mirror of
https://github.com/basecamp/trix.git
synced 2026-05-17 12:00:38 +00:00
Mike Dalessio
e62fcc3b58
* Add GitHub Actions audit job (actionlint + zizmor) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Configure dependabot for github-actions, npm, and bundler with batching and cooldowns Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add local GitHub Actions linting (actionlint + zizmor) to bin/setup and bin/ci Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Pin all GitHub Actions to SHA hashes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix zizmor findings: add permissions and persist-credentials: false Set workflow-level permissions: {} and add per-job contents: read. Add persist-credentials: false to all checkout steps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
25 lines
576 B
Bash
Executable File
25 lines
576 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -e
|
|
|
|
if [ -n "$CI" ]; then
|
|
echo "GITHUB_WORKFLOW: $GITHUB_WORKFLOW"
|
|
echo "GITHUB_RUN_NUMBER: $GITHUB_RUN_NUMBER"
|
|
echo "GITHUB_RUN_ID: $GITHUB_RUN_ID"
|
|
echo "GITHUB_ACTOR: $GITHUB_ACTOR"
|
|
echo "GITHUB_EVENT_NAME: $GITHUB_EVENT_NAME"
|
|
echo "GITHUB_SHA: $GITHUB_SHA"
|
|
echo "GITHUB_REF: $GITHUB_REF"
|
|
echo "GITHUB_HEAD_REF: $GITHUB_HEAD_REF"
|
|
echo "GITHUB_BASE_REF: $GITHUB_BASE_REF"
|
|
fi
|
|
|
|
# Lint GitHub Actions workflows
|
|
if command -v actionlint &> /dev/null; then
|
|
actionlint
|
|
fi
|
|
if command -v zizmor &> /dev/null; then
|
|
zizmor .
|
|
fi
|
|
|
|
yarn test
|