google-github-actions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 0 additions & 1 deletion b/‎.github/dependabot.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/workflows/draft-release.yml‎
Lines changed: 2 additions & 3 deletions b/‎.github/workflows/draft-release.yml‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎.github/workflows/gemini-issue-automated-triage.yml‎
Lines changed: 23 additions & 15 deletions b/‎.github/workflows/gemini-issue-automated-triage.yml‎
Lines changed: 23 additions & 15 deletions
diff --git a/‎.github/workflows/gemini-issue-scheduled-triage.yml‎
Lines changed: 26 additions & 15 deletions b/‎.github/workflows/gemini-issue-scheduled-triage.yml‎
Lines changed: 26 additions & 15 deletions
diff --git a/‎.github/workflows/gemini-pr-review.yml‎
Lines changed: 40 additions & 31 deletions b/‎.github/workflows/gemini-pr-review.yml‎
Lines changed: 40 additions & 31 deletions
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 3 additions & 4 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 2 additions & 3 deletions b/‎.github/workflows/release.yml‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 7 additions & 13 deletions b/‎.github/workflows/test.yml‎
Lines changed: 7 additions & 13 deletions
@@ -1,4 +1,3 @@
----
 version: 2
 updates:
   - package-ecosystem: 'npm'
 
@@ -1,7 +1,6 @@
----
 name: 'Draft release'
 
-on:  # yamllint disable-line rule:truthy
+on:
   workflow_dispatch:
     inputs:
       version_strategy:
@@ -20,7 +19,7 @@ permissions:
 
 jobs:
   draft-release:
-    uses: 'google-github-actions/.github/.github/workflows/draft-release.yml@v3'  # ratchet:exclude
+    uses: 'google-github-actions/.github/.github/workflows/draft-release.yml@v3' # ratchet:exclude
     with:
       version_strategy: '${{ github.event.inputs.version_strategy }}'
     secrets:
 
@@ -1,31 +1,39 @@
----
 name: '🏷️ Gemini Automated Issue Triage'
-on:  # yamllint disable-line rule:truthy
+
+on:
   issues:
     types:
       - 'opened'
       - 'reopened'
 
+concurrency:
+  group: '${{ github.workflow }}-${{ github.event.issue.number }}'
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: 'bash'
+
+permissions:
+  contents: 'read'
+  id-token: 'write'
+  issues: 'write'
+  statuses: 'write'
+
 jobs:
   triage-issue:
     timeout-minutes: 5
-    permissions:
-      issues: 'write'
-      contents: 'read'
-      id-token: 'write'
-    concurrency:
-      group: '${{ github.workflow }}-${{ github.event.issue.number }}'
-      # yamllint disable-line rule:truthy
-      cancel-in-progress: true
     runs-on: 'ubuntu-latest'
+
     steps:
       - name: 'Checkout repository'
-        uses: 'actions/checkout@v4'
+        uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
 
       - name: 'Generate GitHub App Token'
         id: 'generate_token'
-        if: ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@v1'
+        if: |-
+          ${{ vars.APP_ID }}
+        uses: 'actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e' # ratchet:actions/create-github-app-token@v2
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -43,7 +51,7 @@ jobs:
           OTLP_GCP_WIF_PROVIDER: '${{ vars.OTLP_GCP_WIF_PROVIDER }}'
           GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}'
         with:
-          settings_json: |
+          settings_json: |-
             {
               "coreTools": [
                 "run_shell_command(gh label list)",
@@ -55,7 +63,7 @@ jobs:
               },
               "sandbox": false
             }
-          prompt: |
+          prompt: |-
             ## Role
 
             You are an issue triage assistant. Analyze the current GitHub issue
 
@@ -1,27 +1,38 @@
----
 name: '📋 Gemini Scheduled Issue Triage'
 
-on:  # yamllint disable-line rule:truthy
+on:
   schedule:
-    - cron: '0 * * * *'  # Runs every hour
+    - cron: '0 * * * *' # Runs every hour
   workflow_dispatch:
 
+concurrency:
+  group: '${{ github.workflow }}'
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: 'bash'
+
+permissions:
+  contents: 'read'
+  id-token: 'write'
+  issues: 'write'
+  statuses: 'write'
+
 jobs:
   triage-issues:
     timeout-minutes: 10
     runs-on: 'ubuntu-latest'
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-      issues: 'write'
+
     steps:
       - name: 'Checkout repository'
-        uses: 'actions/checkout@v4'
+        uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
 
