Skip to content

Add context to workflow run in Trivy #2414

Add context to workflow run in Trivy

Add context to workflow run in Trivy #2414

Workflow file for this run

###############################################################################
# _ _ _ _ _____ _
# | | | | | | | | | __ \(_)
# | | ___ | |__ _ __ | |_| |__ ___ | |__) |_ _ __ _ __ ___ _ __
# _ | |/ _ \| '_ \| '_ \ | __| '_ \ / _ \ | _ /| | '_ \| '_ \ / _ \ '__|
# | |__| | (_) | | | | | | | | |_| | | | __/ | | \ \| | |_) | |_) | __/ |
# \____/ \___/|_| |_|_| |_| \__|_| |_|\___| |_| \_\_| .__/| .__/ \___|_|
# | | | |
# |_| |_|
#
# Copyright (c) 2024 Claudio André <dev at claudioandre.slmail.me>
#
# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, as expressed in version 2, seen at
# http://www.gnu.org/licenses/gpl-2.0.html
###############################################################################
# GitHub Action to run spell check on project
# More info at https://github.com/openwall/john-packages
---
name: Spelling
"on":
pull_request_target:
push:
branches-ignore: [main]
permissions:
contents: read
jobs:
spelling:
name: spelling
permissions:
pull-requests: read
actions: read
security-events: write
outputs:
followup: ${{ steps.spelling.outputs.followup }}
runs-on: ubuntu-latest
if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }}
concurrency:
group: spelling-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
azure.archive.ubuntu.com:80
github.com:443
raw.githubusercontent.com:443
- name: check-spelling
id: spelling
uses: check-spelling/check-spelling@b365ac888c4713bf3a082b07b342feed0f3438fe # main
with:
suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && 1 }}
checkout: true
check_file_names: 1
spell_check_this: check-spelling/spell-check-this@prerelease
post_comment: 0
use_magic_file: 1
experimental_apply_changes_via_bot: 1
use_sarif: 1
extra_dictionary_limit: 20
extra_dictionaries: cspell:software-terms/dict/softwareTerms.txt
cspell:cpp/src/stdlib-c.txt
cspell:docker/src/docker-words.txt
cspell:shell/dict/shell-all-words.txt
comment-push:
name: Report (Push)
runs-on: ubuntu-latest
needs: spelling
permissions:
contents: write
if: (success() || failure()) && needs.spelling.outputs.followup && github.event_name == 'push'
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
archive.ubuntu.com:80
azure.archive.ubuntu.com:80
esm.ubuntu.com:443
esm.ubuntu.com:80
github.com:443
motd.ubuntu.com:80
raw.githubusercontent.com:443
security.ubuntu.com:80
- name: comment
uses: check-spelling/check-spelling@b365ac888c4713bf3a082b07b342feed0f3438fe # main
with:
checkout: true
spell_check_this: check-spelling/spell-check-this@prerelease
task: ${{ needs.spelling.outputs.followup }}
comment-pr:
name: Report (PR)
runs-on: ubuntu-latest
needs: spelling
permissions:
pull-requests: write
if: (success() || failure()) && needs.spelling.outputs.followup && contains(github.event_name, 'pull_request')
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
archive.ubuntu.com:80
azure.archive.ubuntu.com:80
esm.ubuntu.com:443
esm.ubuntu.com:80
github.com:443
motd.ubuntu.com:80
raw.githubusercontent.com:443
security.ubuntu.com:80
- name: comment
uses: check-spelling/check-spelling@b365ac888c4713bf3a082b07b342feed0f3438fe # main
with:
checkout: true
spell_check_this: check-spelling/spell-check-this@prerelease
task: ${{ needs.spelling.outputs.followup }}