Update github/codeql-action action to v3.28.17 #81
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run pre-commit | |
| on: [push, pull_request] | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| env: | |
| # renovate: datasource=github-releases depName=open-policy-agent/opa | |
| OPA_VERSION: v1.3.0 | |
| # renovate: datasource=github-releases depName=StyraInc/regal | |
| REGAL_VERSION: v0.33.1 | |
| # renovate: datasource=github-releases depName=plexsystems/konstraint | |
| KONSTRAINT_VERSION: v0.41.0 | |
| name: pre-commit | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: 3.x | |
| - name: Setup Go | |
| uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 | |
| - name: Setup konstraint | |
| run: go install github.com/plexsystems/konstraint@${KONSTRAINT_VERSION} | |
| - name: Setup OPA | |
| uses: open-policy-agent/setup-opa@34a30e8a924d1b03ce2cf7abe97250bbb1f332b5 # v2.2.0 | |
| with: | |
| version: ${{ env.OPA_VERSION }} | |
| - name: Setup Regal | |
| uses: StyraInc/setup-regal@33a142b1189004e0f14bf42b15972c67eecce776 # v1.0.0 | |
| with: | |
| version: ${{ env.REGAL_VERSION }} | |
| - name: Remove rh-pre-commit hook (requires VPN) | |
| uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd # v4.45.1 | |
| with: | |
| cmd: yq -i 'del( .repos[] | select(.rev == "rh-pre-commit-*"))' .pre-commit-config.yaml | |
| - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 | |
| - name: Check if there are changes | |
| id: changes | |
| run: | | |
| git checkout HEAD -- .pre-commit-config.yaml | |
| echo "changed=$(git status --porcelain | wc -l)" >> $GITHUB_OUTPUT | |
| - name: Fail if changes found | |
| if: steps.changes.outputs.changed >= 1 | |
| run: | | |
| echo "Uncommitted changes exist. Failing." | |
| echo | |
| git status --porcelain | |
| exit 1 | |
| - name: Link checker | |
| uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 # 1.0.17 |