[Dependencies]: Bump actions/dependency-review-action from 3.1.5 to 4.0.0 #993
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "PR: Lint" | |
on: | |
pull_request: | |
types: [opened, edited, synchronize, reopened, ready_for_review, unlocked] | |
branches: | |
- main | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{github.workflow}}-${{github.ref}} | |
cancel-in-progress: true | |
env: | |
HEAD_REF: ${{github.head_ref}} | |
BASE_REF: ${{github.base_ref}} | |
jobs: | |
info: | |
if: endsWith(github.repository, '-template') | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Info" | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.info('Branch: ${{env.HEAD_REF}}'); | |
core.info('Base Branch: ${{env.BASE_REF}}'); | |
core.info('Repo: ${{github.repository}}'); | |
core.info('Owner: ${{github.repository_owner}}'); | |
# include-JIRA-ticket: | |
# if: github.event.pull_request.draft == false | |
# runs-on: [self-hosted, linux] | |
# steps: | |
# - name: "Initialise Workspace" | |
# shell: bash | |
# run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
# - name: "Checkout Source" | |
# uses: actions/checkout@v4 | |
# with: | |
# fetch-depth: 0 | |
# - if: |- | |
# !endsWith(github.repository, '-template') | |
# && !startsWith(github.head_ref, 'release/') | |
# && !startsWith(github.head_ref, 'hotfix/') | |
# uses: seferov/[email protected] | |
# with: | |
# title-regex: '^\[FF\-\d*?\](:)?(\ )' | |
# error-message: 'Add Jira Ticket ID to your title' | |
include-changelog-entry: | |
if: github.event.pull_request.draft == false | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
shell: bash | |
run: echo "CHANGES=$(git diff --exit-code --no-patch --merge-base origin/main CHANGELOG.md 2> /dev/null && echo 0 || echo $?)" >> "$GITHUB_ENV" | |
- if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) && env.CHANGES == '0' | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.setFailed('Changelog has not changed') | |
change-log-entry-is-in-unreleased: | |
if: github.event.pull_request.draft == false | |
# As LibGit2Sharp doesn't work on 20.04 | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Checkout Source" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Get version from global.json" | |
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
uses: credfeto/[email protected] | |
with: | |
file: src/global.json | |
fallback: 8.0.* | |
- name: "Install dotnet" | |
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{secrets.SOURCE_PUSH_TOKEN}} | |
DDOTNET_ROOT: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}" | |
DOTNET_INSTALL_DIR: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}" | |
DOTNET_MULTILEVEL_LOOKUP: "false" | |
DOTNET_NOLOGO: "true" | |
DOTNET_PRINT_TELEMETRY_MESSAGE: "false" | |
DOTNET_ReadyToRun: "0" | |
DOTNET_TC_QuickJitForLoops: "1" | |
DOTNET_TieredPGO: "1" | |
with: | |
dotnet-version: | | |
6.0.* | |
7.0.* | |
8.0.* | |
${{env.DOTNET_VERSION}} | |
- name: "Check Runner details" | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.info('Name: ${{runner.name}}'); | |
core.info('OS: ${{runner.os}}'); | |
- name: "Enable Local nuget feeds if caching" | |
if: startsWith(runner.name, 'buildagent-') | |
id: nuget-local-cache | |
shell: bash | |
run: | | |
{ | |
echo "NUGET_BAGET_CACHE=${{vars.NUGET_BAGET_CACHE}}" | |
echo "PRERELEASE_BAGET_CACHE=${{vars.PRERELEASE_BAGET_CACHE}}" | |
echo "RELEASE_BAGET_CACHE=${{vars.RELEASE_BAGET_CACHE}}" | |
}>> "$GITHUB_OUTPUT" | |
- name: "Configure nuget feeds" | |
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
uses: ./.github/actions/nuget | |
with: | |
NUGET_PUBLIC_RESTORE_FEED_CACHE: ${{steps.nuget-local-cache.outputs.NUGET_BAGET_CACHE}} | |
NUGET_PUBLIC_RESTORE_FEED: ${{vars.NUGET_PUBLIC_RESTORE_FEED}} | |
NUGET_ADDITIONAL_RESTORE_FEED_RELEASE_CACHE: ${{steps.nuget-local-cache.outputs.RELEASE_BAGET_CACHE}} | |
NUGET_ADDITIONAL_RESTORE_FEED_PRERELEASE_CACHE: "" | |
NUGET_ADDITIONAL_RESTORE_FEED_RELEASE: ${{vars.NUGET_ADDITIONAL_RESTORE_FEED_RELEASE}} | |
NUGET_ADDITIONAL_RESTORE_FEED_PRERELEASE: "" | |
- name: "Enable dotnet tools" | |
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
shell: bash | |
run: dotnet new tool-manifest | |
env: | |
DDOTNET_ROOT: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}" | |
