Advanced Query Processing Architecture #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow depends on the ./actionlint-format.txt file. It is MIT licensed (thanks, rhysd!): https://github.com/rhysd/actionlint/blob/2ab3a12c7848f6c15faca9a92612ef4261d0e370/testdata/format/sarif_template.txt | |
| name: Actionlint | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| permissions: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} | |
| jobs: | |
| run-actionlint: | |
| name: Lint GitHub Actions files | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # to check out the code | |
| actions: read # to read the workflow files | |
| security-events: write # for uploading the SARIF report | |
| env: | |
| ACTIONLINT_VERSION: 1.7.7 | |
| # curl -LXGET https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_checksums.txt | grep linux_amd64 | |
| CHECKSUM: 023070a287cd8cccd71515fedc843f1985bf96c436b7effaecce67290e7e0757 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| persist-credentials: false | |
| # GitHub Actions only runs x86_64. This will break if that assumption changes. | |
| - name: Download Actionlint | |
| run: | | |
| set -euo pipefail | |
| curl -OLXGET https://github.com/rhysd/actionlint/releases/download/v"${ACTIONLINT_VERSION}"/actionlint_"${ACTIONLINT_VERSION}"_linux_amd64.tar.gz | |
| echo "${CHECKSUM} actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" | sha256sum -c - | |
| tar xzf actionlint_"${ACTIONLINT_VERSION}"_linux_amd64.tar.gz | |
| test -f actionlint | |
| chmod +x actionlint | |
| - name: Run Actionlint | |
| run: ./actionlint -format "$(cat .github/workflows/actionlint-format.txt)" | tee results.sarif | |
| - name: Upload to GitHub security events | |
| if: success() || failure() | |
| # If there are security problems, GitHub will automatically comment on the PR for us. | |
| uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 | |
| with: | |
| sarif_file: results.sarif | |
| category: actionlint |