pulumi-kubernetes-operator/1.16.0-r20: cve remediation (#72875) #123822
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint | |
| on: | |
| push: | |
| branches: | |
| - "main" # required to create a usable cache for other PRs | |
| pull_request: | |
| branches: | |
| - "main" | |
| permissions: | |
| contents: read | |
| env: | |
| # Pre-commit: Skip epoch bump check as that's intended as a local developer helpful hint. | |
| SKIP: check-for-epoch-bump | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 # required for --from-ref and --to-ref | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| - run: | | |
| python -m pip install pre-commit | |
| python -m pip freeze --local | |
| - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| id: cache | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: ${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }} | |
| # A cache miss means that the pre-commit config changed and we should check everything | |
| # Otherwise, we can just check modified files which will be much faster | |
| - if: steps.cache.outputs.cache-hit != 'true' | |
| run: pre-commit run --show-diff-on-failure --color=always --all-files | |
| - if: steps.cache.outputs.cache-hit == 'true' | |
| run: pre-commit run --show-diff-on-failure --color=always --from-ref HEAD^^^ --to-ref HEAD | |
| # Install yam | |
| - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 | |
| with: | |
| go-version: 1.24 | |
| - run: go install github.com/chainguard-dev/[email protected] | |
| - run: ./lint.sh | |
| - run: git diff --exit-code |