ci: update scanner #211
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # ↓ lock down top‐level permissions to only what we use | |
| permissions: | |
| contents: read # we only need to checkout code | |
| actions: read # to query workflows/runs | |
| statuses: write | |
| # Run on pushes to any branch and pull requests | |
| on: | |
| push: | |
| branches: ['main'] | |
| pull_request: | |
| branches: ['**'] | |
| jobs: | |
| # Lint all YAML, JSON & Shell | |
| lint: | |
| name: Lint code & configs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check compose files | |
| run: | | |
| source ./.envrc | |
| docker compose -f compose.yml config -q | |
| docker compose -f compose-partner-chains.yml config -q | |
| docker compose -f proof-server.yml config -q | |
| - name: Run Super-linter | |
| uses: github/super-linter@b807e99ddd37e444d189cfd2c2ca1274d8ae8ef1 #v7 | |
| env: | |
| # only lint the file types you care about | |
| VALIDATE_YAML: true | |
| VALIDATE_JSON: true | |
| VALIDATE_SHELL: true | |
| VALIDATE_BASH: true | |
| VALIDATE_BASH_EXEC: true | |
| VALIDATE_CHECOV: true | |
| VALIDATE_GITHUB_ACTIONS: true | |
| VALIDATE_NATURAL_LANGUAGE: true | |
| VALIDATE_MARKDOWN: true | |
| VALIDATE_DOCKERFILE: true | |
| FILTER_REGEX_EXCLUDE: (^cardano-config/|LICENSE\.md) | |
| # tell it your default branch so it can diff | |
| DEFAULT_BRANCH: origin/main | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |