yamllint

cooljeanius · Aug 6, 2024 · b6f311c · b6f311c
1 parent cfa2a5d
commit b6f311c
Show file tree

Hide file tree

Showing 6 changed files with 94 additions and 69 deletions.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -1,3 +1,5 @@
+---
+
 github: cooljeanius
 ko_fi: ericgallager
 liberapay: egallager

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,11 +1,13 @@
+---
+
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 
 version: 2
 updates:
-  - package-ecosystem: "github-actions" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "github-actions"  # See documentation for possible values
+    directory: "/"  # Location of package manifests
     schedule:
       interval: "weekly"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,3 +1,5 @@
+---
+
 # osxbom/.github/workflows/codeql.yml: GitHub Actions codeql workflow for osxbom
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
@@ -33,8 +35,9 @@ jobs:
     #   - https://gh.io/recommended-hardware-resources-for-running-codeql
     #   - https://gh.io/supported-runners-and-hardware-resources
     #   - https://gh.io/using-larger-runners (GitHub.com only)
-    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    # Consider using larger runners or machines with greater resources for
+    # possible analysis time improvements.
+    runs-on: 'ubuntu-latest'
     timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
     permissions:
       # required for all workflows
@@ -51,52 +54,61 @@ jobs:
       fail-fast: false
       matrix:
         include:
-        - language: c-cpp
-          build-mode: autobuild
-        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
-        # Use `c-cpp` to analyze code written in C, C++ or both
-        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
-        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
-        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, see:
-        # <https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning>.
-        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
-        # your codebase is analyzed, see:
-        # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+          - language: c-cpp
+            build-mode: autobuild
+            # CodeQL supports the following values keywords for 'language':
+            # 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript',
+            # 'python', 'ruby', 'swift'
+            # Use `c-cpp` to analyze code written in C, C++ or both
+            # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+            # Use 'javascript-typescript' to analyze code written in JavaScript,
+            # TypeScript or both
+            # To learn more about changing the languages that are analyzed or
+            # customizing the build mode for your analysis, see:
+            # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning
+            # If you are analyzing a compiled language, you can modify the
+            # 'build-mode' for that language to customize how your codebase is
+            # analyzed, see:
+            # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries & those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a
+          # config file.
+          # By default, queries listed here will override any specified in a
+          # config file.
+          # Prefix the list here with "+" to use these queries & those in the
+          # config file.
 
-        # For more details on CodeQL's query packs, refer to:
-        # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # For more details on CodeQL's query packs, refer to:
+          # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
-    # If the analyze step fails for one of the languages you are analyzing with
-    # "We were unable to automatically build your code", modify the matrix above
-    # to set the build mode to "manual" for that language. Then modify this step
-    # to build your code.
-    # Command-line programs to run using the OS shell; see:
-    # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    - name: Message about manual builds
-      if: matrix.build-mode == 'manual'
-      run: |
-        echo 'If you are using a "manual" build mode for one or more of the' \
-          'languages you are analyzing, replace this with the commands to build' \
-          'your code, for example:'
-        echo '  make bootstrap'
-        echo '  make release'
-        exit 1
+      # If the analyze step fails for 1 of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix
+      # above to set the build mode to "manual" for that language. Then modify
+      # this step to build your code.
+      # Command-line programs to run using the OS shell; see:
+      # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      - name: Message about manual builds
+        if: matrix.build-mode == 'manual'
+        run: |
+          echo ''
+          echo 'If you are using a "manual" build mode for one or more of the' \
+            'languages you are analyzing, replace this with the commands to' \
+            'build your code, for example:'
+          echo '  make bootstrap'
+          echo '  make release'
+          exit 1
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/flawfinder.yml b/.github/workflows/flawfinder.yml
@@ -1,3 +1,5 @@
+---
+
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
@@ -7,10 +9,10 @@ name: flawfinder
 
 on:
   push:
-    branches: [ "master" ]
+    branches: ["master"]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master" ]
+    branches: ["master"]
   schedule:
     - cron: '29 17 * * 1'
 

diff --git a/.github/workflows/osxbom.yml b/.github/workflows/osxbom.yml
@@ -1,3 +1,5 @@
+---
+
 name: cooljeanius/osxbom
 on:
   push:
@@ -10,26 +12,29 @@ jobs:
   test:
     runs-on: ${{ matrix.os }}
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-#     # 'Transformers::TravisCI::Scripts::Dependencies' dependencies are currently unsupported
-#     # 'compiler' was not transformed because there is no suitable equivalent in GitHub Actions
-    - run: "./configure CC=${{ matrix.compiler }} && make && make check && make distcheck"
-    - name: Upload a Build Artifact
-      uses: actions/upload-artifact@v4.3.5
-      with:
-        name: osxbom-gzipped_tarfile-${{ matrix.compiler }}-${{ matrix.os }}
-        path: osxbom-0.0.*.tar.gz
-    - name: Upload another Build Artifact
-      uses: actions/upload-artifact@v4.3.5
-      with:
-        name: osxbom-zipfile-${{ matrix.compiler }}-${{ matrix.os }}
-        path: osxbom-0.0.*.zip
+      - name: checkout
+        uses: actions/checkout@v4
+        # 'Transformers::TravisCI::Scripts::Dependencies' dependencies are
+        # currently unsupported
+        # 'compiler' was not transformed because there is no suitable equivalent
+        # in GitHub Actions
+      - run: "./configure CC=${{ matrix.compiler }} && make"
+      - run: "make check && make distcheck"
+      - name: Upload a Build Artifact
+        uses: actions/upload-artifact@v4.3.5
+        with:
+          name: osxbom-gzipped_tarfile-${{ matrix.compiler }}-${{ matrix.os }}
+          path: osxbom-0.0.*.tar.gz
+      - name: Upload another Build Artifact
+        uses: actions/upload-artifact@v4.3.5
+        with:
+          name: osxbom-zipfile-${{ matrix.compiler }}-${{ matrix.os }}
+          path: osxbom-0.0.*.zip
     strategy:
       matrix:
         compiler:
-        - clang
-        - gcc
+          - clang
+          - gcc
         os:
-        - ubuntu-latest
-        - macos-latest
+          - ubuntu-latest
+          - macos-latest
diff --git a/.travis.yml b/.travis.yml
@@ -1,3 +1,5 @@
+---
+
 language: cpp
 os:
   - linux