64add326f6
Restrict the GitHub token permissions only to the required ones, i.e. just read-only access to the code. This is done in order to reduce the potential harm in case of a malicious pull request, see GitHub blog post at https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> Closes #22574.
76 lines
1.7 KiB
YAML
76 lines
1.7 KiB
YAML
# This workflow does some quick checks.
|
|
name: Code Checks
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
check-unix:
|
|
runs-on: ubuntu-20.04
|
|
name: Check Spelling
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install codespell
|
|
run: |
|
|
pip3 install --no-warn-script-location codespell==1.17.1
|
|
|
|
- name: Run codespell
|
|
run: |
|
|
CODESPELL=$HOME/.local/bin/codespell ./misc/scripts/spellcheck
|
|
|
|
|
|
check-whitespace:
|
|
runs-on: ubuntu-20.04
|
|
name: Check Whitespace
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Check for trailing whitespace and TABs
|
|
run: |
|
|
git fetch --depth=1 origin master
|
|
git -c core.whitespace=blank-at-eol,blank-at-eof,space-before-tab,cr-at-eol,tab-in-indent \
|
|
diff --check origin/master \
|
|
':!.gitmodules' \
|
|
':!Makefile.in' \
|
|
':!config.guess' \
|
|
':!config.sub' \
|
|
':!configure' \
|
|
':!descrip.mms' \
|
|
':!install-sh' \
|
|
':!**/*akefile*' \
|
|
':!**/*.pbxproj' \
|
|
':!**/Info*.plist*' \
|
|
':!**/*.sln' \
|
|
':!**/*.vcproj' \
|
|
':!**/*.xpm'
|
|
|
|
|
|
check-mixed-eol:
|
|
runs-on: ubuntu-20.04
|
|
name: Check Mixed EOL
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install dos2unix
|
|
run: |
|
|
sudo apt-get install -y dos2unix
|
|
|
|
- name: Check for mixed EOL
|
|
run: |
|
|
./misc/scripts/check_mixed_eol.sh
|