This repository was archived by the owner on Dec 30, 2025. It is now read-only.
chore(deps): pin dependencies #223
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| env: | |
| REVIEWDOG_LEVEL: warning | |
| REVIEWDOG_REPORTER: github-pr-review | |
| REVIEWDOG_FILTER_MODE: file | |
| REVIEWDOG_FAIL_LEVEL: none | |
| jobs: | |
| changes: | |
| name: File Detection | |
| runs-on: ubuntu-latest | |
| outputs: | |
| docker: ${{ steps.docker_changes.outputs.any_changed }} | |
| shell: ${{ steps.shell_changes.outputs.any_changed }} | |
| workflows: ${{ steps.workflow_changes.outputs.any_changed }} | |
| yaml: ${{ steps.yaml_changes.outputs.any_changed }} | |
| any: ${{ steps.yaml_changes.outputs.any_changed }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check Docker | |
| uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 | |
| id: docker_changes | |
| with: | |
| files: | | |
| **/Containerfile | |
| **/Dockerfile | |
| compose.yaml | |
| docker-compose*.yml | |
| .dockerignore | |
| - name: Check Shell | |
| uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 | |
| id: shell_changes | |
| with: | |
| files: | | |
| **/*.sh | |
| **/*.bash | |
| **/*.zsh | |
| scripts/** | |
| - name: Check Workflows | |
| uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 | |
| id: workflow_changes | |
| with: | |
| files: .github/workflows/** | |
| - name: Check YAML | |
| uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 | |
| id: yaml_changes | |
| with: | |
| files: | | |
| **/*.yml | |
| **/*.yaml | |
| .github/** | |
| - name: Set Outputs | |
| run: | | |
| { | |
| echo "docker=${{ steps.docker_changes.outputs.any_changed }}" | |
| echo "shell=${{ steps.shell_changes.outputs.any_changed }}" | |
| echo "workflows=${{ steps.workflow_changes.outputs.any_changed }}" | |
| echo "yaml=${{ steps.yaml_changes.outputs.any_changed }}" | |
| } >> "$GITHUB_OUTPUT" | |
| # Check if any files changed | |
| if [[ "${{ steps.docker_changes.outputs.any_changed }}" == "true" ]] || \ | |
| [[ "${{ steps.shell_changes.outputs.any_changed }}" == "true" ]] || \ | |
| [[ "${{ steps.workflow_changes.outputs.any_changed }}" == "true" ]] || \ | |
| [[ "${{ steps.yaml_changes.outputs.any_changed }}" == "true" ]]; then | |
| echo "any=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "any=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| shell: | |
| name: Shell | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.shell == 'true' && github.actor != 'renovate[bot]' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| - name: Lint | |
| uses: reviewdog/action-shellcheck@4c07458293ac342d477251099501a718ae5ef86e # v1.32 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| level: ${{ env.REVIEWDOG_LEVEL }} | |
| reporter: ${{ env.REVIEWDOG_REPORTER }} | |
| filter_mode: ${{ env.REVIEWDOG_FILTER_MODE }} | |
| fail_level: ${{ env.REVIEWDOG_FAIL_LEVEL }} | |
| - name: Format | |
| uses: reviewdog/action-shfmt@d8f080930b9be5847b4f97e9f4122b81a82aaeac # v1.0.4 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| level: ${{ env.REVIEWDOG_LEVEL }} | |
| filter_mode: ${{ env.REVIEWDOG_FILTER_MODE }} | |
| shfmt_flags: -i 2 -ci -bn -sr -kp -w -s | |
| workflows: | |
| name: Workflows | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.workflows == 'true' && github.actor != 'renovate[bot]' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| - name: Validate | |
| uses: reviewdog/action-actionlint@f00ad0691526c10be4021a91b2510f0a769b14d0 # v1.68.0 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| level: ${{ env.REVIEWDOG_LEVEL }} | |
| reporter: ${{ env.REVIEWDOG_REPORTER }} | |
| filter_mode: ${{ env.REVIEWDOG_FILTER_MODE }} | |
| fail_level: ${{ env.REVIEWDOG_FAIL_LEVEL }} | |
| docker: | |
| name: Docker | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.docker == 'true' && github.actor != 'renovate[bot]' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| - name: Lint | |
| uses: reviewdog/action-hadolint@fc7ee4a9f71e521bc43e370819247b70e5327540 # v1.50.2 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| level: ${{ env.REVIEWDOG_LEVEL }} | |
| reporter: ${{ env.REVIEWDOG_REPORTER }} | |
| filter_mode: ${{ env.REVIEWDOG_FILTER_MODE }} | |
| fail_level: ${{ env.REVIEWDOG_FAIL_LEVEL }} | |
| hadolint_ignore: DL3008 DL3009 DL3007 | |
| hadolint_flags: '--format json' | |
| yaml: | |
| name: YAML | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.yaml == 'true' && github.actor != 'renovate[bot]' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| - name: Lint | |
| uses: reviewdog/action-yamllint@f01d8a48fd8d89f89895499fca2cff09f9e9e8c0 # v1.21.0 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| level: ${{ env.REVIEWDOG_LEVEL }} | |
| reporter: ${{ env.REVIEWDOG_REPORTER }} | |
| filter_mode: ${{ env.REVIEWDOG_FILTER_MODE }} | |
| fail_level: ${{ env.REVIEWDOG_FAIL_LEVEL }} | |
| compose: | |
| name: Docker Compose | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: needs.changes.outputs.docker == 'true' && github.actor != 'renovate[bot]' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| - name: Lint | |
| uses: docker-compose-linter/dclint-github-action/reviewdog-action@18659f6a7956706cb67cf9c1ad5e55f4352cbc17 # v1.6.0 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| tool_name: dclint | |
| reporter: ${{ env.REVIEWDOG_REPORTER }} | |
| filter_mode: ${{ env.REVIEWDOG_FILTER_MODE }} | |
| fail_level: ${{ env.REVIEWDOG_FAIL_LEVEL }} | |
| level: ${{ env.REVIEWDOG_LEVEL }} | |
| dclint_flags: '.' | |
| security: | |
| name: Security | |
| runs-on: ubuntu-latest | |
| needs: [changes] | |
| if: always() && github.actor != 'renovate[bot]' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| - name: Scan | |
| uses: reviewdog/action-gitleaks@2b7b5685e3e3eecddab5d30cfa04f18123031421 # v1.8 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| level: error | |
| reporter: ${{ env.REVIEWDOG_REPORTER }} | |
| filter_mode: ${{ env.REVIEWDOG_FILTER_MODE }} | |
| fail_level: ${{ env.REVIEWDOG_FAIL_LEVEL }} | |
| gitleaks_flags: --verbose |