From 1e1746148a93d2cf2e168d64ad999169be4ea4dd Mon Sep 17 00:00:00 2001 From: tarappo Date: Sat, 15 Mar 2025 16:51:48 +0900 Subject: [PATCH 1/4] =?UTF-8?q?actionlint=E5=91=A8=E3=82=8A=E3=81=AE?= =?UTF-8?q?=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/actionlint.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/actionlint.yml diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml new file mode 100644 index 0000000..b766633 --- /dev/null +++ b/.github/workflows/actionlint.yml @@ -0,0 +1,30 @@ +name: Lint GitHub Actions Workflows + +on: + pull_request: + paths: + - '.github/workflows/*.yml' + - '.github/workflows/*.yaml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: write-all + +jobs: + lint: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: run actionlint + uses: reviewdog/action-actionlint@db58217885f9a6570da9c71be4e40ec33fe44a1f # v1.65.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + reporter: github-pr-review + - name: run pinact-actions + uses: suzuki-shunsuke/pinact-action@d735505f3decf76fca3fdbb4c952e5b3eba0ffdd # v0.1.2 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} From aa9638f15c8826b72de3efd5bede15ff284035ea Mon Sep 17 00:00:00 2001 From: tarappo Date: Sat, 15 Mar 2025 17:07:16 +0900 Subject: [PATCH 2/4] =?UTF-8?q?GitHub=20App=E3=82=92=E5=88=A9=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/actionlint.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index b766633..52c8339 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -19,6 +19,12 @@ jobs: steps: - name: checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Generate GitHub App Token + uses: tibdex/github-app-token@v2 + id: generate-token + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} - name: run actionlint uses: reviewdog/action-actionlint@db58217885f9a6570da9c71be4e40ec33fe44a1f # v1.65.0 with: @@ -27,4 +33,4 @@ jobs: - name: run pinact-actions uses: suzuki-shunsuke/pinact-action@d735505f3decf76fca3fdbb4c952e5b3eba0ffdd # v0.1.2 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ steps.generate-token.outputs.token }} From 87cd2a18a5b4a8a6bb6bcdaeb4313ad5312fb9d1 Mon Sep 17 00:00:00 2001 From: "tarappo-app[bot]" <203399748+tarappo-app[bot]@users.noreply.github.com> Date: Sat, 15 Mar 2025 08:15:40 +0000 Subject: [PATCH 3/4] chore(pinact): pin GitHub Actions --- .github/workflows/actionlint.yml | 2 +- .github/workflows/merge.yml | 4 ++-- .github/workflows/pull_request.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 52c8339..56ddd02 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -20,7 +20,7 @@ jobs: - name: checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Generate GitHub App Token - uses: tibdex/github-app-token@v2 + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 id: generate-token with: app_id: ${{ secrets.APP_ID }} diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index e6bd179..d4069da 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -12,9 +12,9 @@ jobs: all_tests: runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Cache bundle directory - uses: actions/cache@v4 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: vendor/bundle key: ${{ runner.os }}-gem-${{ hashFiles('**/Gemfile.lock') }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 6828f27..811b2be 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -11,9 +11,9 @@ jobs: main_tests: runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Cache bundle directory - uses: actions/cache@v4 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: vendor/bundle key: ${{ runner.os }}-gem-${{ hashFiles('**/Gemfile.lock') }} From 5c7a544b6819f138e51309d6393e5d01327b983e Mon Sep 17 00:00:00 2001 From: tarappo Date: Sat, 15 Mar 2025 17:18:04 +0900 Subject: [PATCH 4/4] Update .github/workflows/actionlint.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/actionlint.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 56ddd02..b86f6d6 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -10,8 +10,11 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -permissions: write-all - +permissions: + contents: read + pull-requests: write + checks: write + actions: write jobs: lint: runs-on: ubuntu-latest