chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 #79
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - '**.md' | |
| - 'docs/**' | |
| - '.github/*.md' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - 'LICENSE' | |
| pull_request: | |
| branches: [main] | |
| paths-ignore: | |
| - '**.md' | |
| - 'docs/**' | |
| - '.github/*.md' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - 'LICENSE' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| validate-changelog: | |
| name: Validate CHANGELOG | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Validate CHANGELOG format | |
| shell: bash | |
| run: | | |
| echo "Validating CHANGELOG.md format..." | |
| if [[ ! -f CHANGELOG.md ]]; then | |
| echo "::error::CHANGELOG.md not found" | |
| exit 1 | |
| fi | |
| if ! grep -qE "^## \[Unreleased\]" CHANGELOG.md; then | |
| echo "::error::CHANGELOG.md missing '## [Unreleased]' section" | |
| exit 1 | |
| fi | |
| echo "CHANGELOG.md format valid" | |
| actionlint: | |
| name: Action Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| release-assets.githubusercontent.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install actionlint | |
| shell: bash | |
| run: | | |
| version="1.7.7" | |
| checksum="023070a287cd8cccd71515fedc843f1985bf96c436b7effaecce67290e7e0757" | |
| tarball="actionlint_${version}_linux_amd64.tar.gz" | |
| curl -sLO "https://github.com/rhysd/actionlint/releases/download/v${version}/${tarball}" | |
| echo "${checksum} ${tarball}" | sha256sum -c - | |
| tar xzf "${tarball}" actionlint | |
| rm -f "${tarball}" | |
| - name: Run actionlint | |
| shell: bash | |
| run: ./actionlint -color | |
| ci-status: | |
| name: CI Status | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| if: always() | |
| needs: [validate-changelog, actionlint] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| github.com:443 | |
| - name: Check CI status | |
| shell: bash | |
| run: | | |
| if [[ "${{ needs.validate-changelog.result }}" != "success" ]] || \ | |
| [[ "${{ needs.actionlint.result }}" != "success" ]]; then | |
| echo "::error::One or more CI jobs failed" | |
| exit 1 | |
| fi | |
| echo "All CI jobs passed successfully" |