mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-15 15:14:06 +00:00
Set: ``` permissions: contents: read ``` as the default top-level permissions explicitly to conform to recommended security practices e.g. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
37 lines
740 B
YAML
37 lines
740 B
YAML
name: Lint GHA workflows
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- edited
|
|
- reopened
|
|
- synchronize
|
|
paths:
|
|
- '.github/workflows/**'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
run-actionlint:
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install actionlint gh extension
|
|
run: gh extension install https://github.com/cschleiden/gh-actionlint
|
|
|
|
- name: Run actionlint
|
|
run: gh actionlint
|