eslint-plugin-github-actions-2 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (217) hide show
  1. package/README.md +127 -127
  2. package/dist/_internal/github-actions-config-references.js +1 -1
  3. package/dist/_internal/github-actions-config-references.js.map +1 -1
  4. package/dist/_internal/rule-docs.d.ts +1 -1
  5. package/dist/_internal/rule-docs.d.ts.map +1 -1
  6. package/dist/_internal/workflow-permissions.d.ts +2 -0
  7. package/dist/_internal/workflow-permissions.d.ts.map +1 -1
  8. package/dist/_internal/workflow-permissions.js +54 -7
  9. package/dist/_internal/workflow-permissions.js.map +1 -1
  10. package/dist/plugin.cjs +276 -24
  11. package/dist/plugin.cjs.map +2 -2
  12. package/dist/plugin.d.ts.map +1 -1
  13. package/dist/plugin.js +1 -1
  14. package/dist/plugin.js.map +1 -1
  15. package/dist/rules/action-name-casing.d.ts.map +1 -1
  16. package/dist/rules/action-name-casing.js +4 -0
  17. package/dist/rules/action-name-casing.js.map +1 -1
  18. package/dist/rules/job-id-casing.d.ts.map +1 -1
  19. package/dist/rules/job-id-casing.js +4 -0
  20. package/dist/rules/job-id-casing.js.map +1 -1
  21. package/dist/rules/max-jobs-per-action.d.ts.map +1 -1
  22. package/dist/rules/max-jobs-per-action.js +4 -0
  23. package/dist/rules/max-jobs-per-action.js.map +1 -1
  24. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.d.ts.map +1 -1
  25. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.js +4 -0
  26. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.js.map +1 -1
  27. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.d.ts.map +1 -1
  28. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.js +4 -0
  29. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.js.map +1 -1
  30. package/dist/rules/no-external-job.d.ts.map +1 -1
  31. package/dist/rules/no-external-job.js +4 -0
  32. package/dist/rules/no-external-job.js.map +1 -1
  33. package/dist/rules/no-inherit-secrets.d.ts.map +1 -1
  34. package/dist/rules/no-inherit-secrets.js +4 -0
  35. package/dist/rules/no-inherit-secrets.js.map +1 -1
  36. package/dist/rules/no-invalid-concurrency-context.d.ts.map +1 -1
  37. package/dist/rules/no-invalid-concurrency-context.js +4 -0
  38. package/dist/rules/no-invalid-concurrency-context.js.map +1 -1
  39. package/dist/rules/no-invalid-reusable-workflow-job-key.d.ts.map +1 -1
  40. package/dist/rules/no-invalid-reusable-workflow-job-key.js +4 -0
  41. package/dist/rules/no-invalid-reusable-workflow-job-key.js.map +1 -1
  42. package/dist/rules/no-invalid-workflow-call-output-value.d.ts.map +1 -1
  43. package/dist/rules/no-invalid-workflow-call-output-value.js +4 -0
  44. package/dist/rules/no-invalid-workflow-call-output-value.js.map +1 -1
  45. package/dist/rules/no-pr-head-checkout-in-pull-request-target.d.ts.map +1 -1
  46. package/dist/rules/no-pr-head-checkout-in-pull-request-target.js +4 -0
  47. package/dist/rules/no-pr-head-checkout-in-pull-request-target.js.map +1 -1
  48. package/dist/rules/no-secrets-in-if.d.ts.map +1 -1
  49. package/dist/rules/no-secrets-in-if.js +4 -0
  50. package/dist/rules/no-secrets-in-if.js.map +1 -1
  51. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.d.ts.map +1 -1
  52. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.js +4 -0
