From a0cef5bb1046f1d0a87c9bc4c9f3461452be740d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Apr 2024 11:19:12 +0000 Subject: [PATCH 1/2] Bump github/super-linter from 5 to 6 Bumps [github/super-linter](https://github.com/github/super-linter) from 5 to 6. - [Release notes](https://github.com/github/super-linter/releases) - [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/super-linter/compare/v5...v6) --- updated-dependencies: - dependency-name: github/super-linter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index e8aa719..b3bf2ee 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -30,7 +30,7 @@ jobs: # list of changed files within `super-linter` fetch-depth: 0 - name: Lint Code Base - uses: github/super-linter@v5 + uses: github/super-linter@v6 env: VALIDATE_ALL_CODEBASE: false DEFAULT_BRANCH: master From 80acada7502fd3708d5d1ac800c8ced5db3c2dfa Mon Sep 17 00:00:00 2001 From: Florian Hockmann Date: Wed, 24 Apr 2024 14:55:19 +0200 Subject: [PATCH 2/2] Fix linter after updating The linter now also checks C# code for duplicates which unfortunately detects our license headers. Since I could not find a way to actually ignore our license headers, I had to disable that check. It now also checks whether a GitHub workflow has too many permissions. We should limit those in general to what is actually needed. Signed-off-by: Florian Hockmann --- .dependency_license | 1 + .github/workflows/dotnet.yml | 10 ++++++++-- .github/workflows/license.yml | 6 +++++- .github/workflows/linter.yml | 10 +++++++++- 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/.dependency_license b/.dependency_license index 7f22d2a..69a8ad9 100644 --- a/.dependency_license +++ b/.dependency_license @@ -23,3 +23,4 @@ JanusGraph.Net.sln, Apache-2.0 JanusGraph logomark color RGB.png, Apache-2.0 CONTRIBUTORS.txt, Apache-2.0 appsettings.json, Apache-2.0 +.jscpd.json, Apache-2.0 diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml index 71e16f3..a84afd0 100644 --- a/.github/workflows/dotnet.yml +++ b/.github/workflows/dotnet.yml @@ -24,13 +24,17 @@ on: types: - published +permissions: { } + env: NUGET_KEY: ${{ secrets.NUGET_KEY }} NUGET_FEED: https://api.nuget.org/v3/index.json jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@v4 @@ -55,7 +59,9 @@ jobs: deploy: needs: build if: github.event_name == 'release' - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Download Artifact diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 2653c57..43662b1 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -18,9 +18,13 @@ name: License Validation on: pull_request: { } +permissions: { } + jobs: weasel: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index b3bf2ee..0e1c991 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -19,9 +19,16 @@ on: pull_request: { } push: { } +permissions: { } + jobs: check: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest + permissions: + contents: read + packages: read + # To report GitHub Actions status checks + statuses: write steps: - name: Checkout Code uses: actions/checkout@v4 @@ -33,5 +40,6 @@ jobs: uses: github/super-linter@v6 env: VALIDATE_ALL_CODEBASE: false + VALIDATE_JSCPD: false # need to find a way to ignore license headers for duplicate detection DEFAULT_BRANCH: master GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}