From 56032f2ce9969413f1a1a5c7a33b8027a63868d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jul 2024 22:50:42 +0900
Subject: [PATCH] Bump robinraju/release-downloader from 1.10 to 1.11 (#116)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps
[robinraju/release-downloader](https://github.com/robinraju/release-downloader)
from 1.10 to 1.11.
Release notes
Sourced from robinraju/release-downloader's
releases.
Release Downloader v1.11
What's Changed
Full Changelog: https://github.com/robinraju/release-downloader/compare/v1.10...v1.11
Commits
a96f54c
Bump typed-rest-client from 1.8.11 to 2.0.1 (#744)821aec8
Bump tar from 7.1.0 to 7.4.0 (#741)8e9e67a
Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group (#737)a3cbfc1
Bump the npm-development group across 1 directory with 7 updates (#742)2c0dbf1
Bump tar from 7.0.1 to 7.1.0 (#727)8ecfadf
Bump the npm-development group across 1 directory with 4 updates (#730)8d13112
Bump the npm-development group with 3 updates (#725)8e6a4e0
Bump @types/tar from 6.1.12 to 6.1.13 in the
npm-development group (#724)6c76fdd
Update project config and dependencies (#723)cb096d8
Fix No assets found in release error (#722)- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
---------
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: fabasoad
---
.github/labels.yml | 78 ----------------------------
.github/workflows/release.yml | 32 ++----------
.github/workflows/security.yml | 47 +++--------------
.github/workflows/sync-labels.yml | 18 ++-----
.github/workflows/update-license.yml | 29 ++---------
.pre-commit-config.yaml | 17 ++++--
README.md | 18 +++----
action.yml | 2 +-
src/collect-info.sh | 44 +++++++++-------
9 files changed, 65 insertions(+), 220 deletions(-)
delete mode 100644 .github/labels.yml
diff --git a/.github/labels.yml b/.github/labels.yml
deleted file mode 100644
index ff8ca8d..0000000
--- a/.github/labels.yml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-- name: "breaking-change"
- color: ee0701
- description: "A breaking change for existing users."
-- name: "bugfix"
- color: ee0701
- description: "Inconsistencies or issues which will cause a problem for users or implementors."
-- name: "documentation"
- color: 0052cc
- description: "Solely about the documentation of the project."
-- name: "enhancement"
- color: 1d76db
- description: "Enhancement of the code, not introducing new features."
-- name: "refactor"
- color: 1d76db
- description: "Improvement of existing code, not introducing new features."
-- name: "performance"
- color: 1d76db
- description: "Improving performance, not introducing new features."
-- name: "new-feature"
- color: 0e8a16
- description: "New features or options."
-- name: "maintenance"
- color: 2af79e
- description: "Generic maintenance tasks."
-- name: "ci"
- color: 1d76db
- description: "Work that improves the continue integration."
-- name: "dependencies"
- color: 1d76db
- description: "Upgrade or downgrade of project dependencies."
-
-- name: "in-progress"
- color: fbca04
- description: "Issue is currently being resolved by a developer."
-- name: "stale"
- color: fef2c0
- description: "There has not been activity on this issue or PR for quite some time."
-- name: "no-stale"
- color: fef2c0
- description: "This issue or PR is exempted from the stable bot."
-
-- name: "security"
- color: ee0701
- description: "Marks a security issue that needs to be resolved asap."
-- name: "incomplete"
- color: fef2c0
- description: "Marks a PR or issue that is missing information."
-- name: "invalid"
- color: fef2c0
- description: "Marks a PR or issue that is missing information."
-
-- name: "beginner-friendly"
- color: 0e8a16
- description: "Good first issue for people wanting to contribute to the project."
-- name: "help-wanted"
- color: 0e8a16
- description: "We need some extra helping hands or expertise in order to resolve this."
-
-- name: "priority-critical"
- color: ee0701
- description: "This should be dealt with ASAP. Not fixing this issue would be a serious error."
-- name: "priority-high"
- color: b60205
- description: "After critical issues are fixed, these should be dealt with before any further issues."
-- name: "priority-medium"
- color: 0e8a16
- description: "This issue may be useful, and needs some attention."
-- name: "priority-low"
- color: e4ea8a
- description: "Nice addition, maybe... someday..."
-
-- name: "major"
- color: b60205
- description: "This PR causes a major version bump in the version number."
-- name: "minor"
- color: 0e8a16
- description: "This PR causes a minor version bump in the version number."
