diff --git a/.github/workflows/__test-action-matrix-outputs.yml b/.github/workflows/__test-action-matrix-outputs.yml index 90e788bc..3b2f8df6 100644 --- a/.github/workflows/__test-action-matrix-outputs.yml +++ b/.github/workflows/__test-action-matrix-outputs.yml @@ -17,6 +17,8 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - id: set-matrix-output uses: ./actions/set-matrix-output @@ -30,10 +32,12 @@ jobs: run: | EXPECTED_ARTIFACT_NAME="$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER-test-matrix-outputs-${{ matrix.os }}" - if [ "${{ steps.set-matrix-output.outputs.artifact-name }}" != "$EXPECTED_ARTIFACT_NAME" ]; then + if [ "${STEPS_SET_MATRIX_OUTPUT_OUTPUTS_ARTIFACT_NAME}" != "$EXPECTED_ARTIFACT_NAME" ]; then echo "Set matrix output 1 result is not valid" exit 1 fi + env: + STEPS_SET_MATRIX_OUTPUT_OUTPUTS_ARTIFACT_NAME: ${{ steps.set-matrix-output.outputs.artifact-name }} tests-2: name: Arrange - Set empty output @@ -45,6 +49,8 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - uses: ./actions/set-matrix-output with: @@ -61,6 +67,8 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - uses: ./actions/set-matrix-output with: @@ -79,6 +87,8 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - id: get-matrix-outputs uses: ./actions/get-matrix-outputs @@ -88,8 +98,6 @@ jobs: - name: Check matrix outputs shell: bash run: | - OUTPUT_RESULT='${{ steps.get-matrix-outputs.outputs.result }}' - # Output result must be a json array of 2 entries if [ "$(echo "$OUTPUT_RESULT" | jq -e '. | length')" != "2" ]; then echo "Get matrix outputs result is not valid" @@ -101,6 +109,8 @@ jobs: echo "Get matrix outputs result is not valid" exit 1 fi + env: + OUTPUT_RESULT: ${{ steps.get-matrix-outputs.outputs.result }} - name: Check artifacts have been deleted shell: bash diff --git a/.github/workflows/__test-action-repository-owner-is-organization.yml b/.github/workflows/__test-action-repository-owner-is-organization.yml index 88233ac8..4ba99efe 100644 --- a/.github/workflows/__test-action-repository-owner-is-organization.yml +++ b/.github/workflows/__test-action-repository-owner-is-organization.yml @@ -12,13 +12,17 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - id: repository-owner-is-organization uses: ./actions/repository-owner-is-organization - name: Check repository-owner-is-organization outputs run: | - if [ "${{ steps.repository-owner-is-organization.outputs.is-organization }}" != 'true' ]; then + if [ "${STEPS_REPOSITORY_OWNER_IS_ORGANIZATION_OUTPUTS_IS_ORGANIZATION}" != 'true' ]; then echo "repository-owner-is-organization outputs result is not valid" exit 1 fi + env: + STEPS_REPOSITORY_OWNER_IS_ORGANIZATION_OUTPUTS_IS_ORGANIZATION: ${{ steps.repository-owner-is-organization.outputs.is-organization }} diff --git a/.github/workflows/__test-action-slugify.yml b/.github/workflows/__test-action-slugify.yml index dc9fe844..0c10f421 100644 --- a/.github/workflows/__test-action-slugify.yml +++ b/.github/workflows/__test-action-slugify.yml @@ -12,6 +12,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - id: slugify uses: ./actions/slugify @@ -20,7 +22,9 @@ jobs: - name: Check slugify outputs run: | - if [ "${{ steps.slugify.outputs.result }}" != 'test-content' ]; then + if [ "${STEPS_SLUGIFY_OUTPUTS_RESULT}" != 'test-content' ]; then echo "Slugify outputs result is not valid" exit 1 fi + env: + STEPS_SLUGIFY_OUTPUTS_RESULT: ${{ steps.slugify.outputs.result }} diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 6570b966..6fa28de1 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -67,24 +67,23 @@ jobs: if: inputs.lint-all && github.ref_name != github.event.repository.default_branch with: ref: "${{ github.event.repository.default_branch }}" + persist-credentials: false - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: "${{ inputs.lint-all && 1 || 0 }}" + persist-credentials: false - if: ${{ inputs.linter-env }} + env: + LINTER_ENV: ${{ inputs.linter-env }} run: | - LINTER_ENV=$(cat <> "$GITHUB_ENV" done - # FIXME: superlinter should auto iunstall required dependencies. See https://github.com/super-linter/super-linter/issues/6089. + # FIXME: superlinter should auto install required dependencies. See https://github.com/super-linter/super-linter/issues/6089. - id: has-prettier-plugins uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: @@ -99,7 +98,7 @@ jobs: return; } } - - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@1d00c9eb280acbee5df4b4a2087f786e66b13d87 # 0.14.1 + - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@4b87508052fc8b08a44a5d2d7d5f0636deb6ea3e # 0.15.0 if: ${{ steps.has-prettier-plugins.outputs.package-json-dir }} with: working-directory: ${{ steps.has-prettier-plugins.outputs.package-json-dir }} @@ -126,12 +125,14 @@ jobs: language: ${{ fromJSON(inputs.codeql-languages) }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - - uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7 + - uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 with: languages: ${{ matrix.language }} - - uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7 + - uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 with: category: "/language:${{matrix.language}}" @@ -143,6 +144,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: "${{ inputs.lint-all && 1 || 0 }}" + persist-credentials: false - id: changed-files uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0 @@ -153,18 +155,21 @@ jobs: - id: get-files-to-lint uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + CHANGED_FILES: ${{ toJSON(steps.changed-files.outputs.all_changed_and_modified_files) }}; + ACTION_FILES_INPUT: ${{ toJSON(inputs.action-files) }} with: script: | const fs = require("node:fs"); const path = require("node:path"); - const changedFiles = ${{ toJSON(steps.changed-files.outputs.all_changed_and_modified_files) }}; + const changedFiles = process.env.CHANGED_FILES; let actionFiles = []; if (changedFiles !== null) { actionFiles = changedFiles.split(" ").filter(file => file && fs.existsSync(file)); } else { - const actionFilesInput = ${{ toJson(inputs.action-files) }}; + const actionFilesInput = process.env.ACTION_FILES_INPUT; for (const actionFile of actionFilesInput.split("\n")) { let sanitizedActionFile = actionFile.trim(); diff --git a/.github/workflows/need-fix-to-issue.yml b/.github/workflows/need-fix-to-issue.yml index 93f84347..2d48a246 100644 --- a/.github/workflows/need-fix-to-issue.yml +++ b/.github/workflows/need-fix-to-issue.yml @@ -43,6 +43,8 @@ jobs: runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }} steps: - uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0 + with: + persist-credentials: false - name: "TODO to Issue" uses: "alstr/todo-to-issue-action@c45b007d85c8edf3365b139a9d4c65793e7c674f" # v5.1.13 diff --git a/Makefile b/Makefile index 02bf7455..ee5a0f68 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,9 @@ lint-fix: ## Execute linting and fix -e FIX_YAML_PRETTIER=true \ -e FIX_MARKDOWN=true \ -e FIX_MARKDOWN_PRETTIER=true \ - -e FIX_NATURAL_LANGUAGE=true) + -e FIX_NATURAL_LANGUAGE=true \ + -e FIX_SHELL_SHFMT=true \ + ) define run_linter DEFAULT_WORKSPACE="$(CURDIR)"; \