       - name: 'Generate GitHub App Token'
         id: 'generate_token'
-        if: ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@v1'
+        if: |-
+          ${{ vars.APP_ID }}
+        uses: 'actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e' # ratchet:actions/create-github-app-token@v2
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -32,8 +43,7 @@ jobs:
           GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
           GITHUB_REPOSITORY: '${{ github.repository }}'
           GITHUB_OUTPUT: '${{ github.output }}'
-        shell: bash
-        run: |
+        run: |-
           set -euo pipefail
 
           echo '🔍 Finding issues without labels...'
@@ -54,7 +64,8 @@ jobs:
           echo "✅ Found ${ISSUE_COUNT} issues to triage! 🎯"
 
       - name: 'Run Gemini Issue Triage'
-        if: steps.find_issues.outputs.issues_to_triage != '[]'
+        if: |-
+          ${{ steps.find_issues.outputs.issues_to_triage != '[]' }}
         uses: './'
         env:
           GITHUB_TOKEN: '${{ steps.generate_token.outputs.token }}'
@@ -65,7 +76,7 @@ jobs:
           OTLP_GCP_WIF_PROVIDER: '${{ vars.OTLP_GCP_WIF_PROVIDER }}'
           GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}'
         with:
-          settings_json: |
+          settings_json: |-
             {
               "coreTools": [
                 "run_shell_command(echo)",
@@ -79,7 +90,7 @@ jobs:
               },
               "sandbox": false
             }
-          prompt: |
+          prompt: |-
             ## Role
 
             You are an issue triage assistant. Analyze issues and apply
 
@@ -1,7 +1,6 @@
----
 name: '🧐 Gemini Pull Request Review'
 
-on:  # yamllint disable-line rule:truthy
+on:
   pull_request:
     types:
       - 'opened'
@@ -18,9 +17,24 @@ on:  # yamllint disable-line rule:truthy
         required: true
         type: 'number'
 
+concurrency:
+  group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: 'bash'
+
+permissions:
+  contents: 'read'
+  id-token: 'write'
+  issues: 'write'
+  pull-requests: 'write'
+  statuses: 'write'
+
 jobs:
   review-pr:
-    if: >
+    if: |-
       github.event_name == 'workflow_dispatch' ||
       (github.event_name == 'pull_request' && github.event.action == 'opened') ||
       (github.event_name == 'issue_comment' && github.event.issue.pull_request &&
@@ -49,35 +63,30 @@ jobs:
       )
     timeout-minutes: 15
     runs-on: 'ubuntu-latest'
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-      pull-requests: 'write'
-      issues: 'write'
+
     steps:
       - name: 'Checkout PR code'
-        uses: 'actions/checkout@v4'
-        with:
-          fetch-depth: 0
+        uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
 
       - name: 'Generate GitHub App Token'
         id: 'generate_token'
-        if: ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@v1'
+        if: |-
+          ${{ vars.APP_ID }}
+        uses: 'actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e' # ratchet:actions/create-github-app-token@v2
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
 
       - name: 'Get PR details (pull_request & workflow_dispatch)'
         id: 'get_pr'
-        if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
+        if: |-
+          ${{ github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' }}
         env:
           GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
-          EVENT_NAME: "${{ github.event_name }}"
-          WORKFLOW_PR_NUMBER: "${{ github.event.inputs.pr_number }}"
-          PULL_REQUEST_NUMBER: "${{ github.event.pull_request.number }}"
-        shell: bash
-        run: |
+          EVENT_NAME: '${{ github.event_name }}'
+          WORKFLOW_PR_NUMBER: '${{ github.event.inputs.pr_number }}'
+          PULL_REQUEST_NUMBER: '${{ github.event.pull_request.number }}'
+        run: |-
           set -euo pipefail
 
           if [[ "${EVENT_NAME}" = "workflow_dispatch" ]]; then
@@ -103,13 +112,13 @@ jobs:
 
       - name: 'Get PR details (issue_comment)'
         id: 'get_pr_comment'
-        if: github.event_name == 'issue_comment'
+        if: |-
+          ${{ github.event_name == 'issue_comment' }}
         env:
           GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
-          COMMENT_BODY: "${{ github.event.comment.body }}"
-          PR_NUMBER: "${{ github.event.issue.number }}"
-        shell: bash
-        run: |
+          COMMENT_BODY: '${{ github.event.comment.body }}'
+          PR_NUMBER: '${{ github.event.issue.number }}'
+        run: |-
           set -euo pipefail
 
