diff --git a/.github/action.yaml b/.github/action.yaml new file mode 100644 index 000000000..70ff36e84 --- /dev/null +++ b/.github/action.yaml @@ -0,0 +1,21 @@ +# Configuration file for sisakulint +# Use this file to customize the behavior of sisakulint +# self-hosted-runner section is for configuring self-hosted runners. +self-hosted-runner: + # Use the labels key to specify labels for self-hosted runners used in your project as an array of strings. + # This allows sisakulint to verify that these labels are correctly configured. + # 🧠 Example: labels: ["linux-large", "windows-2xlarge"] + # Note: Ensure that the labels match those configured in your self-hosted runner settings. + labels: [] + +# config-variables section is for specifying configuration variables defined in your repository or organization. +# Setting it to null disables the check for configuration variables. +# An empty array means no configuration variable is allowed. +# 🧠 Example: config-variables: ["CI_ENVIRONMENT", "DEPLOY_TARGET"] +# Note: List all the configuration variables that are used in your GitHub Actions workflows. +config-variables: null + +# Add other optional settings below. +# 🧠 Example: some-option: value +# Note: Refer to the sisakulint documentation for more information on available settings. + \ No newline at end of file diff --git a/.github/actions/setup-sisakulint/action.yml b/.github/actions/setup-sisakulint/action.yml new file mode 100644 index 000000000..68f5e1bec --- /dev/null +++ b/.github/actions/setup-sisakulint/action.yml @@ -0,0 +1,23 @@ +name: Setup sisakulint +description: Setup sisakulint CLI tool in your workflow +inputs: + sisakulint_version: + description: Version of sisakulint to install + required: true +runs: + using: "composite" + steps: + # gh release download "v0.0.9" -R ultra-supara/sisakulint -p "sisakulint_0.0.9_darwin_amd64.tar.gz" + # tar -xf "sisakulint_0.0.9_darwin_amd64.tar.gz" + # https://github.com/ultra-supara/sisakulint/releases/tag/v0.0.9 + - name: Download sisakulint + shell: bash + run: | + mkdir -p bin + cd bin + curl -L https://github.com/ultra-supara/sisakulint/releases/download/v${SISAKULINT_VERSION}/sisakulint_${SISAKULINT_VERSION}_linux_amd64.tar.gz -o "sisakulint_${SISAKULINT_VERSION}_linux_amd64.tar.gz" + tar -xf "sisakulint_${SISAKULINT_VERSION}_linux_amd64.tar.gz" + chmod +x sisakulint + echo "$(pwd)" >> $GITHUB_PATH + env: + SISAKULINT_VERSION: ${{ inputs.sisakulint_version }} diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml new file mode 100644 index 000000000..687c43165 --- /dev/null +++ b/.github/workflows/scan-codeql.yml @@ -0,0 +1,31 @@ +name: "CodeQL" + +on: + push: + branches: ["main"] + +jobs: + analyze: + name: Analyze + runs-on: "ubuntu-latest" + timeout-minutes: 360 + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["actions"] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scan-sisakulint.yml b/.github/workflows/scan-sisakulint.yml new file mode 100644 index 000000000..bb6a45acc --- /dev/null +++ b/.github/workflows/scan-sisakulint.yml @@ -0,0 +1,27 @@ +name: "sisakulint" + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + run_sisakulint: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Setup sisakulint + uses: ./.github/actions/setup-sisakulint + with: + sisakulint_version: 0.0.9 + - name: Run sisakulint + run: sisakulint -fix on -format "{{sarif .}}" > sisakulint.sarif || true + - name: Commit fix + if: ${{ github.event == "pull_request" }} + uses: suzuki-shunsuke/commit-action@main + - name: Upload SARIF results + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: sisakulint.sarif