Rumperuu/footnotes
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
This repository has been archived on 2023-08-16. You can view files and clone it, but cannot push or open issues or pull requests.
footnotes/.github/workflows/ossar-analysis.yml
Ben Goldsworthy 4af8849eec
ci: improve linting, GitHub Actions workflows (#149) 
* release: release 2.7.2

* fix: urgent 2.7.3 release to fix fatal error

* chore: remove un-needed setup script

* ci: remove steps from pre-push command

* chore: remove un-needed PHP-Commitizen config

* chore: put image files in correct folders

* chore: move GitHub image into `.github/` dir

* fix: classic editor button

* fix: call correct jQuery Tools file in dev env

* docs: replace license with Markdown version

* ci: clean up PHP linting commands

If anyone has noticed me playing musical filepaths with these commands
for a while, it's because I kept getting inconsistent results from the
use of double-globs (i.e., `**`). However, I've finally figured out
that this is because Composer is running these scripts in its own shell,
so the double-glob that works when I run the command manually in my
Terminal doesn't work when Composer runs it in its.

* chore: lint PHP files

* build: update JS linting standards

* chore: lint JS file

* build: add node-sass

* build: add additional stylelint rules

* chore: lint stylesheets with new rulesets

* refactor: move ESLint settings to `package.json`

* chore: move Prettier config to `package.json`

It is not yet possible to move `.prettierignore` to `package.json` too,
but this appears to be on the horizon; see [this Issue][prettier-issue].

[prettier-issue]: https://github.com/prettier/prettier/issues/3460

* fix: move WPML config into Plugin folder

* chore: move Stylelint config into `package.json`

* chore: remove unused `.distignore`

It can always be re-added at a later date if it becomes useful.

* chore: format file

* build: add HTML linting

* fix: add image alt tag

* ci: clean up GitHub Actions workflows

* fix: fix workflow

* fix: fix indentation

* ci: add YAML validation

* chore: make valid

* ci: add YAML validation

* chore: lint code

* ci: change dep install back to original

* chore: lint license
2021-04-26 17:17:44 +01:00

46 lines
1.5 KiB
YAML
Raw Blame History

# This workflow integrates a collection of open source static analysis tools
# with GitHub code scanning. For documentation, or to provide feedback, visit
# https://github.com/github/ossar-action
name: OSSAR
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '39 23 * * 4'
jobs:
OSSAR-Scan:
# OSSAR runs on windows-latest.
# ubuntu-latest and macos-latest support coming soon
name: Scan code with OSSAR
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Ensure a compatible version of dotnet is installed.
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
# A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
# GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
# For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
# - name: Install .NET
# uses: actions/setup-dotnet@v1
# with:
# dotnet-version: '3.1.x'
# Run open source static analysis tools
- name: Run OSSAR
uses: github/ossar-action@v1
id: ossar
# Upload results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
Reference in a new issue View git blame Copy permalink