Skip to content

chore(deps): update aquasecurity/trivy-action action to v0.26.0 #976

chore(deps): update aquasecurity/trivy-action action to v0.26.0

chore(deps): update aquasecurity/trivy-action action to v0.26.0 #976

# Copyright 2020 Wayback Archiver. All rights reserved.
# Use of this source code is governed by the MIT license
# that can be found in the LICENSE file.
name: ShellCheck
on:
push:
branches:
- '**'
pull_request:
branches:
- '**'
types: [ opened, synchronize, reopened ]
workflow_call:
inputs:
egress-policy:
type: string
default: 'block'
description: 'Harden-Runner egress traffic policy'
permissions:
contents: read
jobs:
shellcheck:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
disable-sudo: true
egress-policy: ${{ inputs.egress-policy || 'block' }}
disable-telemetry: true
allowed-endpoints: >
github.com:443
api.github.com:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
pipelinesghubeus2.actions.githubusercontent.com:443
- name: Check out code base
if: github.event_name == 'push'
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
persist-credentials: false
- name: Check out code base
if: github.event_name == 'pull_request'
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ github.event.pull_request.head.sha }}
- name: Run shellcheck with reviewdog
uses: reviewdog/action-shellcheck@f52d78284b4941028952125a10c76676c3d456eb # v1.17.0