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a280728..88c77ed 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,36 +1,12 @@
---
name: Release
-on:
+on: # yamllint disable-line rule:truthy
push:
tags:
- "v*.*.*"
jobs:
- create-release:
- name: Create release
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- with:
- fetch-depth: 0
- - name: Get changelog
- id: changelog
- uses: simbo/changes-since-last-release-action@v1
- - name: Create release
- uses: softprops/action-gh-release@v2
- with:
- tag_name: ${{ github.ref }}
- name: ${{ github.ref_name }}
- token: ${{ secrets.GITHUB_TOKEN }}
- body: |
- # Changelog
-
- ${{ steps.changelog.outputs.log }}
- draft: false
- prerelease: false
- - name: Bump tags
- uses: fischerscode/tagger@v0
- with:
- prefix: v
+ github:
+ name: GitHub
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index c56f0ac..debd32b 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -7,45 +7,10 @@ on: # yamllint disable-line rule:truthy
branches:
- main
-defaults:
- run:
- shell: sh
-
jobs:
- code-scanning:
- name: Code scanning
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v3
- with:
- languages: "javascript"
- - name: Perform CodeQL Analysis
- id: codeql-analysis
- uses: github/codeql-action/analyze@v3
- - name: Upload to GHAS
- if: always()
- uses: github/codeql-action/upload-sarif@v3
- with:
- category: "code-scanning"
- sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
- directory-scanning:
- name: Directory scanning
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- - name: Scan current project
- id: scan-directory
- uses: anchore/scan-action@v3
- with:
- by-cve: "true"
- path: "."
- - name: Upload to GHAS
- if: always()
- uses: github/codeql-action/upload-sarif@v3
- with:
- category: "directory-scanning"
- sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
+ sast:
+ name: SAST
+ permissions:
+ contents: read
+ security-events: write
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
index daed082..42caa8b 100644
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -1,23 +1,13 @@
---
-name: Sync labels
+name: Labels
on: # yamllint disable-line rule:truthy
push:
branches:
- main
- paths:
- - .github/labels.yml
- - .github/workflows/sync-labels.yml
workflow_dispatch: {}
jobs:
- sync-labels:
- name: Sync labels
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- - name: Run Label Syncer
- uses: micnncim/action-label-syncer@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ maintenance:
+ name: Maintenance
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main
diff --git a/.github/workflows/update-license.yml b/.github/workflows/update-license.yml
index 3d9e986..77df7c0 100644
--- a/.github/workflows/update-license.yml
+++ b/.github/workflows/update-license.yml
@@ -1,30 +1,11 @@
---
-name: Update license
+name: License
-on:
+on: # yamllint disable-line rule:truthy
schedule:
- cron: "0 5 1 1 *"
jobs:
- run:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout ${{ github.repository }}
- uses: actions/checkout@v4
- with:
- fetch-depth: 0
- - name: Update LICENSE file
- uses: FantasticFiasco/action-update-license-year@v3
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- assignees: ${{ github.repository_owner }}
- labels: enhancement
- prTitle: Update license copyright year to {{currentYear}}
- prBody: |
- ## Changelog
-
- - Update license copyright year to {{currentYear}}
-
- ---
-
- Powered by [FantasticFiasco/action-update-license-year](https://github.com/FantasticFiasco/action-update-license-year)
+ maintenance:
+ name: Maintenance
+ uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 35c3cb8..c1bfb65 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,7 +1,6 @@
---
default_install_hook_types: ["pre-commit", "pre-push"]
default_stages: ["commit", "push"]
-exclude: ^\.gitleaks\.toml$
minimum_pre_commit_version: 2.18.0
repos:
# Security
@@ -10,12 +9,20 @@ repos:
hooks:
- id: detect-secrets
- repo: https://github.com/gitleaks/gitleaks
- rev: v8.18.2
+ rev: v8.18.4
hooks:
- id: gitleaks
+ - repo: https://github.com/fabasoad/pre-commit-grype
+ rev: v0.3.1
+ hooks:
+ - id: grype-dir
+ stages: ["push"]
+ args:
+ - --grype-args=--by-cve --fail-on=low
+ - --hook-args=--log-level debug
# Markdown
- repo: https://github.com/igorshubovych/markdownlint-cli
- rev: v0.40.0
+ rev: v0.41.0
hooks:
- id: markdownlint-fix
stages: ["commit"]
@@ -27,11 +34,11 @@ repos:
stages: ["push"]
# GitHub Actions
- repo: https://github.com/rhysd/actionlint
- rev: v1.7.0
+ rev: v1.7.1
hooks:
- id: actionlint
args: ["-pyflakes="]
- stages: ["push"]
+ stages: ["commit"]
# Other
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v3.1.0
diff --git a/README.md b/README.md
index d14bb55..6580bc9 100644
--- a/README.md
+++ b/README.md
@@ -11,13 +11,13 @@ This action sets up a [Mint](https://www.mint-lang.com/) programming language.
