update main.yml with linters and scanners #41

Workflow file for this run

	on:
	workflow_dispatch:
	push:
	branches:
	- main
	tags:
	- 'v[0-9]+.[0-9]+.[0-9]+*' # match basic semver tags
	pull_request:
	branches:
	- main

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Lint Shell Scripts
	continue-on-error: true
	run: \|
	sudo apt-get update
	sudo apt-get install shellcheck
	shellcheck */.sh

	- name: Lint PowerShell Scripts
	continue-on-error: true
	run: \|
	pwsh -Command "Invoke-ScriptAnalyzer -EnableExit -Recurse -Path ."

	- name: Lint Lua
	continue-on-error: true
	run: \|
	sudo apt-get install -y luarocks
	sudo luarocks install luacheck
	luacheck */.lua

	- name: Lint TeX Files
	continue-on-error: true
	run: \|
	sudo apt-get install chktex
	chktex */.tex

	semgrep-scan:
	runs-on: ubuntu-latest
	container:
	image: returntocorp/semgrep:latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Semgrep Scan
	run: \|
	semgrep --config "p/r2c" .

	test:
	runs-on: ubuntu-latest
	steps:
	- name: Tests
	run: true # place-holder

	release:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/v')
	needs: [lint, test, semgrep-scan]
	steps:
	- name: Checkout
	uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

	- name: Set up tag name
	id: tag
	run: echo "::set-output name=tag::${GITHUB_REF##*/}"

	- name: Build
	run: git ls-files \| zip release-${{ steps.tag.outputs.tag }}.zip -@

	- name: Release
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
	with:
	files: release-${{ steps.tag.outputs.tag }}.zip
	draft: true
	generate_release_notes: true
	fail_on_unmatched_files: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update main.yml with linters and scanners #41

Workflow file

update main.yml with linters and scanners #41

Jobs

Run details

Workflow file for this run