File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -2,17 +2,17 @@ name: Lint
22
33on : pull_request
44
5- permissions :
6- actions : read
7- checks : write
8- contents : read
9- pull-requests : read
5+ concurrency :
6+ group : ${{ github.workflow }}-${{ github.head_ref || github.ref }}
7+ cancel-in-progress : true
8+
9+ permissions : {}
1010
1111jobs :
1212 lint :
13- runs-on : ubuntu-latest
14- steps :
15- - name : Check out Git repository
16- uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17- - name : Trunk Check
18- uses : trunk-io/trunk-action@75699af9e26881e564e9d832ef7dc3af25ec031b # v1.2.4
13+ uses : masterpointio/actions/.github/workflows/lint.yaml@7dad35e85d864ca5dda0971dfd3c940cc67ed380 # v0.3.0
14+ permissions :
15+ actions : read # for trunk-action
16+ checks : write # for trunk-action
17+ contents : read # for trunk-action + checkout
18+ pull-requests : read # for action-semantic-pull-request
Original file line number Diff line number Diff line change 55 branches :
66 - main
77
8- permissions :
9- contents : write
10- pull-requests : write
8+ concurrency :
9+ group : ${{ github.workflow }}-${{ github.head_ref || github.ref }}
10+ cancel-in-progress : true
11+
12+ permissions : {}
1113
1214jobs :
1315 release-please :
14- runs-on : ubuntu-latest
15- steps :
16- - uses : googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
17- with :
18- release-type : terraform-module
16+ uses : masterpointio/actions/.github/workflows/release-please.yaml@7dad35e85d864ca5dda0971dfd3c940cc67ed380 # v0.3.0
17+ with :
18+ release-type : terraform-module
19+ secrets :
20+ MP_BOT_APP_ID : ${{ secrets.MP_BOT_APP_ID }}
21+ MP_BOT_APP_PRIVATE_KEY : ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
22+ permissions :
23+ contents : write # needed by release-please-action
24+ pull-requests : write # needed by release-please-action
25+ issues : write # needed by release-please-action
Original file line number Diff line number Diff line change 66 - cron : 0 8 1 * *
77 workflow_dispatch : {}
88
9- permissions : read-all
9+ concurrency :
10+ group : ${{ github.workflow }}-${{ github.head_ref || github.ref }}
11+ cancel-in-progress : true
12+
13+ permissions : {}
1014
1115jobs :
1216 trunk-upgrade :
13- runs-on : ubuntu-latest
17+ uses : masterpointio/actions/.github/workflows/trunk-upgrade.yaml@7dad35e85d864ca5dda0971dfd3c940cc67ed380 # v0.3.0
18+ secrets :
19+ MP_BOT_APP_ID : ${{ secrets.MP_BOT_APP_ID }}
20+ MP_BOT_APP_PRIVATE_KEY : ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
21+ MASTERPOINT_TEAM_PAT : ${{ secrets.MASTERPOINT_TEAM_PAT }}
1422 permissions :
15- # For trunk to create PRs
16- contents : write
17- pull-requests : write
18- steps :
19- - name : Checkout
20- uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
21-
22- - name : Run Trunk Upgrade
23- uses : masterpointio/github-action-trunk-upgrade@a79fd65d524d92031fe167daee411d2f25d4a999 # v0.1.0
24- with :
25- app-id : ${{ secrets.MP_BOT_APP_ID }}
26- app-private-key : ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
27- github-token : ${{ secrets.MASTERPOINT_TEAM_PAT }}
28- reviewers : " @masterpointio/masterpoint-internal"
23+ contents : write # needed by github-action-trunk-upgrade
24+ pull-requests : write # needed by github-action-trunk-upgrade
Original file line number Diff line number Diff line change 44plugins :
55 sources :
66 - id : trunk
7- ref : v1.7.6
7+ ref : v1.10.1
88 uri : https://github.com/trunk-io/plugins
99lint :
1010 enabled :
1616 - markdownlint@0.48.0
1717 - prettier@3.8.1
1818 - trufflehog@3.94.1
19+ - zizmor@1.25.2
20+ definitions :
21+ - name : zizmor
22+ environment :
23+ # Optional token here so that it's not needed locally, but can be used
24+ # when trunk is called from our lint workflow in GHA
25+ - name : ZIZMOR_GITHUB_TOKEN
26+ value : ${env.GITHUB_TOKEN}
27+ optional : true
28+ commands :
29+ # Set to pedantic so that zizmor will run its stale-action-refs audit rule
30+ - name : lint
31+ run : zizmor --format=sarif --persona=pedantic ${target}
1932 ignore :
2033 - linters : [ALL]
2134 paths :
You can’t perform that action at this time.
0 commit comments