Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ CONFLICT! Lineage pull request for: skeleton #47

Merged
merged 135 commits into from
Apr 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
135 commits
Select commit Hold shift + click to select a range
b5e5c11
Bump crazy-max/ghaction-github-status from 3 to 4
dependabot[bot] Sep 13, 2023
371179e
Add a diagnostics job for the label syncing workflow
jsf9k Sep 13, 2023
1f611fc
Make the dev team the owners of the linter configuration files
jsf9k Sep 14, 2023
c356768
Make dev team members the codeowners of the requirements*.txt and set…
jsf9k Sep 14, 2023
0195005
Explicitly list the linter config files the dev team should own
jsf9k Sep 15, 2023
2e30384
Add a diagnostics job to the CodeQL workflow
jsf9k Oct 5, 2023
b768a28
Bump hashicorp/setup-terraform from 2 to 3
dependabot[bot] Oct 30, 2023
05771a8
Remove mention of collections from comment
jsf9k Nov 1, 2023
9f31700
Prefer block style to flow style
mcdonnnj Nov 2, 2023
696433a
Alphabetize entries in the build workflow
mcdonnnj Nov 2, 2023
6503a9e
Add a `merge_group` trigger to the build workflow
mcdonnnj Nov 2, 2023
74f2025
Add a section describing how to install the role
jsf9k Nov 24, 2023
193e799
Bump actions/setup-go from 4 to 5
dependabot[bot] Dec 11, 2023
5c84295
Bump actions/setup-python from 4 to 5
dependabot[bot] Dec 11, 2023
2be8f7a
Bump github/codeql-action from 2 to 3
dependabot[bot] Dec 18, 2023
4a63dbe
Switch pre-commit hooks for running shfmt
mcdonnnj Jan 18, 2024
3236b1b
Remove installation of shfmt in the `build` workflow
mcdonnnj Jan 18, 2024
5ddb14d
Use long options for shfmt arguments
mcdonnnj Jan 18, 2024
8ecd957
Add additional shfmt options
mcdonnnj Jan 18, 2024
242921b
Set the default shell for all run steps in the build workflow
mcdonnnj Sep 21, 2023
c7b18dc
Add linting with goimports to the pre-commit configuration
mcdonnnj Jan 12, 2024
f6d9d6e
Add ATX Header Support for terraform-docs
Jan 22, 2024
544e478
Add prepended names to variables to describe their function
michaelsaki Jan 22, 2024
f5fa0ff
Remove unnecessary capitalizations and fix grammar
michaelsaki Jan 22, 2024
36361dd
Simplify steps in the build/install portion of workflow
michaelsaki Jan 22, 2024
3711ebe
Add TODO label
michaelsaki Jan 23, 2024
d114fb4
Move TODO and add link to the issue
michaelsaki Jan 23, 2024
c907cfc
Alphabetize switches
michaelsaki Jan 23, 2024
48db3e3
Allow setup-env to specify Python version
Jan 25, 2024
c10929a
Add /dev/null and remove TMPFILE
michaelsaki Jan 25, 2024
adada40
Place flags in the correct order for -r and -p
Jan 25, 2024
1861b9b
Remove unneccessary spacing
Jan 25, 2024
3f623e4
Alphabetize flags and descriptions
michaelsaki Jan 25, 2024
9497dc2
Move misplaced exit
jsf9k Jan 26, 2024
e1d0f28
Remove premature pyenv local command
jsf9k Jan 26, 2024
517b336
Include PYTHON_VERSION when running pyenv virtualenv
jsf9k Jan 26, 2024
2e5794c
Add getopt variables and short flags
Jan 30, 2024
8a50031
Remove redundant flag initialization
Jan 30, 2024
0df0e6a
Add getopt functionality and -n flag
Jan 30, 2024
60cad12
Update the usage and force documentation
Jan 30, 2024
b6ab6d8
Update usage with long options
Feb 7, 2024
d362614
Add gnu-getopt functionality and error handling
Feb 7, 2024
f924584
Add documentation in CONTRIBUTING.md for gnu-getopt
Feb 7, 2024
ba86ead
Fix grammar and capitalization errors
michaelsaki Feb 7, 2024
ba0fc19
Combine PATH exports to single line
michaelsaki Feb 7, 2024
1240bdd
Improve usage instructions
michaelsaki Feb 7, 2024
297b5bd
Add $(brew --prefix) to PATH for getopt
michaelsaki Feb 7, 2024
7af70f5
Fix confusing wording
michaelsaki Feb 7, 2024
e5a2d14
Replace virt_env_name w/ virtual_env_name for clarity
michaelsaki Feb 7, 2024
82c70e0
Differentiate between GNU getopt and gnu-getopt brew formula
michaelsaki Feb 13, 2024
493a4a3
Add parenthesis over brew link
michaelsaki Feb 13, 2024
3bc9aeb
Refactor flag names for clarity and accuracy
Feb 14, 2024
0be1f63
Elaborate on message when checking for GNU getopt
Feb 14, 2024
c8f0b1b
Remove unnecessary nounset flipping logic
Feb 14, 2024
495862a
Separate pyenv PATH from GNU getopt PATH
Feb 14, 2024
4752b37
Improve verbiage in comments
michaelsaki Feb 21, 2024
2e38997
Clarify between pyenv and GNU getopt setup
michaelsaki Feb 21, 2024
f8824c8
Improve comment on conditional check for regex
Feb 21, 2024
88724e7
Add comment explaining that GNU getopt is keg-only
Feb 21, 2024
c1870be
Improve comments to better describe `keg-only` terminology
michaelsaki Feb 21, 2024
a3f69cd
Change "'setup-env' tool" to "'setup-env' script"
michaelsaki Feb 26, 2024
8ff5179
Remove build-in error exit for generic error exit
michaelsaki Feb 26, 2024
1c21e2b
Change verbiage from 'tool' to 'script' for clarity
michaelsaki Feb 26, 2024
3acc8d6
Check for pyenv earlier in the script
Feb 26, 2024
b377ce7
Explain -r and -p in Python version prompt
Feb 26, 2024
74838a2
Refine exit code to 64 with gnu-getopt note
Feb 26, 2024
487126e
Rename gnu-getopt tool to GNU getopt formula
michaelsaki Feb 28, 2024
6c82a8d
Fix whitespace for usage menu
michaelsaki Feb 28, 2024
324f6d4
Add link to brew terminology
michaelsaki Feb 28, 2024
a26d0e3
Rephrase comment to improve clarity
michaelsaki Feb 28, 2024
0510870
Improve comment for clarity
michaelsaki Feb 28, 2024
01abde6
Improve verbiage in comment
Feb 28, 2024
0989d17
Change comments for macOS and venv_name
Feb 28, 2024
a9c6ed8
Improve comments for clarity
michaelsaki Feb 29, 2024
e58dde5
Make the default scenario systemd-enabled
jsf9k Mar 1, 2024
292b0c3
Remove the systemd_enabled scenario
jsf9k Mar 1, 2024
d8b06f3
Allow ansible versions greater than 6
jsf9k Mar 1, 2024
02e1530
Remove comment that is now unnecessary
jsf9k Mar 4, 2024
0f82722
Use the full path for source Docker images
mcdonnnj Mar 4, 2024
b9c729f
Update pre-commit hook versions
mcdonnnj Jan 4, 2024
4c93395
Manually update the prettier hook
mcdonnnj Jan 4, 2024
9a0e7c3
Merge pull request #149 from cisagov/dependabot/github_actions/crazy-…
mcdonnnj Mar 6, 2024
d0d8783
Merge pull request #150 from cisagov/improvement/add-diagnostics-to-l…
mcdonnnj Mar 6, 2024
158abf5
Merge pull request #151 from cisagov/improvement/make-ois-own-linting…
mcdonnnj Mar 6, 2024
6f23c97
Merge pull request #155 from cisagov/dependabot/github_actions/hashic…
mcdonnnj Mar 6, 2024
c0043bd
Merge pull request #156 from cisagov/improvement/better_support_merge…
mcdonnnj Mar 6, 2024
e5ffc52
Merge pull request #158 from cisagov/dependabot/github_actions/action…
mcdonnnj Mar 6, 2024
59b2ad1
Merge pull request #159 from cisagov/dependabot/github_actions/action…
mcdonnnj Mar 6, 2024
57bef4a
Merge pull request #161 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Mar 6, 2024
01c9e11
Merge pull request #162 from cisagov/improvement/set_default_for_run_…
mcdonnnj Mar 6, 2024
d1a186d
Merge pull request #166 from cisagov/improvement/allow_setup-env_to_s…
mcdonnnj Mar 6, 2024
7169dcf
Use Python and Go versions provided by cisagov/setup-env-github-action
mcdonnnj Nov 11, 2023
95a61f5
Merge pull request #157 from cisagov/improvement/get_more_versions_fr…
mcdonnnj Mar 6, 2024
81735c2
Merge pull request #160 from cisagov/improvement/switch_pre-commit_ho…
mcdonnnj Mar 6, 2024
4f73489
Merge pull request #163 from cisagov/improvement/add_goimports_hook
