build: bump syn from 2.0.71 to 2.0.72 #17943
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: All | |
permissions: | |
contents: read | |
on: | |
merge_group: | |
pull_request: | |
push: | |
branches: | |
- develop | |
workflow_dispatch: | |
inputs: | |
commit_sha: | |
description: Git commit sha, on which, to run this workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
lint_commits: | |
name: All - lint_commits | |
runs-on: ubuntu-20.04 | |
# We assume that commit 2fd0d36fe6ae0c2d527368683ec3a6352617b381 will be in the history | |
# of all commits based on ockam develop branch | |
# https://github.com/build-trust/ockam/commit/2fd0d36fe6ae0c2d527368683ec3a6352617b381 | |
env: | |
FIRST_COMMIT: 2fd0d36fe6ae0c2d527368683ec3a6352617b381 | |
CONTRIBUTORS_CSV_PATH: .github/CONTRIBUTORS.csv | |
COMMITLINT_CONFIG_PATH: tools/commitlint/commitlint.config.js | |
steps: | |
- name: Check Commit Lint | |
uses: build-trust/.github/actions/commit_lint@0455ed96606ee7021639e74a1ae0289a30e33d86 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
lint_editorconfig: | |
name: All - lint_editorconfig | |
runs-on: ubuntu-20.04 | |
container: # gitlab.com/greut/eclint | |
image: greut/eclint:v0.3.3@sha256:95e9a3dcbd236bae6569625cd403175cbde3705303774e7baca418b6442b8d77 | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
ref: ${{ github.event.inputs.commit_sha }} | |
- shell: sh | |
run: eclint -color=always | |
# Semgrep is a static analysis tool to lint code for patterns we want to forbid | |
# https://github.com/returntocorp/semgrep | |
lint_semgrep: | |
name: All - lint_semgrep | |
runs-on: ubuntu-20.04 | |
container: | |
image: returntocorp/semgrep@sha256:2fd35fa409f209e0fea0c2d72cf1e5b801a607959a93b13d04822bb3b6a9dfe4 | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
ref: ${{ github.event.inputs.commit_sha }} | |
- name: Run Semgrep | |
# Bash is not available in the specified docker image of semgrep | |
shell: sh | |
# .semgrepignore is not processed outside of working directory. See https://github.com/returntocorp/semgrep/issues/5669 | |
run: | | |
mv tools/semgrep/.semgrepignore . & \ | |
semgrep --verbose --config="r2c" --config="tools/semgrep/rules/example.yaml" | |
# Check notice file for update | |
notice_update: | |
name: All - notice_update | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@7993355175c2765e5733dae74f3e0786fe0e5c4f | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
- name: Update Notice File | |
shell: nix shell nixpkgs#jq nixpkgs#cargo-deny --command bash {0} | |
run: make notice_file_update | |
- name: Fail if notice update needed | |
shell: bash | |
run: | | |
set -ex | |
git diff --exit-code NOTICE.md &> /dev/null || \ | |
{ \ | |
echo "NOTICE file outdated"; \ | |
git diff; | |
exit 1; \ | |
} |