meta: bump step-security/harden-runner from 2.7.1 to 2.9.0 #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linters | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, ready_for_review] | |
push: | |
branches: | |
- main | |
- v[0-9]+.x-staging | |
- v[0-9]+.x | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
PYTHON_VERSION: '3.12' | |
NODE_VERSION: lts/* | |
permissions: | |
contents: read | |
jobs: | |
lint-addon-docs: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Environment Information | |
run: npx envinfo | |
- name: Lint addon docs | |
run: NODE=$(command -v node) make lint-addon-docs | |
lint-cpp: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- name: Set up Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Environment Information | |
run: npx envinfo | |
- name: Lint C/C++ files | |
run: make lint-cpp | |
format-cpp: | |
if: ${{ github.event.pull_request && github.event.pull_request.draft == false && github.base_ref == github.event.repository.default_branch }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Set up Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Environment Information | |
run: npx envinfo | |
- name: Format C/C++ files | |
run: | | |
make format-cpp-build | |
# The `make format-cpp` error code is intentionally ignored here | |
# because it is irrelevant. We already check if the formatter produced | |
# a diff in the next line. | |
# Refs: https://github.com/nodejs/node/pull/42764 | |
CLANG_FORMAT_START="$(git merge-base HEAD refs/remotes/origin/$GITHUB_BASE_REF)" \ | |
make format-cpp || true | |
git --no-pager diff --exit-code && EXIT_CODE="$?" || EXIT_CODE="$?" | |
if [ "$EXIT_CODE" != "0" ] | |
then | |
echo | |
echo 'ERROR: Please run:' | |
echo | |
echo " CLANG_FORMAT_START="$\(git merge-base HEAD ${GITHUB_BASE_REF}\)" make format-cpp" | |
echo | |
echo 'to format the commits in your branch.' | |
exit "$EXIT_CODE" | |
fi | |
lint-js-and-md: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Environment Information | |
run: npx envinfo | |
- name: Lint JavaScript files | |
run: NODE=$(command -v node) make lint-js | |
- name: Get release version numbers | |
if: ${{ github.event.pull_request && github.event.pull_request.base.ref == github.event.pull_request.base.repo.default_branch }} | |
id: get-released-versions | |
run: ./tools/lint-md/list-released-versions-from-changelogs.mjs >> $GITHUB_OUTPUT | |
- name: Lint markdown files | |
run: | | |
echo "::add-matcher::.github/workflows/remark-lint-problem-matcher.json" | |
NODE=$(command -v node) make lint-md | |
env: | |
NODE_RELEASED_VERSIONS: ${{ steps.get-released-versions.outputs.NODE_RELEASED_VERSIONS }} | |
lint-py: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- name: Set up Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Environment Information | |
run: npx envinfo | |
- name: Lint Python | |
run: | | |
make lint-py-build | |
make lint-py | |
lint-yaml: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- name: Use Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Environment Information | |
run: npx envinfo | |
- name: Lint YAML | |
run: | | |
make lint-yaml-build || true | |
make lint-yaml | |
lint-sh: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- run: shellcheck -V | |
- name: Lint Shell scripts | |
run: tools/lint-sh.mjs . | |
lint-codeowners: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- uses: mszostok/codeowners-validator@7f3f5e28c6d7b8dfae5731e54ce2272ca384592f | |
with: | |
checks: files,duppatterns | |
lint-pr-url: | |
if: ${{ github.event.pull_request }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 2 | |
persist-credentials: false | |
# GH Actions squashes all PR commits, HEAD^ refers to the base branch. | |
- run: git diff HEAD^ HEAD -G"pr-url:" -- "*.md" | ./tools/lint-pr-url.mjs ${{ github.event.pull_request.html_url }} | |
lint-readme: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
persist-credentials: false | |
- run: tools/lint-readme-lists.mjs |