👷 ci: Fixes the missing permission for the release action #188
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| jobs: | |
| tflint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: tflint | |
| uses: reviewdog/action-tflint@0a8c6a4cc8788c02fe181ea6b8530975688f1a33 # v1.23.2 | |
| with: | |
| github_token: ${{ github.token }} | |
| reporter: github-pr-review | |
| fail_on_error: true | |
| filter_mode: file | |
| tflint_init: true | |
| flags: --no-module --recursive | |
| trivy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: trivy | |
| uses: reviewdog/action-trivy@14e16b394d55cc5cbbf0797b04fa5257adbe6e7a # v1.11.0 | |
| with: | |
| github_token: ${{ github.token }} | |
| trivy_command: config | |
| trivy_target: "." | |
| reporter: github-pr-review | |
| fail_on_error: true | |
| filter_mode: file | |
| golangci-lint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: golangci-lint | |
| uses: reviewdog/action-golangci-lint@7708105983c614f7a2725e2172908b7709d1c3e4 # v2.6.2 | |
| with: | |
| github_token: ${{ github.token }} | |
| reporter: github-pr-review | |
| fail_on_error: true | |
| filter_mode: file | |
| workdir: test/ | |
| go_version_file: test/go.mod | |
| prettier: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: create package.json | |
| run: | | |
| echo -e '{"devDependencies": {"prettier": "^3.1.0"}}' > package.json | |
| - name: prettier | |
| uses: EPMatt/reviewdog-action-prettier@93fb51ed5da157256e1d8c998fb249837304050c # v1.2.0 | |
| with: | |
| github_token: ${{ github.token }} | |
| reporter: github-pr-review | |
| fail_on_error: true | |
| filter_mode: file | |
| misspell: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: misspell | |
| uses: reviewdog/action-misspell@ef8b22c1cca06c8d306fc6be302c3dab0f6ca12f # v1.23.0 | |
| with: | |
| github_token: ${{ github.token }} | |
| reporter: github-pr-review | |
| fail_on_error: false | |
| filter_mode: file | |
| exclude: | | |
| ./.git/* | |
| ./.cache/* | |
| alex: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: alex | |
| uses: reviewdog/action-alex@f95df9e356d97e67e4626f04ad125c4a99a906a9 # v1.13.0 | |
| with: | |
| github_token: ${{ github.token }} | |
| reporter: github-pr-review | |
| fail_on_error: false | |
| filter_mode: file | |
| alex_flags: | | |
| * .github/* .github/workflows/* docs/* test/* examples/complete/* | |
| markdownlint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: markdownlint | |
| uses: reviewdog/action-markdownlint@e9f3ab4fea1433280a4b0eddca17be1340dfea94 # v0.24.0 | |
| with: | |
| github_token: ${{ github.token }} | |
| reporter: github-pr-review | |
| fail_on_error: false | |
| filter_mode: file | |
| actionlint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: actionlint | |
| uses: reviewdog/action-actionlint@4f8f9963ca57a41e5fd5b538dd79dbfbd3e0b38a # v1.54.0 | |
| with: | |
| github_token: ${{ github.token }} | |
| reporter: github-pr-review | |
| fail_on_error: true | |
| filter_mode: file |