checkton-self.yaml

name: Checkton
on:
  pull_request:
    branches: [main]

jobs:
  lint:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          fetch-depth: 0

      - name: Modify action.yaml to build latest image on the fly
        run: |
          sed -E "s;(\s*)image: .*;\1image: Dockerfile;" -i action.yaml

      - name: Run self on self
        id: checkton
        uses: ./
        with:
          # funnily enough, checkton happens to work on regular shell scripts as well
          include-regex: \.(sh|bash|yml|yaml)$
          # exclude test data and submodules
          exclude-regex: ^test/resources/files-to-check/|^test/.*bats(-support|-assert)/
          differential: false
          fail-on-findings: false

      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3
        with:
          sarif_file: ${{ steps.checkton.outputs.sarif }}
          # Avoid clashing with ShellCheck
          category: checkton