From 27ceabdb4787a362f0503164a72526fe887d40d8 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:04:42 +0100 Subject: [PATCH 1/6] Add GitHub token permissions for workflows Follows https://github.com/rubocop/rubocop/pull/10947 --- .github/workflows/linting.yml | 8 ++++++++ .github/workflows/spell_checking.yml | 3 +++ .github/workflows/test.yml | 3 +++ 3 files changed, 14 insertions(+) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 5088d70c34..33ca4f6ad8 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -1,11 +1,19 @@ name: Linting on: - pull_request + +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true + jobs: yamllint: + permissions: + contents: read # for actions/checkout to fetch code + pull-requests: write # for karancode/yamllint-github-action to post comments on PRs name: Yamllint runs-on: ubuntu-latest steps: diff --git a/.github/workflows/spell_checking.yml b/.github/workflows/spell_checking.yml index fec1e652b4..1cad1540bb 100644 --- a/.github/workflows/spell_checking.yml +++ b/.github/workflows/spell_checking.yml @@ -2,6 +2,9 @@ name: Spell Checking on: [pull_request] +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d029641b6e..8385779589 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,6 +7,9 @@ on: pull_request: workflow_dispatch: +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true From 6ae66df7487df42bf8b38d73954197c9d0161aed Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:09:07 +0100 Subject: [PATCH 2/6] CI: Consistent naming of steps Follows https://github.com/rubocop/rubocop/commit/99592fcc1d57902aea39bc59b92cd6589f34a9d4 --- .github/workflows/test.yml | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8385779589..c6ba961d1f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,10 +28,8 @@ jobs: ruby: ['2.7', '3.0', '3.1', '3.2', '3.3', 'head'] steps: - - name: checkout - uses: actions/checkout@v4 - - name: set up Ruby - uses: ruby/setup-ruby@v1 + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true @@ -44,10 +42,8 @@ jobs: name: JRuby 9.4 runs-on: ubuntu-latest steps: - - name: checkout - uses: actions/checkout@v4 - - name: set up Ruby - uses: ruby/setup-ruby@v1 + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 with: ruby-version: jruby-9.4 bundler-cache: true @@ -61,8 +57,7 @@ jobs: name: Prism steps: - uses: actions/checkout@v4 - - name: set up Ruby - uses: ruby/setup-ruby@v1 + - uses: ruby/setup-ruby@v1 with: # Specify the minimum Ruby version 2.7 required for Prism to run. ruby-version: 2.7 @@ -77,8 +72,7 @@ jobs: name: Check documentation syntax steps: - uses: actions/checkout@v4 - - name: set up Ruby - uses: ruby/setup-ruby@v1 + - uses: ruby/setup-ruby@v1 with: ruby-version: 3.2 bundler-cache: true @@ -98,8 +92,7 @@ jobs: cat << EOF > Gemfile.local gem 'rubocop', '1.52.0' # Specify the oldest supported RuboCop version EOF - - name: set up Ruby - uses: ruby/setup-ruby@v1 + - uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 bundler-cache: true From 8d42b19777b66ac355ca19e81f430f72b6fd9a2b Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:15:03 +0100 Subject: [PATCH 3/6] CI: Move internal_investigation to linting.yml Follows https://github.com/rubocop/rubocop/pull/12947 and https://github.com/rubocop/rubocop/pull/12964 --- .github/workflows/linting.yml | 22 +++++++++++++++++++--- .github/workflows/test.yml | 4 ---- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 33ca4f6ad8..741623b94a 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -1,6 +1,10 @@ name: Linting on: - - pull_request + push: + branches: + - master + pull_request: + workflow_dispatch: permissions: # added using https://github.com/step-security/secure-workflows contents: read @@ -10,11 +14,23 @@ concurrency: cancel-in-progress: true jobs: - yamllint: + lint-ruby: + name: Ruby + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ruby # Latest stable CRuby version + bundler-cache: true + - name: internal_investigation + run: bundle exec rake internal_investigation + + lint-yaml: permissions: contents: read # for actions/checkout to fetch code pull-requests: write # for karancode/yamllint-github-action to post comments on PRs - name: Yamllint + name: Yaml runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c6ba961d1f..f8fcfe1285 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,8 +35,6 @@ jobs: bundler-cache: true - name: spec run: bundle exec rake spec - - name: internal_investigation - run: bundle exec rake internal_investigation jruby: name: JRuby 9.4 @@ -49,8 +47,6 @@ jobs: bundler-cache: true - name: spec run: bundle exec rake spec - - name: internal_investigation - run: bundle exec rake internal_investigation prism: runs-on: ubuntu-latest From 92a2a50372a2dd8faa4686f5530b9ce9fc57365a Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:16:04 +0100 Subject: [PATCH 4/6] Improve the configuration options of the yamllint-github-action Follows https://github.com/rubocop/rubocop/pull/11720 --- .github/workflows/linting.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 741623b94a..c09602ff76 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -37,6 +37,8 @@ jobs: - name: Yamllint uses: karancode/yamllint-github-action@master with: + yamllint_strict: true + yamllint_format: parsable yamllint_comment: true env: GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} From db2d8f85099a6702da9ff344c6f3b0a305b2d371 Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:17:16 +0100 Subject: [PATCH 5/6] Add options to the actions-codespell configuration to check hidden files and file name Follows https://github.com/rubocop/rubocop/pull/11719 --- .github/workflows/spell_checking.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/spell_checking.yml b/.github/workflows/spell_checking.yml index 1cad1540bb..cbfbc09d60 100644 --- a/.github/workflows/spell_checking.yml +++ b/.github/workflows/spell_checking.yml @@ -17,6 +17,8 @@ jobs: - uses: actions/checkout@v4 - uses: codespell-project/actions-codespell@v2 with: + check_filenames: true + check_hidden: true ignore_words_file: codespell.txt misspell: name: Check spelling of all files in commit with misspell From c2a49b62ded2a45c7a07523738751715f5e28edb Mon Sep 17 00:00:00 2001 From: Earlopain <14981592+Earlopain@users.noreply.github.com> Date: Fri, 27 Dec 2024 17:23:19 +0100 Subject: [PATCH 6/6] Various other small workflow changes from rubocop --- .github/workflows/linting.yml | 5 +---- .github/workflows/test.yml | 13 +++++-------- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index c09602ff76..0bbb6841d3 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -6,9 +6,6 @@ on: pull_request: workflow_dispatch: -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -35,7 +32,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Yamllint - uses: karancode/yamllint-github-action@master + uses: karancode/yamllint-github-action@v3.0.0 with: yamllint_strict: true yamllint_format: parsable diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f8fcfe1285..79c174bbc7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,11 +16,8 @@ concurrency: jobs: main: - name: Ruby ${{ matrix.ruby }} + name: Spec - ${{ matrix.ruby }} runs-on: ubuntu-latest - env: - # See https://github.com/tmm1/test-queue#environment-variables - TEST_QUEUE_WORKERS: 2 strategy: fail-fast: false matrix: @@ -37,13 +34,13 @@ jobs: run: bundle exec rake spec jruby: - name: JRuby 9.4 + name: Spec - JRuby runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: - ruby-version: jruby-9.4 + ruby-version: jruby # Latest stable JRuby version bundler-cache: true - name: spec run: bundle exec rake spec @@ -70,9 +67,9 @@ jobs: - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: - ruby-version: 3.2 + ruby-version: ruby # Latest stable CRuby version bundler-cache: true - - name: test + - name: Check documentation syntax run: bundle exec rake documentation_syntax_check oldest_supported_rubocop: