mirror of
https://github.com/apache/superset.git
synced 2026-06-10 18:19:28 +00:00
7a3b8f49c7
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: hainenber <dotronghai96@gmail.com>
47 lines
1.3 KiB
YAML
47 lines
1.3 KiB
YAML
name: Validate All GitHub Actions
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- "master"
|
|
- "[0-9].[0-9]*"
|
|
pull_request:
|
|
branches:
|
|
- "**"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
# cancel previous workflow jobs for PRs
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
validate-all-ghas:
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
# Required for the zizmor action to upload its SARIF results to
|
|
# GitHub code scanning (advanced-security is enabled by default).
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
|
with:
|
|
node-version: "20"
|
|
|
|
- name: Install Dependencies
|
|
run: npm install -g @action-validator/core @action-validator/cli --save-dev
|
|
|
|
- name: Run Script
|
|
run: bash .github/workflows/github-action-validator.sh
|
|
|
|
- name: Check for security issues on GHA workflows
|
|
uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
|