Merge pull request #783 from Homebrew/sync-shared-config

p-linnane · web-flow · commit 52f4a4df3520 · 2025-06-13T07:58:36.000-07:00
diff --git a/.github/codeql/extensions/homebrew-actions.yml b/.github/codeql/extensions/homebrew-actions.yml
@@ -1,3 +1,4 @@
+# This file is synced from the `.github` repository, do not modify it directly.
 extensions:
   - addsTo:
       pack: codeql/actions-all
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -6,7 +6,14 @@ on:
     branches:
       - main
       - master
+    paths:
+      - '.github/workflows/*.ya?ml'
+      - 'Formula/a/actionlint.rb'
+      - 'Formula/s/shellcheck.rb'
+      - 'Formula/z/zizmor.rb'
   pull_request:
+    paths:
+      - '.github/workflows/*.ya?ml'
 
 defaults:
   run:
@@ -32,7 +39,7 @@ jobs:
     steps:
       - name: Set up Homebrew
         id: setup-homebrew
-        uses: Homebrew/actions/setup-homebrew@master
+        uses: Homebrew/actions/setup-homebrew@main
         with:
           core: false
           cask: false
@@ -56,7 +63,15 @@ jobs:
           path: results.sarif
 
       - name: Set up actionlint
-        run: echo "::add-matcher::$(brew --repository)/.github/actionlint-matcher.json"
+        run: |
+          # In homebrew-core, setting `shell: /bin/bash` prevents shellcheck from running on
+          # those steps, so let's change them to `shell: bash` temporarily for better linting.
+          sed -i 's|shell: /bin/bash -x|shell: bash -x|' .github/workflows/*.y*ml
+
+          # In homebrew-core, the JSON matcher needs to be accessible to the container host.
+          cp "$(brew --repository)/.github/actionlint-matcher.json" "$HOME"
+
+          echo "::add-matcher::$HOME/actionlint-matcher.json"
 
       - run: actionlint
 
@@ -81,7 +96,7 @@ jobs:
           path: results.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
         with:
           sarif_file: results.sarif
           category: zizmor
diff --git a/.github/zizmor.yml b/.github/zizmor.yml
@@ -1,3 +1,4 @@
+# This file is synced from the `.github` repository, do not modify it directly.
 rules:
   unpinned-uses:
     config:

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	+# This file is synced from the `.github` repository, do not modify it directly.
`1`	`2`	`extensions:`
`2`	`3`	`- addsTo:`
`3`	`4`	`pack: codeql/actions-all`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	+# This file is synced from the `.github` repository, do not modify it directly.
`1`	`2`	`rules:`
`2`	`3`	`unpinned-uses:`
`3`	`4`	`config:`