Skip to content

Commit

Permalink
Merge remote-tracking branch 'skeleton-generic/develop' into lineage/…
Browse files Browse the repository at this point in the history
…skeleton
  • Loading branch information
jsf9k committed Oct 30, 2024
2 parents 0776cee + f517db7 commit ceca1cb
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 22 deletions.
1 change: 1 addition & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ updates:
- dependency-name: crazy-max/ghaction-dump-context
- dependency-name: crazy-max/ghaction-github-labeler
- dependency-name: crazy-max/ghaction-github-status
# - dependency-name: GitHubSecurityLab/actions-permissions
- dependency-name: hashicorp/setup-terraform
- dependency-name: mxschmitt/action-tmate
- dependency-name: step-security/harden-runner
Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,18 @@ env:
jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand All @@ -48,8 +56,15 @@ jobs:
lint:
needs:
- diagnostics
permissions:
# actions/checkout needs this to fetch code
contents: read
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand Down
17 changes: 15 additions & 2 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,28 @@ name: sync-labels
on:
push:
paths:
- '.github/labels.yml'
- '.github/workflows/sync-labels.yml'
- .github/labels.yml
- .github/workflows/sync-labels.yml
workflow_dispatch:

permissions:
contents: read

jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand All @@ -38,6 +47,10 @@ jobs:
issues: write
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand Down
44 changes: 24 additions & 20 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,19 @@ repos:
- id: check-useless-excludes

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
rev: v5.0.0
hooks:
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-json
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: check-toml
- id: check-vcs-permalinks
- id: check-xml
- id: debug-statements
- id: destroyed-symlinks
- id: detect-aws-credentials
args:
- --allow-missing-credentials
Expand Down Expand Up @@ -53,40 +57,40 @@ repos:

# GitHub Actions hooks
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.29.2
rev: 0.29.4
hooks:
- id: check-github-actions
- id: check-github-workflows

# pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit
rev: v3.8.0
rev: v4.0.1
hooks:
- id: validate_manifest

# Go hooks
- repo: https://github.com/TekWizely/pre-commit-golang
rev: v1.0.0-rc.1
hooks:
# Style Checkers
- id: go-critic
# StaticCheck
- id: go-staticcheck-repo-mod
# Go Build
- id: go-build-repo-mod
# Style Checkers
- id: go-critic
# goimports
- id: go-imports-repo
args:
# Write changes to files
- -w
# Go Mod Tidy
- id: go-mod-tidy-repo
# GoSec
- id: go-sec-repo-mod
# StaticCheck
- id: go-staticcheck-repo-mod
# Go Test
- id: go-test-repo-mod
# Go Vet
- id: go-vet-repo-mod
# GoSec
- id: go-sec-repo-mod
# goimports
- id: go-imports-repo
args:
# Write changes to files
- -w
# Nix hooks
- repo: https://github.com/nix-community/nixpkgs-fmt
rev: v1.3.0
Expand All @@ -95,7 +99,7 @@ repos:

# Shell script hooks
- repo: https://github.com/scop/pre-commit-shfmt
rev: v3.9.0-1
rev: v3.10.0-1
hooks:
- id: shfmt
args:
Expand Down Expand Up @@ -126,7 +130,7 @@ repos:
args:
- --config=.bandit.yml
- repo: https://github.com/psf/black-pre-commit-mirror
rev: 24.8.0
rev: 24.10.0
hooks:
- id: black
- repo: https://github.com/PyCQA/flake8
Expand All @@ -140,7 +144,7 @@ repos:
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.11.2
rev: v1.13.0
hooks:
- id: mypy
- repo: https://github.com/pypa/pip-audit
Expand All @@ -156,7 +160,7 @@ repos:
- --requirement
- requirements.txt
- repo: https://github.com/asottile/pyupgrade
rev: v3.17.0
rev: v3.19.0
hooks:
- id: pyupgrade

Expand Down Expand Up @@ -200,7 +204,7 @@ repos:

# Packer hooks
- repo: https://github.com/cisagov/pre-commit-packer
rev: v0.1.0
rev: v0.3.0
hooks:
- id: packer_validate
- id: packer_fmt
- id: packer_validate

0 comments on commit ceca1cb

Please sign in to comment.