  53. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.js.map +1 -1
  54. package/dist/rules/no-top-level-env.d.ts.map +1 -1
  55. package/dist/rules/no-top-level-env.js +4 -0
  56. package/dist/rules/no-top-level-env.js.map +1 -1
  57. package/dist/rules/no-top-level-permissions.d.ts.map +1 -1
  58. package/dist/rules/no-top-level-permissions.js +4 -1
  59. package/dist/rules/no-top-level-permissions.js.map +1 -1
  60. package/dist/rules/no-unknown-job-output-reference.d.ts.map +1 -1
  61. package/dist/rules/no-unknown-job-output-reference.js +4 -0
  62. package/dist/rules/no-unknown-job-output-reference.js.map +1 -1
  63. package/dist/rules/no-unknown-step-reference.d.ts.map +1 -1
  64. package/dist/rules/no-unknown-step-reference.js +4 -0
  65. package/dist/rules/no-unknown-step-reference.js.map +1 -1
  66. package/dist/rules/no-untrusted-input-in-run.d.ts.map +1 -1
  67. package/dist/rules/no-untrusted-input-in-run.js +4 -0
  68. package/dist/rules/no-untrusted-input-in-run.js.map +1 -1
  69. package/dist/rules/no-write-all-permissions.d.ts.map +1 -1
  70. package/dist/rules/no-write-all-permissions.js +4 -0
  71. package/dist/rules/no-write-all-permissions.js.map +1 -1
  72. package/dist/rules/pin-action-shas.d.ts.map +1 -1
  73. package/dist/rules/pin-action-shas.js +4 -0
  74. package/dist/rules/pin-action-shas.js.map +1 -1
  75. package/dist/rules/prefer-fail-fast.d.ts.map +1 -1
  76. package/dist/rules/prefer-fail-fast.js +4 -0
  77. package/dist/rules/prefer-fail-fast.js.map +1 -1
  78. package/dist/rules/prefer-file-extension.d.ts.map +1 -1
  79. package/dist/rules/prefer-file-extension.js +4 -0
  80. package/dist/rules/prefer-file-extension.js.map +1 -1
  81. package/dist/rules/prefer-inputs-context.d.ts.map +1 -1
  82. package/dist/rules/prefer-inputs-context.js +4 -0
  83. package/dist/rules/prefer-inputs-context.js.map +1 -1
  84. package/dist/rules/prefer-step-uses-style.d.ts.map +1 -1
  85. package/dist/rules/prefer-step-uses-style.js +4 -0
  86. package/dist/rules/prefer-step-uses-style.js.map +1 -1
  87. package/dist/rules/require-checkout-before-local-action.d.ts.map +1 -1
  88. package/dist/rules/require-checkout-before-local-action.js +4 -0
  89. package/dist/rules/require-checkout-before-local-action.js.map +1 -1
  90. package/dist/rules/require-codeql-actions-read.d.ts.map +1 -1
  91. package/dist/rules/require-codeql-actions-read.js +4 -0
  92. package/dist/rules/require-codeql-actions-read.js.map +1 -1
  93. package/dist/rules/require-codeql-branch-filters.d.ts.map +1 -1
  94. package/dist/rules/require-codeql-branch-filters.js +4 -0
  95. package/dist/rules/require-codeql-branch-filters.js.map +1 -1
  96. package/dist/rules/require-codeql-category-when-language-matrix.d.ts.map +1 -1
  97. package/dist/rules/require-codeql-category-when-language-matrix.js +4 -0
  98. package/dist/rules/require-codeql-category-when-language-matrix.js.map +1 -1
  99. package/dist/rules/require-codeql-pull-request-trigger.d.ts.map +1 -1
  100. package/dist/rules/require-codeql-pull-request-trigger.js +4 -0
  101. package/dist/rules/require-codeql-pull-request-trigger.js.map +1 -1
  102. package/dist/rules/require-codeql-schedule.d.ts.map +1 -1
