Skip to content

ci

ci #77

Workflow file for this run

name: ci
concurrency:
group: ci-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: ${{ ! startsWith(github.ref, 'refs/tags/v') }}
on:
push:
branches:
- main
tags:
- v*
pull_request:
branches:
- main
schedule:
- cron: "15 5 */1 * *"
jobs:
pr-labeler:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/labeler@v4
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
stale-discovery:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: "This issue is stale because it has been open for 30 days with no activity. Remove this label to keep it open."
stale-pr-message: "This pull request is stale because it has been open for 30 days with no activity. Remove this label to keep it open."
stale-issue-label: "stale-issue"
stale-pr-label: "stale-pr"
check:
if: github.ref == 'refs/heads/main' || github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install pre-commit
run: pip install -U pip 'pre-commit<4'
- name: Run pre-commit
run: pre-commit run --all-files
trivy:
if: github.ref == 'refs/heads/main' || github.event_name == 'pull_request'
permissions:
contents: read
security-events: write
actions: read
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
# trivy-config: trivy.yaml
- continue-on-error: true
name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
github-release:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create a GitHub release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create ${{ github.ref_name }} \
--title ${{ github.ref_name }} \
--generate-notes \
--verify-tag