diff --git a/.github/labels.yml b/.github/labels.yml deleted file mode 100644 index ff8ca8d..0000000 --- a/.github/labels.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -- name: "breaking-change" - color: ee0701 - description: "A breaking change for existing users." -- name: "bugfix" - color: ee0701 - description: "Inconsistencies or issues which will cause a problem for users or implementors." -- name: "documentation" - color: 0052cc - description: "Solely about the documentation of the project." -- name: "enhancement" - color: 1d76db - description: "Enhancement of the code, not introducing new features." -- name: "refactor" - color: 1d76db - description: "Improvement of existing code, not introducing new features." -- name: "performance" - color: 1d76db - description: "Improving performance, not introducing new features." -- name: "new-feature" - color: 0e8a16 - description: "New features or options." -- name: "maintenance" - color: 2af79e - description: "Generic maintenance tasks." -- name: "ci" - color: 1d76db - description: "Work that improves the continue integration." -- name: "dependencies" - color: 1d76db - description: "Upgrade or downgrade of project dependencies." - -- name: "in-progress" - color: fbca04 - description: "Issue is currently being resolved by a developer." -- name: "stale" - color: fef2c0 - description: "There has not been activity on this issue or PR for quite some time." -- name: "no-stale" - color: fef2c0 - description: "This issue or PR is exempted from the stable bot." - -- name: "security" - color: ee0701 - description: "Marks a security issue that needs to be resolved asap." -- name: "incomplete" - color: fef2c0 - description: "Marks a PR or issue that is missing information." -- name: "invalid" - color: fef2c0 - description: "Marks a PR or issue that is missing information." - -- name: "beginner-friendly" - color: 0e8a16 - description: "Good first issue for people wanting to contribute to the project." -- name: "help-wanted" - color: 0e8a16 - description: "We need some extra helping hands or expertise in order to resolve this." - -- name: "priority-critical" - color: ee0701 - description: "This should be dealt with ASAP. Not fixing this issue would be a serious error." -- name: "priority-high" - color: b60205 - description: "After critical issues are fixed, these should be dealt with before any further issues." -- name: "priority-medium" - color: 0e8a16 - description: "This issue may be useful, and needs some attention." -- name: "priority-low" - color: e4ea8a - description: "Nice addition, maybe... someday..." - -- name: "major" - color: b60205 - description: "This PR causes a major version bump in the version number." -- name: "minor" - color: 0e8a16 - description: "This PR causes a minor version bump in the version number." diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml index 0f7fb09..e3a8009 100644 --- a/.github/workflows/functional-tests.yml +++ b/.github/workflows/functional-tests.yml @@ -24,6 +24,14 @@ jobs: - name: Checkout ${{ github.repository }} uses: actions/checkout@v4 - name: Setup Kitten + id: setup-kitten + continue-on-error: true uses: ./ - name: Run script + if: ${{ steps.setup-kitten.outcome == 'success' }} run: kitten ./hello-world.ktn + - name: Validate outcome + run: | + if [ "${RUNNER_OS}" != "macOS" ] && [ "${{ steps.setup-kitten.outcome }}" = "failure" ]; then + exit 1 + fi diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e3fab91..88c77ed 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,29 +7,6 @@ on: # yamllint disable-line rule:truthy - "v*.*.