Merge pull request #1 from github/general-updates

General Updates

Author: GrantBirki

.github/workflows/acceptance.yml

@@ -17,7 +17,7 @@ jobs:
       has_change: ${{ steps.diff.outputs.has_change}}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
       - id: fetch-base
         if: github.event_name == 'pull_request'
@@ -45,7 +45,7 @@ jobs:
 
             # If the diff file is not empty, it has changes.
             [ -s diff.txt ] && echo "::set-output name=has_change::true" || echo "::set-output name=has_change::false"
-  
+
       - name: set has_change to true for push to main/master
         if: github.event_name == 'push'
         run: echo "::set-output name=has_change::true"
@@ -67,11 +67,11 @@ jobs:
 
       - name: Check out code
         if: ${{ needs.changes.outputs.has_change == 'true' }}
-        uses: actions/checkout@v2
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
       # Use Docker layer caching for 'docker build' and 'docker-compose build' commands.
       # https://github.com/satackey/action-docker-layer-caching/releases/tag/v0.0.11
-      - uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052
+      - uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052 # pin@46d2c640b1d8ef50d185452ad6fb324e6bd1d052
         if: ${{ needs.changes.outputs.has_change == 'true' }}
         continue-on-error: true
 

.github/workflows/codeql-analysis.yml

@@ -24,22 +24,17 @@ jobs:
         language: [ 'ruby' ]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # pin@v2
+        with:
+          languages: ${{ matrix.language }}
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-    #- run: |
-    #   make bootstrap
-    #   make release
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # pin@v2
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # pin@v2

.github/workflows/lint.yml

@@ -15,10 +15,9 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
-      # https://github.com/ruby/setup-ruby/releases/tag/v1.87.0
-      - uses: ruby/setup-ruby@cf1a6dd2d8563b59c7007e381836fd252ab2ac5b
+      - uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # [email protected]
         with:
           ruby-version: 2.7.5
           bundler-cache: true

.github/workflows/test.yml

@@ -15,10 +15,9 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
-      # https://github.com/ruby/setup-ruby/releases/tag/v1.87.0
-      - uses: ruby/setup-ruby@cf1a6dd2d8563b59c7007e381836fd252ab2ac5b
+      - uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # [email protected]
         with:
           ruby-version: 2.7.5
           bundler-cache: true

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 GitHub
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -8,7 +8,7 @@
 
 Your `entitlements-app` config `config/entitlements.yaml` runs through ERB interpretation automatically. You can extend your entitlements configuration to load plugins like so:
 
-```
+```ruby
 <%-
   unless ENV['CI_MODE']
     begin
@@ -27,7 +27,7 @@ Your `entitlements-app` config `config/entitlements.yaml` runs through ERB inter
 
 You can then define `lib/entitlements-and-plugins` like so:
 
-```
+```ruby
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
@@ -48,7 +48,7 @@ Any plugins defined in `lib/entitlements-and-plugins` will be loaded and used at
 
 You can add automatic auditing to a separate GitRepo by enabling the following `entitlements.yaml` config:
 
-```
+```ruby
 <%-
     # NOTE: GITREPO_SSH_KEY must be base64 encoded.
     sshkey = ENV.fetch("GITREPO_SSH_KEY")