mirror of
https://github.com/falcosecurity/falco.git
synced 2026-04-02 18:12:15 +00:00
8171176e31
Add `permissions: contents: read` at the workflow level for bump-libs.yaml, format.yaml, master.yaml, and release.yaml to follow the principle of least privilege. Job-level permissions that require elevated access will override this as expected. Signed-off-by: Gagan H R <hrgagan4@gmail.com>
42 lines
994 B
YAML
42 lines
994 B
YAML
name: Format code
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- master
|
|
- "release/**"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
format:
|
|
name: format code 🐲
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout repository 🎉
|
|
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install deps ⛓️
|
|
run: |
|
|
sudo apt update -y
|
|
sudo apt install -y --no-install-recommends ca-certificates pip git
|
|
pip install pre-commit
|
|
|
|
- name: Run pre-commit ©️
|
|
run: |
|
|
pre-commit run --all-files
|
|
|
|
- name: Generate the git-diff 🚒
|
|
if: failure()
|
|
run: git diff > format_diff.patch
|
|
|
|
- name: Upload the git diff artifact 📦
|
|
if: failure()
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
name: format_diff.patch
|
|
path: ./format_diff.patch
|