mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-23 06:31:02 -05:00
4471e9f322
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
66 lines
2.7 KiB
YAML
66 lines
2.7 KiB
YAML
---
|
|
###############################
|
|
###############################
|
|
## StaleBot for Super-Linter ##
|
|
###############################
|
|
###############################
|
|
on:
|
|
schedule:
|
|
# every day at 0:00 UTC
|
|
- cron: "0 0 * * *"
|
|
issue_comment:
|
|
types: [created, deleted, edited]
|
|
|
|
###################
|
|
# Name of the Job #
|
|
###################
|
|
name: "Stale[bot]"
|
|
|
|
###############
|
|
# Run the job #
|
|
###############
|
|
jobs:
|
|
#######################
|
|
# Mark an Issue Stale #
|
|
#######################
|
|
markstale:
|
|
permissions:
|
|
issues: write # for actions/stale to close stale issues
|
|
pull-requests: write # for actions/stale to close stale PRs
|
|
runs-on: ubuntu-latest
|
|
# only run on schedule
|
|
if: ${{ github.event_name == 'schedule' }}
|
|
timeout-minutes: 60
|
|
steps:
|
|
- name: Mark issue stale
|
|
uses: actions/stale@v5
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity.\nIt will be closed in 14 days if no further activity occurs.\nThank you for your contributions.\n\nIf you think this issue should stay open, please remove the `O: stale 🤖` label or comment on the issue.\n\nIf you're a maintainer, you can stop the bot to mark this issue as stale in the future by adding the `O: backlog 🤖` label`."
|
|
stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity.\nIt will be closed in 14 days if no further activity occurs.\nThank you for your contributions.\n\nIf you think this pull request should stay open, please remove the `O: stale 🤖` label or comment on the pull request.\n\nIf you're a maintainer, you can stop the bot to mark this issue as stale in the future by adding the `O: backlog 🤖` label`."
|
|
days-before-stale: 30
|
|
days-before-close: 14
|
|
stale-issue-label: "O: stale 🤖"
|
|
exempt-issue-labels: "O: backlog 🤖"
|
|
stale-pr-label: "O: stale 🤖"
|
|
exempt-pr-labels: "O: backlog 🤖"
|
|
|
|
##################
|
|
# Mark not stale #
|
|
##################
|
|
marknotstale:
|
|
runs-on: ubuntu-latest
|
|
# do not run on schedule
|
|
if: "${{ github.event_name == 'issue_comment' && contains(github.event.issue.labels.*.name, 'O: stale 🤖') && github.event.issue.user.type != 'Bot' }}"
|
|
timeout-minutes: 60
|
|
steps:
|
|
- name: Mark issue not stale
|
|
uses: actions/github-script@v6
|
|
with:
|
|
script: |
|
|
github.rest.issues.removeLabel({
|
|
issue_number: context.issue.number,
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name: 'O: stale 🤖'
|
|
})
|