           echo "pr_number=${PR_NUMBER}" >> "${GITHUB_OUTPUT}"
@@ -136,17 +145,17 @@ jobs:
         uses: './'
         env:
           GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
-          PR_NUMBER: "${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number }}"
-          PR_DATA: "${{ steps.get_pr.outputs.pr_data || steps.get_pr_comment.outputs.pr_data }}"
-          CHANGED_FILES: "${{ steps.get_pr.outputs.changed_files || steps.get_pr_comment.outputs.changed_files }}"
-          ADDITIONAL_INSTRUCTIONS: "${{ steps.get_pr.outputs.additional_instructions || steps.get_pr_comment.outputs.additional_instructions }}"
-          REPOSITORY: "${{ github.repository }}"
+          PR_NUMBER: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number }}'
+          PR_DATA: '${{ steps.get_pr.outputs.pr_data || steps.get_pr_comment.outputs.pr_data }}'
+          CHANGED_FILES: '${{ steps.get_pr.outputs.changed_files || steps.get_pr_comment.outputs.changed_files }}'
+          ADDITIONAL_INSTRUCTIONS: '${{ steps.get_pr.outputs.additional_instructions || steps.get_pr_comment.outputs.additional_instructions }}'
+          REPOSITORY: '${{ github.repository }}'
           GEMINI_CLI_VERSION: '${{ vars.GEMINI_CLI_VERSION }}'
           OTLP_GOOGLE_CLOUD_PROJECT: '${{ vars.OTLP_GOOGLE_CLOUD_PROJECT }}'
           OTLP_GCP_WIF_PROVIDER: '${{ vars.OTLP_GCP_WIF_PROVIDER }}'
           GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}'
         with:
-          settings_json: |
+          settings_json: |-
             {
               "coreTools": [
                 "run_shell_command(echo)",
@@ -165,7 +174,7 @@ jobs:
               },
               "sandbox": false
             }
-          prompt: |
+          prompt: |-
             ## Role
 
             You are an expert code reviewer. You have access to tools to gather
 
@@ -1,7 +1,6 @@
----
 name: 'Publish immutable action version'
 
-on:  # yamllint disable-line rule:truthy
+on:
   workflow_dispatch:
   release:
     types:
@@ -18,10 +17,10 @@ jobs:
 
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683'  # ratchet:actions/checkout@v4
+        uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
 
       - name: 'Publish'
         id: 'publish'
-        uses: 'actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978'  # ratchet:actions/[email protected]
+        uses: 'actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978' # ratchet:actions/[email protected]
         with:
           github-token: '${{ secrets.GITHUB_TOKEN }}'
@@ -1,7 +1,6 @@
----
 name: 'Release'
 
-on:  # yamllint disable-line rule:truthy
+on:
   push:
     branches:
       - 'main'
@@ -13,6 +12,6 @@ permissions:
 
 jobs:
   release:
-    uses: 'google-github-actions/.github/.github/workflows/release.yml@v3'  # ratchet:exclude
+    uses: 'google-github-actions/.github/.github/workflows/release.yml@v3' # ratchet:exclude
     secrets:
       ACTIONS_BOT_TOKEN: '${{ secrets.ACTIONS_BOT_TOKEN }}'
@@ -1,7 +1,6 @@
----
 name: 'Test'
 
-on:  # yamllint disable-line rule:truthy
+on:
   push:
     branches:
       - 'main'
@@ -14,7 +13,7 @@ on:  # yamllint disable-line rule:truthy
 
 concurrency:
   group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
-  cancel-in-progress: true  # yamllint disable-line rule:truthy
+  cancel-in-progress: true
 
 defaults:
   run:
@@ -25,16 +24,11 @@ permissions:
   statuses: 'write'
 
 jobs:
-  yamllint:
-    name: 'yamllint'
+  test:
     runs-on: 'ubuntu-latest'
-    permissions:
-      contents: 'read'
-      id-token: 'write'
 
     steps:
-      - name: 'Checkout repository'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # ratchet:actions/checkout@v4
-      - name: Validate all YAML files
-        run: |
-          yamllint . --format github
+      - name: 'Lint YAML'
+        uses: 'abcxyz/actions/.github/actions/lint-yaml@48bf3573880bcd307661522345bbe419115c3d4b' # ratchet:abcxyz/actions/.github/actions/lint-yaml@main
+        with:
+          yamllint_url: 'https://raw.githubusercontent.com/google-github-actions/.github/main/.yamllint.yml'
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`----`
`2`	`1`	`version: 2`
`3`	`2`	`updates:`
`4`	`3`	`- package-ecosystem: 'npm'`