  103. package/dist/rules/require-codeql-schedule.js +4 -0
  104. package/dist/rules/require-codeql-schedule.js.map +1 -1
  105. package/dist/rules/require-codeql-security-events-write.d.ts.map +1 -1
  106. package/dist/rules/require-codeql-security-events-write.js +4 -0
  107. package/dist/rules/require-codeql-security-events-write.js.map +1 -1
  108. package/dist/rules/require-dependabot-automation-permissions.d.ts.map +1 -1
  109. package/dist/rules/require-dependabot-automation-permissions.js +4 -0
  110. package/dist/rules/require-dependabot-automation-permissions.js.map +1 -1
  111. package/dist/rules/require-dependabot-automation-pull-request-trigger.d.ts.map +1 -1
  112. package/dist/rules/require-dependabot-automation-pull-request-trigger.js +4 -0
  113. package/dist/rules/require-dependabot-automation-pull-request-trigger.js.map +1 -1
  114. package/dist/rules/require-dependabot-bot-actor-guard.d.ts.map +1 -1
  115. package/dist/rules/require-dependabot-bot-actor-guard.js +4 -0
  116. package/dist/rules/require-dependabot-bot-actor-guard.js.map +1 -1
  117. package/dist/rules/require-dependabot-open-pull-requests-limit.d.ts.map +1 -1
  118. package/dist/rules/require-dependabot-open-pull-requests-limit.js +32 -2
  119. package/dist/rules/require-dependabot-open-pull-requests-limit.js.map +1 -1
  120. package/dist/rules/require-dependency-review-fail-on-severity.d.ts.map +1 -1
  121. package/dist/rules/require-dependency-review-fail-on-severity.js +4 -0
  122. package/dist/rules/require-dependency-review-fail-on-severity.js.map +1 -1
  123. package/dist/rules/require-dependency-review-permissions-contents-read.d.ts.map +1 -1
  124. package/dist/rules/require-dependency-review-permissions-contents-read.js +23 -18
  125. package/dist/rules/require-dependency-review-permissions-contents-read.js.map +1 -1
  126. package/dist/rules/require-dependency-review-pull-request-trigger.d.ts.map +1 -1
  127. package/dist/rules/require-dependency-review-pull-request-trigger.js +4 -0
  128. package/dist/rules/require-dependency-review-pull-request-trigger.js.map +1 -1
  129. package/dist/rules/require-fetch-metadata-github-token.d.ts.map +1 -1
  130. package/dist/rules/require-fetch-metadata-github-token.js +4 -0
  131. package/dist/rules/require-fetch-metadata-github-token.js.map +1 -1
  132. package/dist/rules/require-job-name.d.ts.map +1 -1
  133. package/dist/rules/require-job-name.js +4 -0
  134. package/dist/rules/require-job-name.js.map +1 -1
  135. package/dist/rules/require-job-step-name.d.ts.map +1 -1
  136. package/dist/rules/require-job-step-name.js +4 -0
  137. package/dist/rules/require-job-step-name.js.map +1 -1
  138. package/dist/rules/require-job-timeout-minutes.d.ts.map +1 -1
  139. package/dist/rules/require-job-timeout-minutes.js +4 -0
  140. package/dist/rules/require-job-timeout-minutes.js.map +1 -1
  141. package/dist/rules/require-merge-group-trigger.d.ts.map +1 -1
  142. package/dist/rules/require-merge-group-trigger.js +4 -0
  143. package/dist/rules/require-merge-group-trigger.js.map +1 -1
  144. package/dist/rules/require-pull-request-target-branches.d.ts.map +1 -1
  145. package/dist/rules/require-pull-request-target-branches.js +4 -0
  146. package/dist/rules/require-pull-request-target-branches.js.map +1 -1
  147. package/dist/rules/require-run-step-shell.d.ts.map +1 -1
  148. package/dist/rules/require-run-step-shell.js +4 -0
  149. package/dist/rules/require-run-step-shell.js.map +1 -1
  150. package/dist/rules/require-sarif-upload-security-events-write.d.ts.map +1 -1
  151. package/dist/rules/require-sarif-upload-security-events-write.js +4 -0
  152. package/dist/rules/require-sarif-upload-security-events-write.js.map +1 -1
  153. package/dist/rules/require-scorecard-results-format-sarif.d.ts.map +1 -1
  154. package/dist/rules/require-scorecard-results-format-sarif.js +4 -0
  155. package/dist/rules/require-scorecard-results-format-sarif.js.map +1 -1
  156. package/dist/rules/require-scorecard-upload-sarif-step.d.ts.map +1 -1
  157. package/dist/rules/require-scorecard-upload-sarif-step.js +4 -0
  158. package/dist/rules/require-scorecard-upload-sarif-step.js.map +1 -1
  159. package/dist/rules/require-secret-scan-contents-read.d.ts.map +1 -1
  160. package/dist/rules/require-secret-scan-contents-read.js +7 -3
  161. package/dist/rules/require-secret-scan-contents-read.js.map +1 -1
  162. package/dist/rules/require-secret-scan-fetch-depth-zero.d.ts.map +1 -1
  163. package/dist/rules/require-secret-scan-fetch-depth-zero.js +4 -0
  164. package/dist/rules/require-secret-scan-fetch-depth-zero.js.map +1 -1
  165. package/dist/rules/require-secret-scan-schedule.d.ts.map +1 -1
  166. package/dist/rules/require-secret-scan-schedule.js +4 -0
  167. package/dist/rules/require-secret-scan-schedule.js.map +1 -1
  168. package/dist/rules/require-trigger-types.d.ts.map +1 -1
  169. package/dist/rules/require-trigger-types.js +4 -0
  170. package/dist/rules/require-trigger-types.js.map +1 -1
  171. package/dist/rules/require-trufflehog-verified-results-mode.d.ts.map +1 -1
  172. package/dist/rules/require-trufflehog-verified-results-mode.js +4 -0
  173. package/dist/rules/require-trufflehog-verified-results-mode.js.map +1 -1
  174. package/dist/rules/require-workflow-call-input-type.d.ts.map +1 -1
  175. package/dist/rules/require-workflow-call-input-type.js +4 -0
  176. package/dist/rules/require-workflow-call-input-type.js.map +1 -1
  177. package/dist/rules/require-workflow-call-output-value.d.ts.map +1 -1
  178. package/dist/rules/require-workflow-call-output-value.js +4 -0
  179. package/dist/rules/require-workflow-call-output-value.js.map +1 -1
  180. package/dist/rules/require-workflow-concurrency.d.ts.map +1 -1
  181. package/dist/rules/require-workflow-concurrency.js +4 -0
  182. package/dist/rules/require-workflow-concurrency.js.map +1 -1
  183. package/dist/rules/require-workflow-dispatch-input-type.d.ts.map +1 -1
  184. package/dist/rules/require-workflow-dispatch-input-type.js +4 -0
  185. package/dist/rules/require-workflow-dispatch-input-type.js.map +1 -1
  186. package/dist/rules/require-workflow-interface-description.d.ts.map +1 -1
  187. package/dist/rules/require-workflow-interface-description.js +4 -0
  188. package/dist/rules/require-workflow-interface-description.js.map +1 -1
  189. package/dist/rules/require-workflow-run-branches.d.ts.map +1 -1
  190. package/dist/rules/require-workflow-run-branches.js +4 -0
