zama-ai · BourgerieQuentin · Nov 12, 2024 · Oct 3, 2024 · Nov 8, 2024 · Oct 18, 2024
diff --git a/.github/workflows/action-pin.yaml b/.github/workflows/action-pin.yaml
diff --git a/.github/workflows/action_compliance.yaml b/.github/workflows/action_compliance.yaml
@@ -0,0 +1,32 @@
+name: check action compliance
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/**
+  push:
+    branches:
+      - main
+      - 'release/*'
+
+jobs:
+  action-pin:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@0901cf7b71c7ea6261ec69a3dc2bd3f9264f893e # v3.0.12
+        with:
+          allowlist: |
+            slsa-framework/slsa-github-generator
+
+  action-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - name: check-missing-teardown
+        run: .github/workflows/scripts/teardown-check.sh
+      - name: actionlint
+        uses: raven-actions/actionlint@01fce4f43a270a612932cb1c64d40505a029f821 # v2.0.0
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
diff --git a/.github/workflows/check_commit_signature.yml b/.github/workflows/check_commit_signature.yml
diff --git a/.github/workflows/block_merge.yml → .github/workflows/commit_compliance.yml b/.github/workflows/block_merge.yml → .github/workflows/commit_compliance.yml
@@ -1,13 +1,10 @@
-# Check commit and PR compliance
-name: Check commit message compliance
+name: check commit compliance
 on:
   pull_request:
-    types: [opened, synchronize, reopened]
 
 jobs:
-  check-commit-pr:
-    name: Check commit and PR
-    runs-on: ubuntu-20.04
+  format:
+    runs-on: ubuntu-latest
     steps:
       - name: Check first line
         uses: gsactions/commit-message-checker@16fa2d5de096ae0d35626443bcd24f1e756cafee # v2.0.0
@@ -19,3 +16,13 @@ jobs:
           excludeTitle: 'true' # optional: this excludes the title of a pull request
           checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
           accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
+      - name: checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: linelint
+        uses: fernandrone/linelint@8136e0fa9997122d80f5f793e0bb9a45e678fbb1 # 0.0.4
+        id: linelint
+      - name: markdown-link-check
+        uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1
+        with:
+          use-quiet-mode: 'yes'
+          use-verbose-mode: 'yes'
diff --git a/.github/workflows/compiler_benchmark.yml b/.github/workflows/compiler_benchmark.yml