are no dependencies with security problems in the PR
if: github.event.pull_request.draft == false
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- uses: credfeto/[email protected]
id: visibility
with:
# optional parameter defaults to the current repo
repository: ${{github.repository}}
# optional parameter defaults to the current user
token: ${{github.token}}
- name: "Checkout Source"
if: steps.visibility.outputs.is_public == 'true'
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: 'Dependency Review'
if: steps.visibility.outputs.is_public == 'true'
uses: actions/[email protected]
no-merge-commits:
# Check that there are no merge commits in the PR
if: github.event.pull_request.draft == false
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Checkout Source"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Check for merge commits"
uses: greenled/[email protected]
lint-code:
if: |-
github.event.pull_request.draft == false &&
( !startsWith(github.head_ref, 'release/') && !startsWith(github.head_ref, 'hotfix/') )
runs-on: [self-hosted, linux]
steps:
- name: "Initialise Workspace"
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Checkout Source"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Run Linter"
uses: github/[email protected]
env:
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{secrets.SOURCE_PUSH_TOKEN}}
MULTI_STATUS: true
VALIDATE_ALL_CODEBASE: false
VALIDATE_ANSIBLE: true
VALIDATE_BASH: true
VALIDATE_CSS: true
VALIDATE_ENV: true
VALIDATE_DOCKERFILE: true
VALIDATE_DOCKERFILE_HADOLINT: true
VALIDATE_GITHUB_ACTIONS: true
VALIDATE_JSON: true
VALIDATE_MD: true
VALIDATE_POWERSHELL: true
VALIDATE_PYTHON: true
VALIDATE_PYTHON_PYLINT: true
VALIDATE_SQL: true
VALIDATE_TYPESCRIPT_ES: true
VALIDATE_XML: true
VALIDATE_YAML: true