You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can set up puppet-lint and GHA to upload in SARIF format. The explore workflows suggests the following workflow:
# This workflow uses actions that are not certified by GitHub.# They are provided by a third-party and are governed by# separate terms of service, privacy policy, and support# documentation.# Puppet Lint tests Puppet code against the recommended Puppet language style guide.# https://puppet.com/docs/puppet/7/style_guide.html# Puppet Lint validates only code style; it does not validate syntax.# To test syntax, use Puppet's puppet parser validate command.# More details at https://github.com/puppetlabs/puppet-lint/name: puppet-linton:
push:
branches: [ "master" ]pull_request:
# The branches below must be a subset of the branches abovebranches: [ "master" ]schedule:
- cron: '41 13 * * 2'permissions:
contents: readjobs:
puppet-lint:
name: Run puppet-lint scanningruns-on: ubuntu-latestpermissions:
contents: read # for checkout to fetch codesecurity-events: write # for github/codeql-action/upload-sarif to upload SARIF resultsactions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run statussteps:
- name: Checkout codeuses: actions/checkout@v3
- name: Setup Rubyuses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0with:
ruby-version: 2.7bundler-cache: true
- name: Install puppet-lintrun: gem install puppet-lint
- name: Run puppet-lintrun: puppet-lint . --sarif > puppet-lint-results.sarifcontinue-on-error: true
- name: Upload analysis results to GitHubuses: github/codeql-action/upload-sarif@v2with:
sarif_file: puppet-lint-results.sarifwait-for-processing: true
Obviously we only care about the last 2 steps, but the permissions are also useful.
This may be nicer than annotations because it also shows up in code scans when run on the cron schedule.
Perhaps this is something that belongs in voxpupuli-test, perhaps somewhere in between.
The text was updated successfully, but these errors were encountered:
You can set up puppet-lint and GHA to upload in SARIF format. The explore workflows suggests the following workflow:
Obviously we only care about the last 2 steps, but the permissions are also useful.
This may be nicer than annotations because it also shows up in code scans when run on the cron schedule.
Perhaps this is something that belongs in voxpupuli-test, perhaps somewhere in between.
The text was updated successfully, but these errors were encountered: