From d623087f1f102b8af4a832dd40dd2a5da6ca5cc4 Mon Sep 17 00:00:00 2001 From: JoyM1K1 Date: Tue, 7 Apr 2026 22:43:03 +0900 Subject: [PATCH 1/6] =?UTF-8?q?=E2=9C=A8=20add=20reusable=20workflow=20for?= =?UTF-8?q?=20actions=20lint?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/actions-lint.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/actions-lint.yml diff --git a/.github/workflows/actions-lint.yml b/.github/workflows/actions-lint.yml new file mode 100644 index 0000000..28f5955 --- /dev/null +++ b/.github/workflows/actions-lint.yml @@ -0,0 +1,23 @@ +name: Actions Lint + +on: + workflow_call: + +permissions: + contents: read + actions: read + +jobs: + lint: + name: Lint Workflow Files + runs-on: ubuntu-latest + steps: + - name: Run actionlint + uses: docker://rhysd/actionlint:1.7.12 + with: + args: -color + + - name: Run zizmor + uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + with: + advanced-security: false From 6ad2b707829757b8e30b002bafd4b0008ca5f89f Mon Sep 17 00:00:00 2001 From: JoyM1K1 Date: Tue, 7 Apr 2026 22:44:38 +0900 Subject: [PATCH 2/6] =?UTF-8?q?=F0=9F=93=9D=20add=20reusable=20workflow=20?= =?UTF-8?q?usage=20to=20README?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index 5a86cfe..07da832 100644 --- a/README.md +++ b/README.md @@ -1 +1,28 @@ # .github + +yellston-com organization の共有設定・Reusable Workflows を管理するリポジトリです。 + +## Reusable Workflows + +### Actions Lint + +[actionlint](https://github.com/rhysd/actionlint) と [zizmor](https://github.com/zizmorcore/zizmor) でワークフローファイルを lint します。 + +> [!IMPORTANT] +> このワークフローは `actions/checkout` を含みません。呼び出し側で checkout してください。 + +```yaml +name: Actions Lint + +on: + push: + branches: [main] + paths: ['.github/workflows/**'] + pull_request: + branches: [main] + paths: ['.github/workflows/**'] + +jobs: + lint: + uses: yellston-com/.github/.github/workflows/actions-lint.yml@main +``` From 13389d294353df80079c0921909e91d927440d75 Mon Sep 17 00:00:00 2001 From: JoyM1K1 Date: Tue, 7 Apr 2026 23:23:06 +0900 Subject: [PATCH 3/6] =?UTF-8?q?=E2=9C=A8=20add=20checkout=20step=20back=20?= =?UTF-8?q?to=20actions-lint=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/actions-lint.yml | 4 ++++ README.md | 3 --- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/actions-lint.yml b/.github/workflows/actions-lint.yml index 28f5955..0c354d4 100644 --- a/.github/workflows/actions-lint.yml +++ b/.github/workflows/actions-lint.yml @@ -12,6 +12,10 @@ jobs: name: Lint Workflow Files runs-on: ubuntu-latest steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + with: + persist-credentials: false + - name: Run actionlint uses: docker://rhysd/actionlint:1.7.12 with: diff --git a/README.md b/README.md index 07da832..fec91ef 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,6 @@ yellston-com organization の共有設定・Reusable Workflows を管理する [actionlint](https://github.com/rhysd/actionlint) と [zizmor](https://github.com/zizmorcore/zizmor) でワークフローファイルを lint します。 -> [!IMPORTANT] -> このワークフローは `actions/checkout` を含みません。呼び出し側で checkout してください。 - ```yaml name: Actions Lint From 1ad5185ebc6d4651d74ecc38fcfc9d9fa89ea6e6 Mon Sep 17 00:00:00 2001 From: JoyM1K1 Date: Tue, 7 Apr 2026 23:26:13 +0900 Subject: [PATCH 4/6] =?UTF-8?q?=E2=9C=A8=20add=20CI=20workflow=20to=20run?= =?UTF-8?q?=20actions-lint=20locally?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..3895f58 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,13 @@ +name: CI + +on: + push: + branches: [main] + paths: ['.github/workflows/**'] + pull_request: + branches: [main] + paths: ['.github/workflows/**'] + +jobs: + actions-lint: + uses: ./.github/workflows/actions-lint.yml From 7f34dbd2805990049851522c963f3f68a30192b9 Mon Sep 17 00:00:00 2001 From: JoyM1K1 Date: Tue, 7 Apr 2026 23:30:18 +0900 Subject: [PATCH 5/6] =?UTF-8?q?=F0=9F=90=9B=20fix=20permissions=20for=20re?= =?UTF-8?q?usable=20workflow=20caller?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/ci.yml | 4 ++++ README.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3895f58..3f7900d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,10 @@ on: branches: [main] paths: ['.github/workflows/**'] +permissions: + contents: read + actions: read + jobs: actions-lint: uses: ./.github/workflows/actions-lint.yml diff --git a/README.md b/README.md index fec91ef..84b6a1b 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,10 @@ on: branches: [main] paths: ['.github/workflows/**'] +permissions: + contents: read + actions: read + jobs: lint: uses: yellston-com/.github/.github/workflows/actions-lint.yml@main From 8f27331d836d0ea6f3d93209e3c3500a03db12e0 Mon Sep 17 00:00:00 2001 From: JoyM1K1 Date: Tue, 7 Apr 2026 23:35:42 +0900 Subject: [PATCH 6/6] =?UTF-8?q?=F0=9F=93=9D=20add=20tip=20about=20pinning?= =?UTF-8?q?=20commit=20hash=20in=20README?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 84b6a1b..be54a1c 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,9 @@ yellston-com organization の共有設定・Reusable Workflows を管理する [actionlint](https://github.com/rhysd/actionlint) と [zizmor](https://github.com/zizmorcore/zizmor) でワークフローファイルを lint します。 +> [!TIP] +> zizmor の unpinned-uses 警告を回避するには `@main` をコミットハッシュに置き換えてください。 + ```yaml name: Actions Lint