Update formatting/permissions/triggers for GH Actions

.github/workflows/ci-go.yml

@@ -7,33 +7,42 @@ on:
     branches:
       - master
   pull_request:
+
 permissions:
   contents: read
 
 jobs:
   ci-from-docker:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: build from buildah
-        uses: redhat-actions/buildah-build@v2
-        with:
-          image: test-image
-          tags: ${{ github.sha }}
-          context: .
-          containerfiles: ./Dockerfile.ci
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Build from buildah
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: test-image
+        tags: ${{ github.sha }}
+        context: .
+        containerfiles: ./Dockerfile.ci
+
   vendor-check:
     runs-on: ubuntu-latest
     steps:
-      - run: |
-          sudo apt-get update
-          sudo apt-get install libgpgme-dev libgpgme11
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.18
-      - uses: actions/checkout@v3
-      - run: |
-          go mod vendor
-          go mod tidy -compat=1.18
-          hack/ci-utils/isClean.sh
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install libbtrfs-dev libgpgme-dev libdevmapper-dev
+
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.18
+
+    - run: |
+        go mod vendor
+        go mod tidy -compat=1.18
+        hack/ci-utils/isClean.sh

.github/workflows/codeql-analysis.yml

@@ -7,19 +7,18 @@ on:
     branches:
       - master
   pull_request:
-    branches:
-      - master
   schedule:
     - cron: '20 0 * * 6'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ${{ matrix.runs-on }}
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
 
     strategy:
       fail-fast: false
@@ -58,3 +57,5 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/golint.yml

@@ -1,58 +1,55 @@
 name: golang-lint
+
 on:
   push:
     tags:
       - v*
     branches:
       - master
-      - main
   pull_request:
+
 permissions:
   contents: read
-  # Optional: allow read access to pull request. Use with `only-new-issues` option.
-  # pull-requests: read
+
 jobs:
   golangci:
     name: golangci-lint
     runs-on: ubuntu-latest
     steps:
-      - run: |
-          sudo apt-get update
-          sudo apt-get install libgpgme-dev libgpgme11
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.18
-      - uses: actions/checkout@v3
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.49.0
-          args: -v --timeout 15m
-          # Optional: working directory, useful for monorepos
-          #working-directory: pkg
-
-          # Optional: golangci-lint command line arguments.
-          #args: -c .golangci.yml
-
-          # Optional: show only new issues if it's a pull request. The default value is `false`.
-          # only-new-issues: true
-
-          # Optional: if set to true then the all caching functionality will be complete disabled,
-          #           takes precedence over all other caching options.
-          # skip-cache: true
-
-          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
-          # skip-pkg-cache: true
-
-          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
-          # skip-build-cache: true
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install libbtrfs-dev libgpgme-dev libdevmapper-dev
+
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.18
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v3
+      with:
+        version: v1.49.0
+        args: -v --timeout 15m
+
   validate-go:
     name: validate-go
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.18
-      - uses: actions/checkout@v3
-      - run: make validate-go-action
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install libbtrfs-dev libgpgme-dev libdevmapper-dev
+
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.18
+
+    - run: make validate-go-action

.github/workflows/maintenance.yml

@@ -1,10 +1,15 @@
 name: Maintenance
+
 on:
   push:
   pull_request_target:
     types:
     - synchronize
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   main:
     runs-on: ubuntu-latest

.github/workflows/npm-audit.yml

@@ -1,41 +1,48 @@
 name: node-lint
+
 on:
   push:
     tags:
       - v*
     branches:
       - master
-      - main
   pull_request:
+
 permissions:
   contents: read
+
 jobs:
   npm-audit-portal-v2:
     name: npm-audit-portal-v2
     runs-on: ubuntu-latest
     steps:
-      - name: setup Node.JS
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16.16.0
-      - name: Checkout Code
-        uses: actions/checkout@v3
-      - name: Run NPM Audit
-        run: bash ${GITHUB_WORKSPACE}/hack/github-actions/npm_audit.sh
-        shell: bash
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: setup Node.JS
+      uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
+    - name: Run NPM Audit
+      run: bash ${GITHUB_WORKSPACE}/hack/github-actions/npm_audit.sh
+      shell: bash
+
   npm-build-check:
     name: npm-build-check
     runs-on: ubuntu-latest
     steps:
-      - name: setup Node.JS
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16.16.0
-      - name: Checkout Code
-        uses: actions/checkout@v3
-      - name: Run NPM Build
-        working-directory: ./portal/v2
-        run: |
-          npm ci
-          npm run build
-          ../../hack/ci-utils/isClean.sh
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: setup Node.JS
+      uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
+    - name: Run NPM Build
+      working-directory: ./portal/v2
+      run: |
+        npm ci
+        npm run build
+        ../../hack/ci-utils/isClean.sh

.github/workflows/release-note.yml

@@ -1,8 +1,10 @@
 name: release-note
+
 on:
   push:
     tags:
       - v*
+
 permissions:
   contents: write
 
@@ -11,19 +13,21 @@ jobs:
     name: Create Release
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.ref }}
-          fetch-depth: 0
-          # ref and fetch-depth: 0 are required to retrieve tag annotations.
-          # (see https://github.com/actions/runner-images/issues/1717)
-      - name: Generate Changelog
-        run: ./.github/generate_release_note.sh ${{ github.workspace }}/CHANGELOG.txt
-      - name: Release
-        uses: softprops/action-gh-release@v1
-        with:
-          body_path: ${{ github.workspace }}/CHANGELOG.txt
-          name: Release ${{ github.ref_name }}
-          draft: false
-          prerelease: false
+    - name: Checkout repository
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ github.ref }}
+        fetch-depth: 0
+        # ref and fetch-depth: 0 are required to retrieve tag annotations.
+        # (see https://github.com/actions/runner-images/issues/1717)
+
+    - name: Generate Changelog
+      run: ./.github/generate_release_note.sh ${{ github.workspace }}/CHANGELOG.txt
+
+    - name: Release
+      uses: softprops/action-gh-release@v1
+      with:
+        body_path: ${{ github.workspace }}/CHANGELOG.txt
+        name: Release ${{ github.ref_name }}
+        draft: false
+        prerelease: false

.github/workflows/yamllint.yml

@@ -11,7 +11,8 @@ jobs:
     name: mega-linter-yaml
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout Code
-        uses: actions/checkout@v3
-      - name: yamllint
-        uses: oxsecurity/megalinter/flavors/ci_light@v6
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: yamllint
+      uses: oxsecurity/megalinter/flavors/ci_light@v6