-
Notifications
You must be signed in to change notification settings - Fork 3
134 lines (107 loc) · 3.72 KB
/
linters.yml
File metadata and controls
134 lines (107 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
name: Linters
permissions:
contents: read
on:
pull_request:
branches: ["main" ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
rust_min: 1.90.0
jobs:
rustfmt:
name: Run rustfmt on the minimum supported toolchain
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Install Rust ${{ env.rust_min }}
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # stable
with:
toolchain: ${{ env.rust_min }}
components: rustfmt
- name: Run rustfmt
run: cargo fmt -- --check
clippy:
name: Run clippy on the minimum supported toolchain
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Install Rust ${{ env.rust_min }}
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # stable
with:
toolchain: ${{ env.rust_min }}
components: rustfmt, clippy
- name: Install cargo-binstall
uses: taiki-e/install-action@cc33365ec7e3350bc47bf935f247582cc6f68344 # v2.65.12
with:
tool: cargo-binstall
- name: Install required cargo
run: cargo binstall clippy-sarif sarif-fmt --force
- name: Run rust-clippy
run:
cargo clippy
--lib --tests
--message-format=json | ${CARGO_HOME}/bin/clippy-sarif | tee rust-clippy-results.sarif | ${CARGO_HOME}/bin/sarif-fmt
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
typos:
name: Spell Check with Typos
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit
- name: Checkout Actions Repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Check spelling of file.txt
uses: crate-ci/typos@2d0ce569feab1f8752f1dde43cc2f2aa53236e06 # v1.40.0
with:
config: typos.toml
opa:
name: Check OPA policy formatting
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup OPA
uses: open-policy-agent/setup-opa@v2
with:
version: 1.6.0
- name: Test OPA policies
run: opa fmt policy --check-result
committed:
name: Lint Commits
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit
- name: Checkout Actions Repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Lint Commits
uses: crate-ci/committed@15229711f8f597474c0b636f327cde5969f9a529 # v1.1.7