From f1131ea0553919d6c7be75f59b81108323f8114b Mon Sep 17 00:00:00 2001 From: James Woolfenden Date: Tue, 27 Jun 2023 11:30:26 -0700 Subject: [PATCH] update hooks --- .github/workflows/codeql-analysis.yml | 1 + .github/workflows/pr.yml | 8 ++++---- .github/workflows/release.yml | 16 +++++++-------- .pre-commit-config.yaml | 28 +++++++++++++++++++++------ 4 files changed, 35 insertions(+), 18 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b284a64..7a3ce84 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -19,6 +19,7 @@ on: branches: [ "master" ] schedule: - cron: '36 4 * * 0' +permissions: read-all jobs: analyze: diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index c2026dd..1d3e2d4 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -12,14 +12,14 @@ jobs: with: go-version: 1.20.x - name: Restore cache - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + uses: actions/cache@f5ce41475b483ad7581884324a6eca9f48f8dcc7 # v1.2.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-mod- - - name: Fmt - run: make fmt + - name: gofumpt + uses: iamnotaturtle/auto-gofmt@3934ab53013ffb44d3db33bbd1c271279b5925d5 # v2.1.0 test: strategy: matrix: @@ -34,7 +34,7 @@ jobs: with: go-version: ${{ matrix.go-version }} - name: Restore cache - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + uses: actions/cache@f5ce41475b483ad7581884324a6eca9f48f8dcc7 # v1.2.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4536411..71b4530 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,21 +11,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: 1.19 - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41 # v5.3.0 + uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41 # v5.3.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 + uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 with: version: latest args: release --clean @@ -41,16 +41,16 @@ jobs: needs: - goreleaser steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Publish to Registry - uses: elgohr/Publish-Docker-Github-Action@219613003b08f4d049f34cb56c92e84345e1bb3f # v5 + uses: elgohr/Publish-Docker-Github-Action@219613003b08f4d049f34cb56c92e84345e1bb3f # v5 with: name: jameswoolfenden/sato username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} tags: "latest,${{ github.ref_name }}" - name: Update Docker Hub README - uses: peter-evans/dockerhub-description@579f64ca0abced29dbbc44ab4c6a0b9e33ab3588 # v3.4.1 + uses: peter-evans/dockerhub-description@579f64ca0abced29dbbc44ab4c6a0b9e33ab3588 # v3.4.1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} @@ -64,7 +64,7 @@ jobs: - goreleaser steps: - name: Repository Dispatch - uses: peter-evans/repository-dispatch@26b39ed245ab8f31526069329e112ab2fb224588 # v2.1.1 + uses: peter-evans/repository-dispatch@26b39ed245ab8f31526069329e112ab2fb224588 # v2.1.1 with: token: ${{ secrets.PAT }} repository: jameswoolfenden/scoop diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 95a832e..c371934 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,7 +2,7 @@ --- # yamllint disable rule:line-length default_language_version: - python: python3.9 + python: python3.10 repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 @@ -23,14 +23,14 @@ repos: rev: v1.5.1 hooks: - id: forbid-tabs - exclude_types: [python, javascript, dtd, markdown, makefile, xml] + exclude_types: [ python, javascript, dtd, markdown, makefile, xml ] exclude: binary|\.bin$|rego|\.rego$|go|\.go$ - repo: https://github.com/jameswoolfenden/pre-commit-shell rev: 0.0.2 hooks: - id: shell-lint - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.34.0 + rev: v0.35.0 hooks: - # noinspection SpellCheckingInspection id: markdownlint @@ -39,7 +39,7 @@ repos: rev: v0.1.50 hooks: - id: terraform-fmt - language_version: python3.9 + language_version: python3.10 - repo: https://github.com/gruntwork-io/pre-commit rev: v0.1.22 hooks: @@ -50,10 +50,26 @@ repos: rev: v0.0.18 hooks: - id: go-test - args: ["./..."] + args: [ "./..." ] - id: go-mod-tidy - id: go-generate - repo: https://github.com/golangci/golangci-lint - rev: v1.52.2 + rev: v1.53.3 hooks: - id: golangci-lint + - repo: https://github.com/bridgecrewio/checkov + rev: 2.3.301 + hooks: + - id: checkov + language_version: python3.10 + - repo: https://github.com/jameswoolfenden/ghat + rev: v0.0.11 + hooks: + - id: ghat-go + name: ghat + description: upgrade action dependencies + language: golang + entry: ghat swot -d . --stable 14 + always_run: true + pass_filenames: false + types: [ yaml ]