DOTNET_INSTALL_DIR: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}" | |
DOTNET_MULTILEVEL_LOOKUP: "false" | |
DOTNET_NOLOGO: "true" | |
DOTNET_PRINT_TELEMETRY_MESSAGE: "false" | |
DOTNET_ReadyToRun: "0" | |
DOTNET_TC_QuickJitForLoops: "1" | |
DOTNET_TieredPGO: "1" | |
- name: "Install Changelog tool" | |
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
uses: ./.github/actions/dotnet-tool | |
with: | |
TOOL_NAME: Credfeto.ChangeLog.Cmd | |
- name: "Check Changelog" | |
if: (github.actor != 'dependabot[bot]' && !endsWith(github.repository , '-template')) | |
shell: bash | |
run: dotnet changelog --changelog CHANGELOG.md --check-insert "origin/${{github.base_ref}}" | |
env: | |
DDOTNET_ROOT: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}" | |
DOTNET_INSTALL_DIR: "${{github.workspace}}/.dotnet/${{github.sha}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}" | |
DOTNET_MULTILEVEL_LOOKUP: "false" | |
DOTNET_NOLOGO: "true" | |
DOTNET_PRINT_TELEMETRY_MESSAGE: "false" | |
DOTNET_ReadyToRun: "0" | |
DOTNET_TC_QuickJitForLoops: "1" | |
DOTNET_TieredPGO: "1" | |
does-not-contain-secrets: | |
if: github.event.pull_request.draft == false | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Checkout Source" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Check for leaks" | |
uses: DariuszPorowski/[email protected] | |
id: gitleaks | |
with: | |
config: .gitleaks.toml | |
report_format: "sarif" | |
fail: true | |
redact: true | |
verbose: true | |
log_level: info | |
has-no-merge-conflicts: | |
if: github.event.pull_request.draft == false | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Checkout Source" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Check for merge conflicts" | |
uses: olivernybroe/[email protected] | |
has-no-file-or-folder-case-sensitivity-issues: | |
if: github.event.pull_request.draft == false | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Checkout Source" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Check for case conflicts" | |
uses: credfeto/[email protected] | |
no-ignored-files: | |
if: github.event.pull_request.draft == false | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Checkout Source" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Check for ignored files" | |
uses: credfeto/[email protected] | |
dependency-review: | |
# Check that there are no dependencies with security problems in the PR | |
if: github.event.pull_request.draft == false | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- uses: credfeto/[email protected] | |
id: visibility | |
with: | |
# optional parameter defaults to the current repo | |
repository: ${{github.repository}} | |
# optional parameter defaults to the current user | |
token: ${{github.token}} | |
- name: "Checkout Source" | |
if: steps.visibility.outputs.is_public == 'true' | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: 'Dependency Review' | |
if: steps.visibility.outputs.is_public == 'true' | |
uses: actions/[email protected] | |
no-merge-commits: | |
# Check that there are no merge commits in the PR | |
if: github.event.pull_request.draft == false | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Checkout Source" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Check for merge commits" | |
uses: greenled/[email protected] | |
lint-code: | |
if: |- | |
github.event.pull_request.draft == false && | |
( !startsWith(github.head_ref, 'release/') && !startsWith(github.head_ref, 'hotfix/') ) | |
runs-on: [self-hosted, linux] | |
steps: | |
- name: "Initialise Workspace" | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Checkout Source" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Run Linter" | |
uses: github/[email protected] | |
env: | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{secrets.SOURCE_PUSH_TOKEN}} | |
MULTI_STATUS: true | |
VALIDATE_ALL_CODEBASE: false | |
VALIDATE_ANSIBLE: true | |
VALIDATE_BASH: true | |
VALIDATE_CSS: true | |
VALIDATE_ENV: true | |
VALIDATE_DOCKERFILE: true | |
VALIDATE_DOCKERFILE_HADOLINT: true | |
VALIDATE_GITHUB_ACTIONS: true | |
VALIDATE_JSON: true | |
VALIDATE_MD: true | |
VALIDATE_POWERSHELL: true | |
VALIDATE_PYTHON: true | |
VALIDATE_PYTHON_PYLINT: true | |
VALIDATE_SQL: true | |
VALIDATE_TYPESCRIPT_ES: true | |
VALIDATE_XML: true | |
VALIDATE_YAML: true |