  191. package/dist/rules/require-workflow-run-branches.js.map +1 -1
  192. package/dist/rules/valid-timeout-minutes.d.ts.map +1 -1
  193. package/dist/rules/valid-timeout-minutes.js +4 -0
  194. package/dist/rules/valid-timeout-minutes.js.map +1 -1
  195. package/dist/rules/valid-trigger-events.d.ts.map +1 -1
  196. package/dist/rules/valid-trigger-events.js +4 -0
  197. package/dist/rules/valid-trigger-events.js.map +1 -1
  198. package/docs/rules/guides/authoring-rules.md +34 -0
  199. package/docs/rules/guides/docs-authoring.md +34 -0
  200. package/docs/rules/guides/index.md +15 -0
  201. package/docs/rules/guides/testing-rules.md +34 -0
  202. package/docs/rules/no-top-level-permissions.md +4 -4
  203. package/docs/rules/presets/action-metadata.md +8 -8
  204. package/docs/rules/presets/all.md +123 -124
  205. package/docs/rules/presets/code-scanning.md +8 -8
  206. package/docs/rules/presets/dependabot.md +8 -8
  207. package/docs/rules/presets/index.md +119 -123
  208. package/docs/rules/presets/recommended.md +8 -8
  209. package/docs/rules/presets/security.md +8 -8
  210. package/docs/rules/presets/strict.md +8 -8
  211. package/docs/rules/presets/workflow-template-properties.md +8 -8
  212. package/docs/rules/presets/workflow-templates.md +8 -8
  213. package/docs/rules/require-dependabot-open-pull-requests-limit.md +21 -4
  214. package/docs/rules/require-dependency-review-permissions-contents-read.md +15 -4
  215. package/docs/rules/require-secret-scan-contents-read.md +10 -2
  216. package/docs/rules/require-workflow-permissions.md +4 -4
  217. package/package.json +1 -1
package/dist/plugin.cjs CHANGED
@@ -39,7 +39,7 @@ var yamlParser = __toESM(require("yaml-eslint-parser"), 1);
39
39
  var package_default = {
40
40
  $schema: "https://www.schemastore.org/package.json",
41
41
  name: "eslint-plugin-github-actions-2",
42
- version: "1.0.4",
42
+ version: "1.0.6",
43
43
  private: false,
44
44
  description: "ESLint plugin for GitHub Actions workflow quality, reliability, and security rules.",
45
45
  keywords: [
@@ -717,7 +717,7 @@ var githubActionsConfigMetadataByName = {
717
717
  presetName: "github-actions:action-metadata"
718
718
  },
719
719
  all: {
720
- description: "Enables every available rule published by this plugin across workflows, action metadata, workflow templates, and Dependabot configuration.",
720
+ description: "Enables the complete bundled rule set across workflows, action metadata, workflow templates, and Dependabot configuration, while leaving explicitly opt-in policy rules manual.",
721
721
  files: [
722
722
  ...WORKFLOW_FILE_GLOBS,
723
723
  ...ACTION_METADATA_FILE_GLOBS,
@@ -1432,6 +1432,9 @@ var rule = {
1432
1432
  const { allowedCasings, ignoredNames } = normalizeActionNameCasingOptions(option ?? void 0);
1433
1433
  return {
1434
1434
  Program() {
1435
+ if (!isWorkflowFile(context.filename)) {
1436
+ return;
1437
+ }
1435
1438
  const root = getWorkflowRoot(context);
1436
1439
  if (root === null) {
1437
1440
  return;
@@ -1560,6 +1563,9 @@ var rule2 = {
1560
1563
  const { allowedCasings, ignoredJobIds } = normalizeJobIdCasingOptions(option ?? void 0);
1561
1564
  return {
1562
1565
  Program() {
1566
