-
Notifications
You must be signed in to change notification settings - Fork 2
30 lines (27 loc) · 1 KB
/
shellcheck.yml
File metadata and controls
30 lines (27 loc) · 1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# .github/workflows/shellcheck.yml
---
name: shellcheck
on: # yamllint disable-line rule:truthy
push:
branches: ["main", "master", "stable"]
pull_request:
branches: ["main", "master", "stable", "feature-*", "patch-*", "HOTFIX-*"]
permissions: {} # Setting default permissions to none for enhanced security
jobs:
shellcheck:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # to get PR metadata
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Shellcheck Scan
uses: reactive-firewall/shellcheck-scan@ececa8940e6bfbf5bf1426dd9292b9b25367c14a # v0
with: # optional arguments
match: 'tests/check_* **/*.sh'
publish-artifacts: true
if: ${{ success() }}