Skip to content
Lint GitHub Actions workflows

Do not use callable parameter types as native types for closure and arrow function parameters #3400

Sign in to view logs

Do not use callable parameter types as native types for closure and arrow function parameters

Do not use callable parameter types as native types for closure and arrow function parameters #3400

Workflow file for this run

.github/workflows/lint-workflows.yml at ea03d07
# Configuration from:
# https://github.com/johnbillion/plugin-infrastructure/blob/571cba96190304963285181e2b928d941b9ec7c4/.github/workflows/reusable-workflow-lint.yml
name: Lint GitHub Actions workflows
on:
pull_request:
push:
branches:
- "2.1.x"
permissions: {}
jobs:
actionlint:
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
with:
egress-policy: audit
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Check workflow files
run: |
echo "::add-matcher::.github/actionlint-matcher.json"
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
./actionlint -color
shell: bash
octoscan:
name: Octoscan
runs-on: ubuntu-latest
permissions:
security-events: write # Required for codeql-action/upload-sarif to upload SARIF files.
timeout-minutes: 10
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
with:
egress-policy: audit
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run octoscan
id: octoscan
uses: synacktiv/action-octoscan@6b1cf2343893dfb9e5f75652388bd2dc83f456b0 # v1.0.0
with:
filter_triggers: ''
- name: Upload SARIF file to GitHub
uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
with:
sarif_file: "${{steps.octoscan.outputs.sarif_output}}"
category: octoscan
wait-for-processing: false
poutine:
name: Poutine
runs-on: ubuntu-latest
permissions:
security-events: write # Required for codeql-action/upload-sarif to upload SARIF files.
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Run Poutine
uses: boostsecurityio/poutine-action@84c0a0d32e8d57ae12651222be1eb15351429228 # v0.15.2
- name: Upload poutine SARIF file
uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
with:
sarif_file: results.sarif
category: poutine
wait-for-processing: false
zizmor:
name: Zizmor
runs-on: ubuntu-latest
permissions:
security-events: write # Required for codeql-action/upload-sarif to upload SARIF files.
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install the latest version of uv
uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
with:
enable-cache: false
- name: Run zizmor
run: uvx zizmor@1.20.0 --persona=auditor --format=sarif --strict-collection . > results.sarif
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
sarif_file: results.sarif
category: zizmor
wait-for-processing: false