change-files forking done and tested #4
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| tag: |
Check notice
Code scanning / Checkov (reported by Codacy)
The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. Note
| @@ -0,0 +1 @@ | |||
| This is a test markdown file | |||
Check warning
Code scanning / Markdownlint (reported by Codacy)
First line in a file should be a top-level heading Warning test
| # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis | ||
| - name: Run Codacy Analysis CLI | ||
| continue-on-error: true | ||
| uses: codacy/[email protected] |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
| - name: Push changes | ||
| if: steps.changed_files.outputs.files_changed == 'true' && github.event_name == 'pull_request' | ||
| continue-on-error: true | ||
| uses: ad-m/github-push-action@master |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning test
| path: dist | ||
|
|
||
| - name: Run codacy-coverage-reporter | ||
| uses: codacy/codacy-coverage-reporter-action@v1 |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning test
| fetch-depth: 0 | ||
|
|
||
| - name: Run auto-doc | ||
| uses: tj-actions/auto-doc@v3 |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
| use_major_version: true | ||
|
|
||
| - name: Run remark | ||
| uses: tj-actions/remark@v3 |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
| uses: tj-actions/remark@v3 | ||
|
|
||
| - name: Verify Changed files | ||
| uses: tj-actions/verify-changed-files@v20 |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
|
|
||
| - name: Create Pull Request | ||
| if: failure() | ||
| uses: peter-evans/create-pull-request@v7 |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
No description provided.