All #10799
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: All | |
permissions: | |
contents: read | |
on: | |
merge_group: | |
pull_request: | |
push: | |
branches: | |
- develop | |
workflow_dispatch: | |
inputs: | |
commit_sha: | |
description: Git commit sha, on which, to run this workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
lint_commits: | |
name: All - lint_commits | |
runs-on: ubuntu-20.04 | |
# We assume that commit 2fd0d36fe6ae0c2d527368683ec3a6352617b381 will be in the history | |
# of all commits based on ockam develop branch | |
# https://github.com/build-trust/ockam/commit/2fd0d36fe6ae0c2d527368683ec3a6352617b381 | |
env: | |
FIRST_COMMIT: 2fd0d36fe6ae0c2d527368683ec3a6352617b381 | |
CONTRIBUTORS_CSV_PATH: .github/CONTRIBUTORS.csv | |
COMMITLINT_CONFIG_PATH: tools/commitlint/commitlint.config.js | |
steps: | |
- name: Check Commit Lint | |
uses: build-trust/.github/actions/commit_lint@custom-actions | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
lint_editorconfig: | |
name: All - lint_editorconfig | |
runs-on: ubuntu-20.04 | |
container: # gitlab.com/greut/eclint | |
image: greut/eclint:v0.3.3@sha256:95e9a3dcbd236bae6569625cd403175cbde3705303774e7baca418b6442b8d77 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
ref: ${{ github.event.inputs.commit_sha }} | |
- shell: sh | |
run: eclint -color=always | |
# Semgrep is a static analysis tool to lint code for patterns we want to forbid | |
# https://github.com/returntocorp/semgrep | |
lint_semgrep: | |
name: All - lint_semgrep | |
runs-on: ubuntu-20.04 | |
container: | |
image: returntocorp/semgrep | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
ref: ${{ github.event.inputs.commit_sha }} | |
- name: Run Semgrep | |
# .semgrepignore is not processed outside of working directory. See https://github.com/returntocorp/semgrep/issues/5669 | |
run: | | |
mv tools/semgrep/.semgrepignore . & \ | |
semgrep --verbose --config="r2c" --config="tools/semgrep/rules/example.yaml" |