-
Notifications
You must be signed in to change notification settings - Fork 0
50 lines (44 loc) · 1.42 KB
/
check-github-actions.yml
File metadata and controls
50 lines (44 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: check github actions
on:
workflow_call:
inputs:
zizmor_persona:
type: string
default: "regular"
jobs:
lint_actionlint:
name: lint workflows with actionlint
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
persist-credentials: false
- name: Lint GitHub Actions workflow files
uses: raven-actions/actionlint@205b530c5d9fa8f44ae9ed59f341a0db994aa6f8
with:
group-result: false
lint_zizmor:
name: lint workflows with zizmor
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
persist-credentials: false
- name: Validate zizmor persona
env:
INPUTS_ZIZMOR_PERSONA: ${{ inputs.zizmor_persona }}
run: |
case "${INPUTS_ZIZMOR_PERSONA}" in
regular|pedantic|auditor) ;;
*)
echo "::error::Invalid zizmor_persona '${INPUTS_ZIZMOR_PERSONA}' (expected regular, pedantic, or auditor)."
exit 1
;;
esac
- name: Lint GitHub Actions workflow files
uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0
with:
advanced-security: false
persona: ${{ inputs.zizmor_persona }}