mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-03-18 10:44:10 +00:00
99e70100c7
By default the checkout action leave the credentials in the checked-out repo's `.git/config`, which means they could get exposed. Use persist-credentials: false to prevent this happening. Note: static-checks.yaml does use git diff after the checkout, but the git docs state that git diff is just local, so doesn't need authentication. Signed-off-by: stevenhorsman <steven@uk.ibm.com>
33 lines
741 B
YAML
33 lines
741 B
YAML
# https://github.com/marketplace/actions/shellcheck
|
|
name: Check shell scripts
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- edited
|
|
- reopened
|
|
- synchronize
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
shellcheck:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- name: Run ShellCheck
|
|
uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master (2024-06-20)
|
|
with:
|
|
ignore_paths: "**/vendor/**"
|