+ if (!isWorkflowFile(context.filename)) {
1567
+ return;
1568
+ }
1563
1569
  const root = getWorkflowRoot(context);
1564
1570
  if (root === null) {
1565
1571
  return;
@@ -1667,6 +1673,9 @@ var rule3 = {
1667
1673
  const maxJobs = configuredMaxJobs >= 1 ? configuredMaxJobs : DEFAULT_MAX_JOBS;
1668
1674
  return {
1669
1675
  Program() {
1676
+ if (!isWorkflowFile(context.filename)) {
1677
+ return;
1678
+ }
1670
1679
  const root = getWorkflowRoot(context);
1671
1680
  if (root === null) {
1672
1681
  return;
@@ -1894,6 +1903,9 @@ var rule5 = {
1894
1903
  create(context) {
1895
1904
  return {
1896
1905
  Program() {
1906
+ if (!isWorkflowFile(context.filename)) {
1907
+ return;
1908
+ }
1897
1909
  const root = getWorkflowRoot(context);
1898
1910
  if (root === null) {
1899
1911
  return;
@@ -1945,6 +1957,9 @@ var rule6 = {
1945
1957
  create(context) {
1946
1958
  return {
1947
1959
  Program() {
1960
+ if (!isWorkflowFile(context.filename)) {
1961
+ return;
1962
+ }
1948
1963
  const root = getWorkflowRoot(context);
1949
1964
  if (root === null) {
1950
1965
  return;
@@ -2361,6 +2376,9 @@ var rule11 = {
2361
2376
  create(context) {
2362
2377
  return {
2363
2378
  Program() {
2379
+ if (!isWorkflowFile(context.filename)) {
2380
+ return;
2381
+ }
2364
2382
  const root = getWorkflowRoot(context);
2365
2383
  if (root === null) {
2366
2384
  return;
@@ -2525,6 +2543,9 @@ var rule14 = {
2525
2543
  create(context) {
2526
2544
  return {
2527
2545
  Program() {
2546
+ if (!isWorkflowFile(context.filename)) {
2547
+ return;
2548
+ }
2528
2549
  const root = getWorkflowRoot(context);
2529
2550
  if (root === null) {
2530
2551
  return;
@@ -2733,6 +2754,9 @@ var rule15 = {
2733
2754
  create(context) {
2734
2755
  return {
2735
2756
  Program() {
2757
+ if (!isWorkflowFile(context.filename)) {
2758
+ return;
2759
+ }
2736
2760
  const root = getWorkflowRoot(context);
2737
2761
  if (root === null) {
2738
2762
  return;
@@ -2957,6 +2981,9 @@ var rule17 = {
2957
2981
  create(context) {
2958
2982
  return {
2959
2983
  Program() {
2984
+ if (!isWorkflowFile(context.filename)) {
2985
+ return;
2986
+ }
2960
2987
  const root = getWorkflowRoot(context);
2961
2988
  if (root === null) {
2962
2989
  return;
@@ -3081,6 +3108,9 @@ var rule19 = {
3081
3108
  create(context) {
3082
3109
  return {
3083
3110
  Program() {
3111
+ if (!isWorkflowFile(context.filename)) {
3112
+ return;
3113
+ }
3084
3114
  const root = getWorkflowRoot(context);
3085
3115
  if (root === null) {
3086
3116
  return;
@@ -3517,6 +3547,9 @@ var rule23 = {
3517
3547
  create(context) {
3518
3548
  return {
3519
3549
  Program() {
3550
+ if (!isWorkflowFile(context.filename)) {
3551
+ return;
3552
+ }
3520
3553
  const root = getWorkflowRoot(context);
3521
3554
  if (root === null) {
3522
3555
  return;
@@ -3743,6 +3776,9 @@ var rule26 = {
3743
3776
  create(context) {
3744
3777
  return {
3745
3778
  Program() {
3779
+ if (!isWorkflowFile(context.filename)) {
3780
+ return;
3781
+ }
3746
3782
  const root = getWorkflowRoot(context);
3747
3783
  if (root === null) {
3748
3784
  return;
@@ -3834,6 +3870,9 @@ var rule27 = {
3834
3870
  create(context) {
3835
3871
  return {
3836
3872
  Program() {
3873
+ if (!isWorkflowFile(context.filename)) {
