wxWidgets/.github/workflows/code_checks.yml
naveen 64add326f6 Restrict job permissions in GitHub actions workflows
Restrict the GitHub token permissions only to the required ones, i.e.
just read-only access to the code.

This is done in order to reduce the potential harm in case of a
malicious pull request, see GitHub blog post at
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes #22574.
2022-06-28 14:00:44 +02:00

76 lines
1.7 KiB
YAML

# This workflow does some quick checks.
name: Code Checks
on:
push:
branches:
- master
pull_request:
branches:
- master
permissions:
contents: read
jobs:
check-unix:
runs-on: ubuntu-20.04
name: Check Spelling
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install codespell
run: |
pip3 install --no-warn-script-location codespell==1.17.1
- name: Run codespell
run: |
CODESPELL=$HOME/.local/bin/codespell ./misc/scripts/spellcheck
check-whitespace:
runs-on: ubuntu-20.04
name: Check Whitespace
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Check for trailing whitespace and TABs
run: |
git fetch --depth=1 origin master
git -c core.whitespace=blank-at-eol,blank-at-eof,space-before-tab,cr-at-eol,tab-in-indent \
diff --check origin/master \
':!.gitmodules' \
':!Makefile.in' \
':!config.guess' \
':!config.sub' \
':!configure' \
':!descrip.mms' \
':!install-sh' \
':!**/*akefile*' \
':!**/*.pbxproj' \
':!**/Info*.plist*' \
':!**/*.sln' \
':!**/*.vcproj' \
':!**/*.xpm'
check-mixed-eol:
runs-on: ubuntu-20.04
name: Check Mixed EOL
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install dos2unix
run: |
sudo apt-get install -y dos2unix
- name: Check for mixed EOL
run: |
./misc/scripts/check_mixed_eol.sh