Skip to content

DevSkim

DevSkim #212

Workflow file for this run

name: DevSkim
on:
push:
branches: [main]
# If any of these files are the only thing that was changed, it's fairly
# easy to assume that running DevSkim is unncessary.
# Note that I'm actively avoiding just selecting any Prettier or ESLint
# config files, since both allow for config files written in JS.
paths-ignore:
- '**/*.md'
- '**/*.editorconfig'
- '**/.*ignore'
- '**/*.prettierrc.ya?ml'
- '**/*.prettierrc.json5?'
- '**/*.prettierrc.toml'
- '**/*.eslintrc.ya?ml'
- '**/*.eslintrc.json'
- .deepsource.toml
- .github/dependabot.yml
- .github/restyled.yml
- .vscode/**
- package*.json # Devskim doesn't seem to have any rules that care about this
- pnpm-lock.yaml
- test/** # Willingly ignored since we ignore this in the arguments anyways
pull_request:
branches: [main]
# Same as on push
paths-ignore:
- '**/*.md'
- '**/*.editorconfig'
- '**/.*ignore'
- '**/*.prettierrc.ya?ml'
- '**/*.prettierrc.json5?'
- '**/*.prettierrc.toml'
- '**/*.eslintrc.ya?ml'
- '**/*.eslintrc.json'
- .deepsource.toml
- .github/dependabot.yml
- .github/restyled.yml
- .vscode/**
- package*.json
- pnpm-lock.yaml
- test/**
schedule:
- cron: '43 8 * * 4' # 08:43 on Thursdays
workflow_dispatch:
jobs:
lint:
name: DevSkim
runs-on: ubuntu-20.04
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1
with:
ignore-globs: '**/.git/**,**/bin/**,**/node_modules/**,**/test/**'
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: devskim-results.sarif