Bump Yelp/detect-secrets from 1.4.0 to 1.5.0 (#6)

## Pull request checklist Please check if your PR fulfills the following requirements: - [ ] I have read the [CONTRIBUTING](https://github.com/fabasoad/setup-mark-action/blob/main/CONTRIBUTING.md) doc. - [ ] Tests for the changes have been added (for bug fixes / features). - [ ] Docs have been reviewed and added / updated if needed (for bug fixes / features). ## Pull request type   Please check the type of change your PR introduces: - [ ] Bugfix - [ ] Feature - [ ] Code style update (formatting, renaming) - [ ] Refactoring (no functional changes, no api changes) - [ ] Build related changes - [ ] Documentation content changes - [ ] Other (please describe): ## What is the current behavior  ## What is the new behavior  - - - ## Does this introduce a breaking change - [ ] Yes - [ ] No  ## Other information   --- Closes #{IssueNumber}
2024-07-21 15:11:03 +09:00 · 2024-07-21 15:11:03 +09:00 · 4fb8dbb3d2
commit 4fb8dbb3d2
parent 87c055186f
7 changed files with 39 additions and 190 deletions
--- a/.github/labels.yml
+++ b/.github/labels.yml
@ -1,78 +0,0 @@
 ---
 - name: "breaking-change"
  color: ee0701
  description: "A breaking change for existing users."
 - name: "bugfix"
  color: ee0701
  description: "Inconsistencies or issues which will cause a problem for users or implementors."
 - name: "documentation"
  color: 0052cc
  description: "Solely about the documentation of the project."
 - name: "enhancement"
  color: 1d76db
  description: "Enhancement of the code, not introducing new features."
 - name: "refactor"
  color: 1d76db
  description: "Improvement of existing code, not introducing new features."
 - name: "performance"
  color: 1d76db
  description: "Improving performance, not introducing new features."
 - name: "new-feature"
  color: 0e8a16
  description: "New features or options."
 - name: "maintenance"
  color: 2af79e
  description: "Generic maintenance tasks."
 - name: "ci"
  color: 1d76db
  description: "Work that improves the continue integration."
 - name: "dependencies"
  color: 1d76db
  description: "Upgrade or downgrade of project dependencies."
 - name: "in-progress"
  color: fbca04
  description: "Issue is currently being resolved by a developer."
 - name: "stale"
  color: fef2c0
  description: "There has not been activity on this issue or PR for quite some time."
 - name: "no-stale"
  color: fef2c0
  description: "This issue or PR is exempted from the stable bot."
 - name: "security"
  color: ee0701
  description: "Marks a security issue that needs to be resolved asap."
 - name: "incomplete"
  color: fef2c0
  description: "Marks a PR or issue that is missing information."
 - name: "invalid"
  color: fef2c0
  description: "Marks a PR or issue that is missing information."
 - name: "beginner-friendly"
  color: 0e8a16
  description: "Good first issue for people wanting to contribute to the project."
 - name: "help-wanted"
  color: 0e8a16
  description: "We need some extra helping hands or expertise in order to resolve this."
 - name: "priority-critical"
  color: ee0701
  description: "This should be dealt with ASAP. Not fixing this issue would be a serious error."
 - name: "priority-high"
  color: b60205
  description: "After critical issues are fixed, these should be dealt with before any further issues."
 - name: "priority-medium"
  color: 0e8a16
  description: "This issue may be useful, and needs some attention."
 - name: "priority-low"
  color: e4ea8a
  description: "Nice addition, maybe... someday..."
 - name: "major"
  color: b60205
  description: "This PR causes a major version bump in the version number."
 - name: "minor"
  color: 0e8a16
  description: "This PR causes a minor version bump in the version number."
