diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..34902e5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + actions: + patterns: + - "*" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 51ace69..5961c17 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -27,16 +27,14 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: ${{ matrix.language }} - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 13791ce..79fc795 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -3,21 +3,28 @@ name: Linting on: [pull_request] +permissions: + contents: read + jobs: flake8: name: flake8 runs-on: ubuntu-latest + permissions: + checks: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python 3 - uses: actions/setup-python@v3 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 - name: Install flake8 run: pip3 install flake8 - name: Set up reviewdog - uses: reviewdog/action-setup@v1 + uses: reviewdog/action-setup@3f401fe1d58fe77e10d665ab713057375e39b887 # v1.3.9 - name: Run flake8 env: @@ -31,12 +38,31 @@ jobs: ansible: name: Ansible Lint runs-on: ubuntu-latest - + permissions: + checks: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python 3 - uses: actions/setup-python@v3 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 - name: ansible-lint - uses: reviewdog/action-ansiblelint@v1 + uses: reviewdog/action-ansiblelint@281c57acb22e30c7db4fc84bbe30d86dc5b24234 # v1.16.0 + + yamllint: + name: YAML Lint + runs-on: ubuntu-latest + permissions: + checks: write + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: Set up Python 3 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + + - name: yamllint + uses: reviewdog/action-yamllint@1dca3ad811867be18fbe293a9818d715a6c2cd46 # v1.20.0 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ce4018f..6a7a305 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -5,15 +5,19 @@ on: [push, pull_request] jobs: webhook: + permissions: + contents: read runs-on: ubuntu-latest strategy: matrix: python-version: ["3.11", "3.12"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Install Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: ${{ matrix.python-version }} diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..2be81b2 --- /dev/null +++ b/.yamllint @@ -0,0 +1,9 @@ +--- +extends: default + +rules: + line-length: + max: 120 + allow-non-breakable-words: true + truthy: + check-keys: false