155c9a2070
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
35 lines
908 B
YAML
35 lines
908 B
YAML
name: Lint
|
|
|
|
on: [pull_request]
|
|
|
|
concurrency:
|
|
group: lint-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
lint:
|
|
permissions:
|
|
contents: read # for actions/checkout to fetch code
|
|
statuses: write # for github/super-linter to mark status of each linter run
|
|
name: Lint
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- run: mkdir super-linter.report
|
|
- name: Lint
|
|
uses: github/super-linter@v4
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
VALIDATE_ALL_CODEBASE: false
|
|
VALIDATE_PYTHON_BLACK: true
|
|
VALIDATE_PYTHON_FLAKE8: true
|
|
PYTHON_FLAKE8_CONFIG_FILE: setup.cfg
|
|
VALIDATE_PYTHON_ISORT: true
|
|
PYTHON_ISORT_CONFIG_FILE: setup.cfg
|
|
VALIDATE_YAML: true
|