fix(release-changelog-internal): remove duplicate tag validation and run workflows once during tag release #237
ci.yml
on: pull_request
✅ Validate YAML Syntax
11s
🧹 Lint YAML Files
8s
🔍 Validate Workflow Structure
5s
🔒 Security Scan
30s
📚 Validate Documentation
6s
🏷️ Validate Naming Conventions
4s
🔍 Actionlint
10s
📝 Generate Documentation Index
⚠️ Check Deprecated Actions
6s
🔐 Validate Permissions
4s
📊 CI Summary
5s
🩺 Diagnose failure (naoru)
0s
Annotations
21 errors, 10 warnings, and 1 notice
|
🧹 Lint YAML Files
Process completed with exit code 1.
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2129:style:15:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
Raw Output:
e:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2129:style:15:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L272
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
Raw Output:
e:.github/workflows/ci.yml:272:9: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L272
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2129:style:10:3: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
Raw Output:
e:.github/workflows/ci.yml:272:9: shellcheck reported issue in this script: SC2129:style:10:3: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L259
[actionlint] reported by reviewdog 🐶
avoid using deprecated input "fail_on_error" in action "reviewdog/action-actionlint@v1": Deprecated, use `fail_level` instead [action]
Raw Output:
e:.github/workflows/ci.yml:259:11: avoid using deprecated input "fail_on_error" in action "reviewdog/action-actionlint@v1": Deprecated, use `fail_level` instead [action]
|
|
🔍 Actionlint
reviewdog: Too many results (annotations) in diff.
You may miss some annotations due to GitHub limitation for annotation created by logging command.
Please check GitHub Actions log console to see all results.
Limitation:
- 10 warning annotations and 10 error annotations per step
- 50 annotations per job (sum of annotations from all the steps)
- 50 annotations per run (separate from the job annotations, these annotations aren't created by users)
Source: https://github.com/orgs/community/discussions/26680#discussioncomment-3252835
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L198
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2001:style:5:10: See if you can use ${variable//search/replace} instead [shellcheck]
Raw Output:
e:.github/workflows/ci.yml:198:9: shellcheck reported issue in this script: SC2001:style:5:10: See if you can use ${variable//search/replace} instead [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/cf-deploy.yml#L104
[actionlint] reported by reviewdog 🐶
property "role-to-assume" is not defined in object type {aws-region: string; bucket-prefix: string; capabilities: string; code-folder: string; github-branch: string; github-repo-name: string; organization-name: string; parameter-overrides: string; s3-bucket: string; stack-name: string; template-path: string; zip-file-name: string} [expression]
Raw Output:
e:.github/workflows/cf-deploy.yml:104:31: property "role-to-assume" is not defined in object type {aws-region: string; bucket-prefix: string; capabilities: string; code-folder: string; github-branch: string; github-repo-name: string; organization-name: string; parameter-overrides: string; s3-bucket: string; stack-name: string; template-path: string; zip-file-name: string} [expression]
|
|
🔍 Actionlint:
.github/workflows/cf-deploy.yml#L49
[actionlint] reported by reviewdog 🐶
input "zip-file-name" of workflow_call event has the default value "main.zip", but it is also required. if an input is marked as required, its default value will never be used [events]
Raw Output:
e:.github/workflows/cf-deploy.yml:49:18: input "zip-file-name" of workflow_call event has the default value "main.zip", but it is also required. if an input is marked as required, its default value will never be used [events]
|
|
🔍 Actionlint:
.github/workflows/cf-deploy.yml#L39
[actionlint] reported by reviewdog 🐶
input "GitHub-branch" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used [events]
Raw Output:
e:.github/workflows/cf-deploy.yml:39:18: input "GitHub-branch" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used [events]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L10
[actionlint] reported by reviewdog 🐶
input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events]
Raw Output:
e:.github/workflows/aws-prowler.yml:10:18: input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events]
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
|
|
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
|
|
🔒 Security Scan
CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
|
|
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:10:24: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2086:info:10:24: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2012:info:14:13: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
Raw Output:
i:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2012:info:14:13: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2012:info:13:18: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
Raw Output:
i:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2012:info:13:18: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L272
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2012:info:11:3: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
Raw Output:
i:.github/workflows/ci.yml:272:9: shellcheck reported issue in this script: SC2012:info:11:3: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/ci.yml#L198
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2162:info:4:63: read without -r will mangle backslashes [shellcheck]
Raw Output:
i:.github/workflows/ci.yml:198:9: shellcheck reported issue in this script: SC2162:info:4:63: read without -r will mangle backslashes [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck]
Raw Output:
w:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint
Input 'fail_on_error' has been deprecated with message: Deprecated, use `fail_level` instead.
|
|
GitHub API token
Consider setting a GITHUB_TOKEN to prevent GitHub api rate limits
|