diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bfc8c964c4..2ff3813128 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,8 @@ jobs: name: Bazel, Linux, Swift 6.2 # pre-installed runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - &checkout-step + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - uses: ./.github/actions/bazel-linux-build @@ -40,9 +41,7 @@ jobs: version: '6.2' container: ${{ matrix.image }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false + - *checkout-step - name: Build plugins uses: ./.github/actions/run-make with: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d0946ef394..011da57caa 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,29 +25,29 @@ jobs: docker-tag: ${{ steps.vars.outputs.docker-tag }} repository-lc: ${{ steps.vars.outputs.repository-lc }} steps: - - name: Define variables - id: vars - run: | - if [[ "${{ github.event_name }}" == "push" ]]; then - { - echo "checkout-ref=main" - echo "docker-tag=latest" - } >> "$GITHUB_OUTPUT" - elif [[ "${{ github.event_name }}" == "pull_request" ]]; then - { - echo "checkout-ref=pr" - echo "docker-tag=pr-${{ github.event.pull_request.number }}" - } >> "$GITHUB_OUTPUT" - else - { - echo "checkout-ref=${INPUTS_TAG}" - echo "docker-tag=${INPUTS_TAG}" - } >> "$GITHUB_OUTPUT" - fi - echo "repository-lc=${REPOSITORY,,}" >> "$GITHUB_OUTPUT" - env: - REPOSITORY: ${{ github.repository }} - INPUTS_TAG: ${{ inputs.tag }} + - name: Define variables + id: vars + run: | + if [[ "${{ github.event_name }}" == "push" ]]; then + { + echo "checkout-ref=main" + echo "docker-tag=latest" + } >> "$GITHUB_OUTPUT" + elif [[ "${{ github.event_name }}" == "pull_request" ]]; then + { + echo "checkout-ref=pr" + echo "docker-tag=pr-${{ github.event.pull_request.number }}" + } >> "$GITHUB_OUTPUT" + else + { + echo "checkout-ref=${INPUTS_TAG}" + echo "docker-tag=${INPUTS_TAG}" + } >> "$GITHUB_OUTPUT" + fi + echo "repository-lc=${REPOSITORY,,}" >> "$GITHUB_OUTPUT" + env: + REPOSITORY: ${{ github.repository }} + INPUTS_TAG: ${{ inputs.tag }} build-amd64: name: Build AMD64 Image @@ -57,19 +57,21 @@ jobs: packages: write needs: set-context steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - if: needs.set-context.outputs.checkout-ref == 'pr' - with: - persist-credentials: false - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - if: needs.set-context.outputs.checkout-ref != 'pr' - with: - ref: ${{ needs.set-context.outputs.checkout-ref }} - persist-credentials: false - - uses: ./.github/actions/docker-build - with: - platform: amd64 - token: ${{ secrets.GITHUB_TOKEN }} + - &checkout-step-pr + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + if: needs.set-context.outputs.checkout-ref == 'pr' + with: + persist-credentials: false + - &checkout-step-ref + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + if: needs.set-context.outputs.checkout-ref != 'pr' + with: + ref: ${{ needs.set-context.outputs.checkout-ref }} + persist-credentials: false + - uses: ./.github/actions/docker-build + with: + platform: amd64 + token: ${{ secrets.GITHUB_TOKEN }} build-arm64: name: Build ARM64 Image @@ -79,19 +81,12 @@ jobs: packages: write needs: set-context steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - if: needs.set-context.outputs.checkout-ref == 'pr' - with: - persist-credentials: false - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - if: needs.set-context.outputs.checkout-ref != 'pr' - with: - ref: ${{ needs.set-context.outputs.checkout-ref }} - persist-credentials: false - - uses: ./.github/actions/docker-build - with: - platform: arm64 - token: ${{ secrets.GITHUB_TOKEN }} + - *checkout-step-pr + - *checkout-step-ref + - uses: ./.github/actions/docker-build + with: + platform: arm64 + token: ${{ secrets.GITHUB_TOKEN }} merge: name: Create Multi-Platform Image @@ -103,23 +98,23 @@ jobs: - build-amd64 - build-arm64 steps: - - name: Download digests - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 - with: - path: /tmp/digests - pattern: digests-* - merge-multiple: true - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - name: Login to GitHub registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ghcr.io - - name: Create manifest list and push - working-directory: /tmp/digests - run: >- - docker buildx imagetools create - -t "ghcr.io/${{ needs.set-context.outputs.repository-lc }}:${{ needs.set-context.outputs.docker-tag }}" - $(printf 'ghcr.io/${{ needs.set-context.outputs.repository-lc }}@sha256:%s ' *) + - name: Download digests + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + - name: Login to GitHub registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + - name: Create manifest list and push + working-directory: /tmp/digests + run: >- + docker buildx imagetools create + -t "ghcr.io/${{ needs.set-context.outputs.repository-lc }}:${{ needs.set-context.outputs.docker-tag }}" + $(printf 'ghcr.io/${{ needs.set-context.outputs.repository-lc }}@sha256:%s ' *) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9b778240bd..efe9afa4a9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,8 @@ jobs: name: Swift runs-on: ubuntu-24.04 # "Noble Numbat" steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - &checkout-step + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - uses: ./.github/actions/bazel-linux-build @@ -25,9 +26,7 @@ jobs: name: Markdown runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false + - *checkout-step - name: Lint uses: DavidAnson/markdownlint-cli2-action@992badcdf24e3b8eb7e87ff9287fe931bcb00c6e # v20.0.0 with: @@ -39,9 +38,7 @@ jobs: name: Actions runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false + - *checkout-step - name: Register problem matcher run: | curl -sSL https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json > actionlint-matcher.json diff --git a/.github/workflows/plugins-sync.yml b/.github/workflows/plugins-sync.yml index 28a5160dd9..8e5ea014e9 100644 --- a/.github/workflows/plugins-sync.yml +++ b/.github/workflows/plugins-sync.yml @@ -16,8 +16,7 @@ jobs: name: Sync Plugins Folder runs-on: ubuntu-24.04 steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run file sync diff --git a/.github/workflows/post-release.yml b/.github/workflows/post-release.yml index fbfc100828..895358d07c 100644 --- a/.github/workflows/post-release.yml +++ b/.github/workflows/post-release.yml @@ -48,7 +48,8 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - &checkout-step + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.event.release.tag_name }} persist-credentials: false @@ -65,11 +66,7 @@ jobs: permissions: contents: read steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - ref: ${{ github.event.release.tag_name }} - persist-credentials: false + - *checkout-step - name: Parse checksum id: parse_checksum run: echo "checksum=$(grep -o '[a-fA-F0-9]\{64\}' Package.swift)" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1aed408b14..47e321c5af 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,8 +33,7 @@ jobs: permissions: contents: write steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: true - name: Checkout or create release branch @@ -68,8 +67,7 @@ jobs: permissions: contents: read steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Ruby and Bundler @@ -102,8 +100,11 @@ jobs: artifact_name: swiftlint-linux-arm64 permissions: contents: read + env: + BINARY_PATH: .build/release/swiftlint steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - &checkout-release-branch + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ env.RELEASE_BRANCH }} persist-credentials: false @@ -111,11 +112,12 @@ jobs: run: sudo apt-get install -y libcurl4-openssl-dev libxml2-dev - name: Build binary run: make --debug spm_linux_build - - name: Upload binary + - &upload-artifact + name: Upload binary uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: ${{ matrix.artifact_name }} - path: .build/release/swiftlint + path: ${{ env.BINARY_PATH }} build-static-linux: name: Build Static Linux ${{ matrix.arch }} Binary @@ -138,10 +140,7 @@ jobs: env: BINARY_PATH: .build/${{ matrix.swift_sdk }}/release/swiftlint steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - ref: ${{ env.RELEASE_BRANCH }} - persist-credentials: false + - *checkout-release-branch - name: Install SDK run: swift sdk install https://download.swift.org/swift-6.2-release/static-sdk/swift-6.2-RELEASE/swift-6.2-RELEASE_static-linux-0.0.1.artifactbundle.tar.gz --checksum d2225840e592389ca517bbf71652f7003dbf45ac35d1e57d98b9250368769378 - name: Build static binary @@ -154,11 +153,7 @@ jobs: -Xlinker -z -Xlinker stack-size=0x80000 # 512KiB - name: Strip binary run: strip -s "$BINARY_PATH" - - name: Upload artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: ${{ matrix.artifact_name }} - path: ${{ env.BINARY_PATH }} + - *upload-artifact build-macos: name: Build macOS Binaries @@ -167,10 +162,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - ref: ${{ env.RELEASE_BRANCH }} - persist-credentials: false + - *checkout-release-branch - name: Build SwiftLint for macOS run: make --debug bazel_release - name: Upload build artifacts diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index c85941d53a..543e57ff98 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -10,10 +10,9 @@ permissions: jobs: close-stale-issues: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Mark or close stale issues diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 533c3e0d22..bfdcaa73de 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,7 +17,8 @@ jobs: runs-on: ubuntu-24.04 container: swift:6.2-noble steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - &checkout-step + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Get Swift version @@ -48,9 +49,7 @@ jobs: env: DEVELOPER_DIR: /Applications/Xcode_${{ matrix.xcode }}.app steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false + - *checkout-step - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: ${{ runner.os }}-xcode-spm-${{ matrix.xcode }}-${{ hashFiles('Package.resolved', 'Package.swift') }}