--- a/.github/workflows/functional-tests.yml
+++ b/.github/workflows/functional-tests.yml
@ -23,7 +23,7 @@ jobs:
      fail-fast: false
      matrix:
        os: ["ubuntu", "macos"]
-        version: ["latest", "9.12.0", "9.11.1", "9.11.0", "9.10.1", "9.10.0"]
+        version: ["latest", "9.13.0", "9.12.0", "9.11.1", "9.11.0", "9.10.1"]
    runs-on: ${{ matrix.os }}-latest
    steps:
      - name: Checkout ${{ github.repository }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -7,30 +7,6 @@ on: # yamllint disable-line rule:truthy
      - "v*.*.*"
 jobs:
-  create-release:
+  github:
-    name: Create release
+    name: GitHub
-    runs-on: ubuntu-latest
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main
    steps:
      - name: Checkout ${{ github.repository }}
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Get changelog
        id: changelog
        uses: simbo/changes-since-last-release-action@v1
      - name: Create release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref }}
          name: ${{ github.ref_name }}
          token: ${{ secrets.GITHUB_TOKEN }}
          body: |
            # Changelog
            ${{ steps.changelog.outputs.log }}
          draft: false
          prerelease: false
      - name: Bump tags
        uses: fischerscode/tagger@v0
        with:
          prefix: v
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@ -7,45 +7,10 @@ on: # yamllint disable-line rule:truthy
    branches:
      - main
 defaults:
  run:
    shell: sh
 jobs:
-  code-scanning:
+  sast:
-    name: Code scanning
+    name: SAST
-    runs-on: ubuntu-latest
+    permissions:
-    steps:
+      contents: read
-      - name: Checkout ${{ github.repository }}
+      security-events: write
-        uses: actions/checkout@v4
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: "javascript"
      - name: Perform CodeQL Analysis
        id: codeql-analysis
        uses: github/codeql-action/analyze@v3
      - name: Upload to GHAS
        if: always()
        uses: github/codeql-action/upload-sarif@v3
        with:
          category: "code-scanning"
          sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
  directory-scanning:
    name: Directory scanning
    runs-on: ubuntu-latest
    steps:
      - name: Checkout ${{ github.repository }}
        uses: actions/checkout@v4
      - name: Scan current project
        id: scan-directory
        uses: anchore/scan-action@v3
        with:
          by-cve: "true"
          path: "."
      - name: Upload to GHAS
        if: always()
        uses: github/codeql-action/upload-sarif@v3
        with:
          category: "directory-scanning"
          sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@ -1,23 +1,13 @@
 ---
-name: Sync labels
+name: Labels
 on: # yamllint disable-line rule:truthy
  push:
    branches:
      - main
-    paths:
+  workflow_dispatch: {}
      - .github/labels.yml
      - .github/workflows/sync-labels.yml
  workflow_dispatch:
 jobs:
-  sync-labels:
+  maintenance:
-    name: Sync labels
+    name: Maintenance
-    runs-on: ubuntu-latest
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main
    steps:
      - name: Checkout ${{ github.repository }}
        uses: actions/checkout@v4
      - name: Run Label Syncer
        uses: micnncim/action-label-syncer@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/update-license.yml
+++ b/.github/workflows/update-license.yml
@ -1,30 +1,11 @@
 ---
-name: Update license
+name: License
 on: # yamllint disable-line rule:truthy
  schedule:
    - cron: "0 5 1 1 *"
 jobs:
-  run:
+  maintenance:
-    runs-on: ubuntu-latest
+    name: Maintenance
-    steps:
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main
      - name: Checkout ${{ github.repository }}
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Update LICENSE file
        uses: FantasticFiasco/action-update-license-year@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          assignees: ${{ github.repository_owner }}
          labels: enhancement
          prTitle: Update license copyright year to {{currentYear}}
          prBody: |
            ## Changelog
            - Update license copyright year to {{currentYear}}
            ---
            Powered by [FantasticFiasco/action-update-license-year](https://github.com/FantasticFiasco/action-update-license-year)
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -5,20 +5,35 @@ minimum_pre_commit_version: 2.18.0
 repos:
  # Security
  - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
    hooks:
      - id: detect-secrets
        stages: ["commit", "push"]
  - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.18.2
+    rev: v8.18.4
    hooks:
      - id: gitleaks
        stages: ["commit", "push"]
  - repo: https://github.com/fabasoad/pre-commit-grype
    rev: v0.4.0
    hooks:
      - id: grype-dir
        args:
          - --grype-args=--by-cve --fail-on=low
          - --hook-args=--log-level debug
        stages: ["push"]
  # Markdown
  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.39.0
+    rev: v0.41.0
    hooks:
      - id: markdownlint-fix
  # Shell
  - repo: https://github.com/openstack/bashate
    rev: 2.1.1
    hooks:
      - id: bashate
        args: ["-i", "E003,E006"]
        stages: ["commit"]
  # Yaml
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.35.1
@ -27,11 +42,11 @@ repos:
        stages: ["push"]
  # GitHub Actions
  - repo: https://github.com/rhysd/actionlint
-    rev: v1.6.27
+    rev: v1.7.1
    hooks:
      - id: actionlint
        args: ["-pyflakes="]
-        stages: ["push"]
+        stages: ["commit"]
  # Other
  - repo: https://github.com/pre-commit/mirrors-prettier
    rev: v3.1.0