diff --git a/.github/workflows/code_quality.yaml b/.github/workflows/code_quality.yaml new file mode 100644 index 0000000..9b43605 --- /dev/null +++ b/.github/workflows/code_quality.yaml @@ -0,0 +1,20 @@ +name: Trunk Code Quality +on: + pull_request: {} + +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Trunk Code Quality + uses: trunk-io/trunk-action@v1 diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index cc46594..fe49e0d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -34,11 +34,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -60,4 +60,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9d46014..a70cf5f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,12 +30,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 with: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade_trunk.yaml b/.github/workflows/upgrade_trunk.yaml index 16e7278..a166234 100644 --- a/.github/workflows/upgrade_trunk.yaml +++ b/.github/workflows/upgrade_trunk.yaml @@ -16,7 +16,7 @@ jobs: pull-requests: write # For trunk to create PRs steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Create App Token for TrunkBuild App (Internal) uses: tibdex/github-app-token@v2 @@ -26,7 +26,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Trunk Upgrade - uses: trunk-io/trunk-action/upgrade@bd686325615e9cf5a4ef98372ba94a472f9b5238 + uses: trunk-io/trunk-action/upgrade@b8812b3da2f527db878ef7541c4177f8d280cd89 with: add-paths: plugin.yaml arguments: --apply-to=plugin.yaml -n diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 4704bd1..da500b4 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,11 +1,11 @@ version: 0.1 cli: - version: 1.20.1 + version: 1.25.0 plugins: sources: - id: trunk uri: https://github.com/trunk-io/plugins - ref: v1.4.5 + ref: v1.7.1 - id: configs local: . diff --git a/configs/svgo.config.js b/configs/svgo.config.mjs similarity index 93% rename from configs/svgo.config.js rename to configs/svgo.config.mjs index b257d13..55b4a7a 100644 --- a/configs/svgo.config.js +++ b/configs/svgo.config.mjs @@ -1,4 +1,4 @@ -module.exports = { +export default { plugins: [ { name: "preset-default", diff --git a/plugin.yaml b/plugin.yaml index 90a1035..2b2f9ce 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -4,60 +4,61 @@ required_trunk_version: ">=1.7.1-beta.9" # Applicable linters and actions will run with these runtime versions runtimes: enabled: - - go@1.21.0 - - node@20.11.0 + - go@1.24.3 + - node@22.16.0 - python@3.10.8 - - ruby@3.1.4 + - ruby@3.4.2 lint: # By sourcing this plugin, repos will enable these linters enabled: - - actionlint@1.7.0 - - bandit@1.7.8 - - black@24.4.2 - - buf-lint@1.32.0 - - buildifier@7.1.1 - - cfnlint@0.87.3 - - checkov@3.2.95 + - actionlint@1.7.12 + - bandit@1.9.4 + - black@26.3.1 + - buf-lint@1.31.0! + - buildifier@8.5.1 + - cfnlint@1.49.3 + - checkov@3.2.525 - clang-format@17.0.1 - clang-tidy@17.0.1 - clippy@1.71.1 - eslint@8.56.0 - git-diff-check - gofmt@1.20.4 - - golangci-lint@1.57.2 - - hadolint@2.12.0 - - isort@5.13.2 - - markdownlint@0.40.0 - - markdown-link-check@3.11.2 - - mypy@1.10.0 - - nancy@1.0.46 - - osv-scanner@1.7.3 - - oxipng@9.1.1 + - golangci-lint2@2.11.4 + - hadolint@2.14.0 + - isort@8.0.1 + - markdownlint@0.48.0 + - markdown-link-check@3.14.2 + - mypy@1.20.2 + - nancy@1.2.0 + - osv-scanner@2.3.5 + - oxipng@10.1.1 - pragma-once - - prettier@3.2.5 - - prisma@5.14.0 - - pylint@3.2.0 - - renovate@37.368.4 + - prettier@3.8.3 + - prisma@7.8.0 + - pylint@4.0.5 + - renovate@43.142.0 - rubocop@1.39.0 - - ruff@0.4.4 + - ruff@0.15.12 - rustfmt@1.68.2 - - semgrep@1.73.0 - - shellcheck@0.10.0 + - semgrep@1.161.0 + - shellcheck@0.11.0 - shfmt@3.6.0 - - sort-package-json@2.10.0 - - sql-formatter@15.3.1 - - stylelint@16.5.0: + - sort-package-json@3.6.1 + - sql-formatter@15.7.3 + - stylelint@17.9.0: packages: - - stylelint-config-standard-scss@13.1.0 - - stylelint-config-clean-order@5.4.2 - - svgo@3.3.2 - - taplo@0.8.1 - - terrascan@1.19.1 - - trivy@0.51.1 - - trufflehog@3.76.3 - - trunk-toolbox@0.3.1 - - yamllint@1.35.1 + - stylelint-config-standard-scss@17.0.0 + - stylelint-config-clean-order@8.0.1 + - svgo@4.0.1 + - taplo@0.10.0 + - terrascan@1.19.9 + # Disabled until filesystem scanner initialize error resolved. + # - trivy@0.54.1 + - trufflehog@3.95.2 + - trunk-toolbox@0.7.0 + - yamllint@1.38.0 # Sourcing repos will have these configs available to applicable linters exported_configs: @@ -74,7 +75,7 @@ lint: - configs/.shellcheckrc - configs/.sqlfluff - configs/.stylelintrc.js - - configs/svgo.config.js + - configs/svgo.config.mjs - configs/.yamllint.yaml # By sourcing this plugin, repos will enable these actions @@ -86,7 +87,27 @@ actions: - trunk-check-pre-push - trunk-fmt-pre-commit +downloads: + - name: trunk-analytics-cli + downloads: + - os: + linux: unknown-linux + macos: apple-darwin + cpu: + x86_64: x86_64 + arm_64: aarch64 + url: https://github.com/trunk-io/analytics-cli/releases/download/${version}/trunk-analytics-cli-${cpu}-${os}.tar.gz tools: + definitions: + - name: trunk-analytics-cli + download: trunk-analytics-cli + known_good_version: 0.12.5 + shims: [trunk-analytics-cli] + health_checks: + - command: trunk-analytics-cli --version + parse_regex: trunk-analytics-cli ${semver} enabled: - - gh@2.49.2 - - gt@1.3.4 + - gh@2.91.0 + - grpcui@1.4.3 + - gt@1.8.5 + - trunk-analytics-cli@0.12.8