Skip to content

chore(deps): bump github/codeql-action from 3.26.10 to 3.27.7 #444

chore(deps): bump github/codeql-action from 3.26.10 to 3.27.7

chore(deps): bump github/codeql-action from 3.26.10 to 3.27.7 #444

Workflow file for this run

---
name: "Lint: YAML"
concurrency:
group: lint-yaml-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
"on":
## Check YAML on merge queue insertion
merge_group: {}
## Check on release
release:
types: [created]
## Check on push to `main` if modified
push:
branches:
- main
paths:
- ".github/workflows/*.yaml"
- ".github/workflows/*.yml"
- ".bazelci/presubmit.yml"
- ".bcr/*.yml"
## Check each PR change against `main`
pull_request:
paths:
- ".github/workflows/*.yaml"
- ".github/workflows/*.yml"
- ".bazelci/presubmit.yml"
- ".bcr/*.yml"
permissions:
contents: read
jobs:
## Task: Lint workflows via Actionlint
lint-workflows:
name: "Lint: Workflows"
uses: elide-dev/build-infra/.github/workflows/check.actions-lint.ci.yml@ae4a1343b5e45ea1e2133f0105863058a1d0527c
permissions:
checks: write
pull-requests: read
id-token: write
contents: read
## Task: Lint Bazel Central Registry config files
lint-bcr-yaml:
name: "Lint: BCR"
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
checks: "write"
pull-requests: "read"
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
- name: "Setup: Checkout"
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: "Lint: YAML"
uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
with:
yamllint_file_or_dir: ".bcr"
yamllint_config_filepath: "./.github/.yamllint.yml"
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
## Task: Lint Bazel CI config files
lint-bazelci-yaml:
name: "Lint: Bazel CI"
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
checks: "write"
pull-requests: "read"
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
- name: "Setup: Checkout"
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: "Lint: YAML"
uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
with:
yamllint_file_or_dir: ".bazelci"
yamllint_config_filepath: "./.github/.yamllint.yml"
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}