mcdonnnj Mar 6, 2024
9020b55
Merge pull request #164 from cisagov/improvement/install_atx_header_s…
mcdonnnj Mar 6, 2024
035cf86
Switch pre-commit hooks for running shellcheck
mcdonnnj Feb 27, 2024
e79569c
Merge pull request #168 from cisagov/improvement/switch_pre-commit_ho…
mcdonnnj Mar 6, 2024
b45e9cd
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Mar 6, 2024
26a5154
Use Python version output from setup-env
jsf9k Mar 6, 2024
88b5bc2
Reorder YAML keys to placate ansible-lint
jsf9k Mar 6, 2024
3a41b57
Remove needless Dependabot ignore directive
jsf9k Mar 19, 2024
48ed909
Ensure all actions/setup-python uses are the same version
mcdonnnj Mar 27, 2024
25fbe56
Add new, disabled dependabot ignore directive
mcdonnnj Dec 18, 2023
f46945c
Merge pull request #177 from cisagov/lineage/skeleton
mcdonnnj Mar 27, 2024
680a61f
Merge pull request #173 from cisagov/improvement/use-recent-version-o…
mcdonnnj Mar 27, 2024
fc200bc
Merge pull request #175 from cisagov/improvement/always-use-systemd-e…
mcdonnnj Mar 27, 2024
78cbce3
Merge pull request #180 from cisagov/bugfix/remove-dependabot-ignore-…
mcdonnnj Mar 27, 2024
e86a3bc
Merge pull request #171 from cisagov/improvement/update_dependabot_ig…
mcdonnnj Mar 27, 2024
73cb512
Pin ansible-core to earlier than 2.16.3
jsf9k Mar 10, 2024
097026d
Remove duplicated octothorpe
jsf9k Mar 10, 2024
c61ebc7
Add a Dependabot ignore directive for downstream repository
jsf9k Mar 19, 2024
472b883
Merge pull request #179 from cisagov/bugfix/pin-ansible-core
mcdonnnj Mar 27, 2024
2e055e0
Merge pull request #170 from cisagov/dependabot/github_actions/github…
mcdonnnj Mar 27, 2024
4fe777f
Merge pull request #168 from cisagov/documentation/how-to-install-role
mcdonnnj Mar 27, 2024
508324d
Merge pull request #163 from cisagov/improvement/add-diagnostics-job-…
mcdonnnj Mar 27, 2024
13a4fb2
Merge pull request #165 from cisagov/documentation/no-collections-in-…
mcdonnnj Mar 27, 2024
d7a47a7
Merge pull request #176 from cisagov/improvement/use_full_image_source
mcdonnnj Mar 27, 2024
9949fc8
Add support for Debian Trixie
jsf9k Oct 13, 2023
fb16c79
Use a different image for Debian Bookworm testing
mcdonnnj Mar 27, 2024
c116434
Remove the Fedora 37 platform
jsf9k Jan 30, 2024
7cb7ddf
Add support for Fedora 39
jsf9k Nov 13, 2023
387a5e9
Merge pull request #164 from cisagov/improvement/debian-bookworm-rele…
mcdonnnj Mar 27, 2024
569d377
Merge pull request #166 from cisagov/feature/add-support-for-fedora-39
mcdonnnj Mar 27, 2024
968cd07
Merge pull request #172 from cisagov/improvement/drop-support-for-fed…
mcdonnnj Mar 27, 2024
8849c23
Improve merge queue support in the CodeQL workflow
mcdonnnj Mar 27, 2024
ee9ef83
Use cisagov/setup-env-github-action in the `test` job of the `build` …
mcdonnnj Mar 27, 2024
19b34da
Merge pull request #182 from cisagov/bugfix/better_support_merge_queues
mcdonnnj Mar 27, 2024
c121f6c
Merge pull request #183 from cisagov/bugfix/fix_setup-python_in_test_job
mcdonnnj Mar 27, 2024
9471377
Remove duplicated instance of "ansible-galaxy"
jsf9k Mar 28, 2024
352e49f
Merge pull request #184 from cisagov/documentation/remove-duplication
jsf9k Mar 28, 2024
229467f
Merge remote-tracking branch 'skeleton-ansible-role/develop' into lin…
jsf9k Apr 9, 2024
950618d
Uncomment dependabot ignore directives
jsf9k Apr 9, 2024
d70746e
Update repository reference in README.md
jsf9k Apr 9, 2024
04a8721
Remove Debian Stretch code
jsf9k Apr 9, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,17 @@
# These folks own any files in the .github directory at the root of
# the repository and any of its subdirectories.
/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj

# These folks own all linting configuration files.
/.ansible-lint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.bandit.yml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.flake8 @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.isort.cfg @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.mdl_config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.pre-commit-config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.prettierignore @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.yamllint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements-dev.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements-test.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/setup-env @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
4 changes: 3 additions & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ updates:
- dependency-name: hashicorp/setup-terraform
- dependency-name: mxschmitt/action-tmate
- dependency-name: step-security/harden-runner
# Managed by cisagov/skeleton-ansible-role
- dependency-name: github/codeql-action
package-ecosystem: github-actions
schedule:
interval: weekly
Expand All @@ -27,7 +29,7 @@ updates:
ignore:
# Managed by cisagov/skeleton-ansible-role
- dependency-name: ansible
- dependency-name: ansible-lint
- dependency-name: ansible-core
package-ecosystem: pip
schedule:
interval: weekly
Expand Down
81 changes: 55 additions & 26 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,31 @@
name: build

on:
push:
merge_group:
types:
- checks_requested
pull_request:
push:
repository_dispatch:
types: [apb]
types:
- apb

# Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace,
# nounset, errexit, and pipefail. The `-x` will print all commands as they are
# run. Please see the GitHub Actions documentation for more information:
# https://docs.github.com/en/actions/using-jobs/setting-default-values-for-jobs
defaults:
run:
shell: bash -Eueo pipefail -x {0}

env:
CURL_CACHE_DIR: ~/.cache/curl
PIP_CACHE_DIR: ~/.cache/pip
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
RUN_TMATE: ${{ secrets.RUN_TMATE }}
TERRAFORM_DOCS_REPO_BRANCH_NAME: improvement/support_atx_closed_markdown_headers
TERRAFORM_DOCS_REPO_DEPTH: 1
TERRAFORM_DOCS_REPO_URL: https://github.com/mcdonnnj/terraform-docs.git

jobs:
diagnostics:
Expand All @@ -27,7 +42,7 @@ jobs:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
uses: crazy-max/ghaction-github-status@v4
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
Expand All @@ -45,20 +60,20 @@ jobs:
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.11"
python-version: ${{ steps.setup-env.outputs.python-version }}
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- id: setup-go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
# There is no expectation for actual Go code so we disable caching as
# it relies on the existence of a go.sum file.
cache: false
go-version: "1.20"
- name: Lookup Go cache directory
id: go-cache
go-version: ${{ steps.setup-env.outputs.go-version }}
- id: go-cache
name: Lookup Go cache directory
run: |
echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
Expand All @@ -69,6 +84,10 @@ jobs:
packer${{ steps.setup-env.outputs.packer-version }}-\
tf${{ steps.setup-env.outputs.terraform-version }}-"
with:
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}"
# Note that the .terraform directory IS NOT included in the
# cache because if we were caching, then we would need to use
# the `-upgrade=true` option. This option blindly pulls down the
Expand All @@ -80,10 +99,6 @@ jobs:
${{ env.PRE_COMMIT_CACHE_DIR }}
${{ env.CURL_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Setup curl cache
Expand All @@ -101,34 +116,46 @@ jobs:
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- uses: hashicorp/setup-terraform@v2
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install go-critic
env:
PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic
PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install goimports
env:
PACKAGE_URL: golang.org/x/tools/cmd/goimports
PACKAGE_VERSION: ${{ steps.setup-env.outputs.goimports-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install gosec
env:
PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec
PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install shfmt
env:
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install staticcheck
env:
PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck
PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install Terraform-docs
env:
PACKAGE_URL: github.com/terraform-docs/terraform-docs
PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
# TODO: https://github.com/cisagov/skeleton-generic/issues/165
# We are temporarily using @mcdonnnj's forked branch of terraform-docs
# until his PR: https://github.com/terraform-docs/terraform-docs/pull/745
# is approved. This temporary fix will allow for ATX header support when
# terraform-docs is run during linting.
- name: Clone ATX headers branch from terraform-docs fork
run: |
git clone \
--branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \
--depth $TERRAFORM_DOCS_REPO_DEPTH \
--single-branch \
$TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs
- name: Build and install terraform-docs binary
run: |
go build \
-C /tmp/terraform-docs \
-o $(go env GOPATH)/bin/terraform-docs
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
Expand All @@ -155,11 +182,13 @@ jobs:
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"
python-version: ${{ steps.setup-env.outputs.python-version }}
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
Expand Down
28 changes: 25 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@
name: CodeQL

on:
merge_group:
types:
- checks_requested
push:
# Dependabot triggered push events have read-only access, but uploading code
# scanning requires write access.
Expand All @@ -20,8 +23,27 @@ on:
- cron: '0 2 * * 6'

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
analyze:
name: Analyze
needs:
- diagnostics
runs-on: ubuntu-latest
permissions:
# required for all workflows
Expand All @@ -48,15 +70,15 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}

# Autobuild attempts to build any compiled languages (C/C++, C#, or
# Java). If this step fails, then you should remove it and run the build
# manually (see below).
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -70,4 +92,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
24 changes: 24 additions & 0 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,38 @@ permissions:
contents: read

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
labeler:
needs:
- diagnostics
permissions:
# actions/checkout needs this to fetch code
contents: read
# crazy-max/ghaction-github-labeler needs this to manage repository labels
issues: write
runs-on: ubuntu-latest
steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- name: Sync repository labels
if: success()
Expand Down
Loading
Loading