*" jobs: - create-release: - name: Create release - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Get changelog - id: changelog - uses: simbo/changes-since-last-release-action@v1 - - name: Create release - uses: softprops/action-gh-release@v2 - with: - tag_name: ${{ github.ref }} - name: ${{ github.ref_name }} - token: ${{ secrets.GITHUB_TOKEN }} - body: | - # Changelog - - ${{ steps.changelog.outputs.log }} - draft: false - prerelease: false - - name: Bump tags - uses: fischerscode/tagger@v0 - with: - prefix: v + github: + name: GitHub + uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index c56f0ac..debd32b 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -7,45 +7,10 @@ on: # yamllint disable-line rule:truthy branches: - main -defaults: - run: - shell: sh - jobs: - code-scanning: - name: Code scanning - runs-on: ubuntu-latest - steps: - - name: Checkout ${{ github.repository }} - uses: actions/checkout@v4 - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: "javascript" - - name: Perform CodeQL Analysis - id: codeql-analysis - uses: github/codeql-action/analyze@v3 - - name: Upload to GHAS - if: always() - uses: github/codeql-action/upload-sarif@v3 - with: - category: "code-scanning" - sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}" - directory-scanning: - name: Directory scanning - runs-on: ubuntu-latest - steps: - - name: Checkout ${{ github.repository }} - uses: actions/checkout@v4 - - name: Scan current project - id: scan-directory - uses: anchore/scan-action@v3 - with: - by-cve: "true" - path: "." - - name: Upload to GHAS - if: always() - uses: github/codeql-action/upload-sarif@v3 - with: - category: "directory-scanning" - sarif_file: "${{ steps.scan-directory.outputs.sarif }}" + sast: + name: SAST + permissions: + contents: read + security-events: write + uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 4d4af1f..42caa8b 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -1,23 +1,13 @@ --- -name: Sync labels +name: Labels on: # yamllint disable-line rule:truthy push: branches: - main - paths: - - .github/labels.yml - - .github/workflows/sync-labels.yml - workflow_dispatch: + workflow_dispatch: {} jobs: - sync-labels: - name: Sync labels - runs-on: ubuntu-latest - steps: - - name: Checkout ${{ github.repository }} - uses: actions/checkout@v4 - - name: Run Label Syncer - uses: micnncim/action-label-syncer@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + maintenance: + name: Maintenance + uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main diff --git a/.github/workflows/update-license.yml b/.github/workflows/update-license.yml index 58ee64a..77df7c0 100644 --- a/.github/workflows/update-license.yml +++ b/.github/workflows/update-license.yml @@ -1,28 +1,11 @@ --- -name: Update license +name: License on: # yamllint disable-line rule:truthy schedule: - cron: "0 5 1 1 *" jobs: - run: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: FantasticFiasco/action-update-license-year@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - assignees: ${{ github.repository_owner }} - labels: enhancement - prTitle: Update license copyright year to {{currentYear}} - prBody: | - ## Changelog - - - Update license copyright year to {{currentYear}} - - --- - - Powered by [FantasticFiasco/action-update-license-year](https://github.com/FantasticFiasco/action-update-license-year) + maintenance: + name: Maintenance + uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 370387c..e300677 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,16 +5,16 @@ minimum_pre_commit_version: 2.18.0 repos: # Security - repo: https://github.com/Yelp/detect-secrets - rev: v1.4.0 + rev: v1.5.0 hooks: - id: detect-secrets - repo: https://github.com/gitleaks/gitleaks - rev: v8.18.2 + rev: v8.18.4 hooks: - id: gitleaks # Markdown - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.39.0 + rev: v0.41.0 hooks: - id: markdownlint-fix stages: ["commit"] @@ -26,11 +26,11 @@ repos: stages: ["push"] # GitHub Actions - repo: https://github.com/rhysd/actionlint - rev: v1.6.27 + rev: v1.7.1 hooks: - id: actionlint args: ["-pyflakes="] - stages: ["push"] + stages: ["commit"] # Other - repo: https://github.com/pre-commit/mirrors-prettier rev: v3.1.0 @@ -40,6 +40,10 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.6.0 hooks: + - id: check-executables-have-shebangs + stages: ["commit"] + - id: check-shebang-scripts-are-executable + stages: ["commit"] - id: check-merge-conflict - id: check-json stages: ["push"] diff --git a/README.md b/README.md index 479d59b..f619464 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,9 @@ This action sets up a [Kitten](http://kittenlang.org/). ## Prerequisites -The following tools have to be installed for successful work of this GitHub action: -[git](https://git-scm.com), [stack](https://docs.haskellstack.org/en/stable). +None. + +> `macOS` is not supported at this moment ## Example usage diff --git a/action.yml b/action.yml index b15f16e..721c881 100644 --- a/action.yml +++ b/action.yml @@ -8,39 +8,45 @@ branding: runs: using: "composite" steps: + - name: Fail + if: ${{ runner.os == 'macOS' }} + run: echo "::error::${RUNNER_OS} ${RUNNER_ARCH} is not supported" && exit 1 + shell: sh - name: Collect info id: info run: | - KITTEN_EXEC_NAME=kitten + kitten_exec_name=kitten if [ "${RUNNER_OS}" = "Windows" ]; then - KITTEN_EXEC_NAME="${KITTEN_EXEC_NAME}.exe" + kitten_exec_name="${kitten_exec_name}.exe" fi - echo "KITTEN_EXEC_NAME=${KITTEN_EXEC_NAME}" >> "$GITHUB_OUTPUT" - KITTEN_INSTALLED=$(if command -v "${KITTEN_EXEC_NAME}" >/dev/null 2>&1; then echo true; else echo false; fi) - echo "KITTEN_INSTALLED=$KITTEN_INSTALLED" >> "$GITHUB_OUTPUT" - mkdir -p "$RUNNER_TEMP/kitten" - echo "KITTEN_PATH=${RUNNER_TEMP}/kitten" >> "$GITHUB_OUTPUT" + echo "kitten-exec-name=${kitten_exec_name}" >> "$GITHUB_OUTPUT" + kitten_installed=$(if command -v "${kitten_exec_name}" >/dev/null 2>&1; then echo true; else echo false; fi) + echo "kitten-installed=${kitten_installed}" >> "$GITHUB_OUTPUT" + stack_installed=$(if command -v stack >/dev/null 2>&1; then echo true; else echo false; fi) + echo "stack-installed=${stack_installed}" >> "$GITHUB_OUTPUT" shell: sh - - name: Clone Kitten repository - if: ${{ steps.info.outputs.KITTEN_INSTALLED == 'false' }} - env: - KITTEN_VERSION: 2bbc264d7f05c4a7d7b35d06773d1ab2f0623193 # pragma: allowlist secret - run: | - git clone https://github.com/evincarofautumn/kitten.git "${{ steps.info.outputs.KITTEN_PATH }}" - git reset --hard "${KITTEN_VERSION}" + - name: Setup Stack + if: ${{ steps.info.outputs.stack-installed == 'false' }} + run: curl -sSL https://get.haskellstack.org/ | sh shell: sh - working-directory: ${{ steps.info.outputs.KITTEN_PATH }} + - name: Clone Kitten repository + if: ${{ steps.info.outputs.kitten-installed == 'false' }} + uses: actions/checkout@v4 + with: + repository: "evincarofautumn/kitten" + ref: "2bbc264d7f05c4a7d7b35d06773d1ab2f0623193" # pragma: allowlist secret + path: "kitten-repo" - name: Build Kitten - if: ${{ steps.info.outputs.KITTEN_INSTALLED == 'false' }} + if: ${{ steps.info.outputs.kitten-installed == 'false' }} run: | stack setup --stack-yaml stack.yaml stack build --stack-yaml stack.yaml shell: sh - working-directory: ${{ steps.info.outputs.KITTEN_PATH }} + working-directory: kitten-repo - name: Add Kitten to PATH - if: ${{ steps.info.outputs.KITTEN_INSTALLED == 'false' }} + if: ${{ steps.info.outputs.kitten-installed == 'false' }} run: | - exe_path=$(find "${{ steps.info.outputs.KITTEN_PATH }}/.stack-work/install" -name "${{ steps.info.outputs.KITTEN_EXEC_NAME }}") + exe_path=$(find "${GITHUB_WORKSPACE}/kitten-repo/.stack-work/install" -name "${{ steps.info.outputs.kitten-exec-name }}") bin_path=$(dirname "${exe_path}") echo "${bin_path}" >> "$GITHUB_PATH" shell: sh