## Supported OS
-| OS | Arch | |
-|---------|--------|--------------------|
-| Windows | All | :x: |
-| Linux | x86_84 | :white_check_mark: |
-| Linux | arm | :x: |
-| macOS | x86_84 | :white_check_mark: |
-| macOS | arm | :x: |
+| OS | Arch | |
+|---------|--------|---------------------------------|
+| Windows | All | :x: |
+| Linux | x86_84 | :white_check_mark: |
+| Linux | arm | :x: |
+| macOS | x86_84 | :white_check_mark: |
+| macOS | arm | :white_check_mark: `(> 0.19.x)` |
## Prerequisites
@@ -46,8 +46,8 @@ jobs:
name: Setup
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@main
- - uses: fabasoad/setup-mint-action@main
+ - uses: actions/checkout@v4
+ - uses: fabasoad/setup-mint-action@v1
- name: Run script
run: mint init test-project
```
diff --git a/action.yml b/action.yml
index 7492209..ed42729 100644
--- a/action.yml
+++ b/action.yml
@@ -30,7 +30,7 @@ runs:
working-directory: "${{ github.action_path }}/src"
- name: Download
if: ${{ steps.info.outputs.MINT_INSTALLED == 'false' }}
- uses: robinraju/release-downloader@v1.10
+ uses: robinraju/release-downloader@v1.11
with:
repository: mint-lang/mint
latest: false
diff --git a/src/collect-info.sh b/src/collect-info.sh
index 7c8bfda..fe8e285 100755
--- a/src/collect-info.sh
+++ b/src/collect-info.sh
@@ -13,27 +13,31 @@ if_old_version() {
fi
}
-echo "MINT_INSTALLED=$(if command -v mint >/dev/null 2>&1; then echo true; else echo false; fi)" >> "$GITHUB_OUTPUT"
-mkdir -p "$GITHUB_WORKSPACE/mint"
-echo "MINT_PATH=$GITHUB_WORKSPACE/mint" >> "$GITHUB_OUTPUT"
-if [ "${RUNNER_OS}" = "Linux" ]; then
- MINT_BINARY=mint-${INPUT_VERSION}-linux
-else
- if [ "${RUNNER_ARCH#ARM}" != "$RUNNER_ARCH" ]; then
- if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
- msg="${RUNNER_OS} ${RUNNER_ARCH} is not supported by mint ${INPUT_VERSION}."
- msg="${msg} Try newer version of mint (> 0.19.x)."
- echo "::error title=OS is not supported::${msg}"
- exit 1
- else
- MINT_BINARY=mint-${INPUT_VERSION}-macos-latest
- fi
+main() {
+ echo "MINT_INSTALLED=$(if command -v mint >/dev/null 2>&1; then echo true; else echo false; fi)" >> "$GITHUB_OUTPUT"
+ mkdir -p "$GITHUB_WORKSPACE/mint"
+ echo "MINT_PATH=$GITHUB_WORKSPACE/mint" >> "$GITHUB_OUTPUT"
+ if [ "${RUNNER_OS}" = "Linux" ]; then
+ MINT_BINARY=mint-${INPUT_VERSION}-linux
else
- if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
- MINT_BINARY=mint-${INPUT_VERSION}-osx
+ if [ "${RUNNER_ARCH#ARM}" != "$RUNNER_ARCH" ]; then
+ if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
+ msg="${RUNNER_OS} ${RUNNER_ARCH} is not supported by mint ${INPUT_VERSION}."
+ msg="${msg} Try newer version of mint (> 0.19.x)."
+ echo "::error title=OS is not supported::${msg}"
+ exit 1
+ else
+ MINT_BINARY=mint-${INPUT_VERSION}-macos-latest
+ fi
else
- MINT_BINARY=mint-${INPUT_VERSION}-macos-13
+ if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
+ MINT_BINARY=mint-${INPUT_VERSION}-osx
+ else
+ MINT_BINARY=mint-${INPUT_VERSION}-macos-13
+ fi
fi
fi
-fi
-echo "MINT_BINARY=$MINT_BINARY" >> "$GITHUB_OUTPUT"
+ echo "MINT_BINARY=$MINT_BINARY" >> "$GITHUB_OUTPUT"
+}
+
+main "$@"