Files
fizzy/.github/workflows/ci-checks.yml
T
Mike Dalessio 463f289072 ci: pin github actions
using `pinact`
2026-03-17 17:19:37 -04:00

58 lines
1.4 KiB
YAML

name: Checks
on:
pull_request:
permissions:
contents: read
jobs:
gemfile-drift:
name: Gemfile drift
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
with:
ruby-version: .ruby-version
bundler-cache: true
- name: Check for lockfile drift
run: bin/bundle-drift check
security:
name: Security
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
with:
ruby-version: .ruby-version
bundler-cache: true
- name: Gem audit
run: bin/bundler-audit check --update
- name: Importmap audit
run: bin/importmap audit
- name: Brakeman audit
run: bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
with:
ruby-version: .ruby-version
bundler-cache: true
- name: Lint code for consistent style
run: bin/rubocop