3874
+ return;
3875
+ }
3837
3876
  const root = getWorkflowRoot(context);
3838
3877
  if (root === null) {
3839
3878
  return;
@@ -3999,6 +4038,9 @@ var rule30 = {
3999
4038
  create(context) {
4000
4039
  return {
4001
4040
  Program() {
4041
+ if (!isWorkflowFile(context.filename)) {
4042
+ return;
4043
+ }
4002
4044
  const root = getWorkflowRoot(context);
4003
4045
  if (root === null) {
4004
4046
  return;
@@ -4043,6 +4085,9 @@ var rule31 = {
4043
4085
  create(context) {
4044
4086
  return {
4045
4087
  Program() {
4088
+ if (!isWorkflowFile(context.filename)) {
4089
+ return;
4090
+ }
4046
4091
  const root = getWorkflowRoot(context);
4047
4092
  if (root === null) {
4048
4093
  return;
@@ -4060,7 +4105,6 @@ var rule31 = {
4060
4105
  meta: {
4061
4106
  deprecated: false,
4062
4107
  docs: {
4063
- configs: ["github-actions.configs.all"],
4064
4108
  description: "disallow top-level workflow `permissions` when you want every job to declare its own token scope explicitly.",
4065
4109
  dialects: ["GitHub Actions workflow"],
4066
4110
  frozen: false,
@@ -4338,6 +4382,9 @@ var rule35 = {
4338
4382
  create(context) {
4339
4383
  return {
4340
4384
  Program() {
4385
+ if (!isWorkflowFile(context.filename)) {
4386
+ return;
4387
+ }
4341
4388
  const root = getWorkflowRoot(context);
4342
4389
  if (root === null) {
4343
4390
  return;
@@ -4538,6 +4585,9 @@ var rule36 = {
4538
4585
  create(context) {
4539
4586
  return {
4540
4587
  Program() {
4588
+ if (!isWorkflowFile(context.filename)) {
4589
+ return;
4590
+ }
4541
4591
  const root = getWorkflowRoot(context);
4542
4592
  if (root === null) {
4543
4593
  return;
@@ -4657,6 +4707,9 @@ var rule37 = {
4657
4707
  create(context) {
4658
4708
  return {
4659
4709
  Program() {
4710
+ if (!isWorkflowFile(context.filename)) {
4711
+ return;
4712
+ }
4660
4713
  const root = getWorkflowRoot(context);
4661
4714
  if (root === null) {
4662
4715
  return;
@@ -4858,6 +4911,9 @@ var rule40 = {
4858
4911
  };
4859
4912
  return {
4860
4913
  Program() {
4914
+ if (!isWorkflowFile(context.filename)) {
4915
+ return;
4916
+ }
4861
4917
  const root = getWorkflowRoot(context);
4862
4918
  if (root === null) {
4863
4919
  return;
@@ -4933,6 +4989,9 @@ var rule41 = {
4933
4989
  };
4934
4990
  return {
4935
4991
  Program() {
4992
+ if (!isWorkflowFile(context.filename)) {
4993
+ return;
4994
+ }
4936
4995
  const root = getWorkflowRoot(context);
4937
4996
  if (root === null) {
4938
4997
  return;
@@ -5035,6 +5094,9 @@ var rule43 = {
5035
5094
  create(context) {
5036
5095
  return {
5037
5096
  Program() {
5097
+ if (!isWorkflowFile(context.filename)) {
5098
+ return;
5099
+ }
5038
5100
  const root = getWorkflowRoot(context);
5039
5101
  if (root === null) {
5040
5102
  return;
@@ -5111,6 +5173,9 @@ var rule44 = {
5111
5173
  const { caseSensitive, extension } = normalizePreferFileExtensionOptions(option ?? void 0);
5112
5174
  return {
5113
5175
  Program(node) {
5176
+ if (!isWorkflowFile(context.filename)) {
5177
+ return;
5178
+ }
5114
5179
  const actualExtensionWithDot = (0, import_node_path3.extname)(context.filename);
5115
5180
  if (actualExtensionWithDot.length === 0) {
5116
5181
  return;
@@ -5223,6 +5288,9 @@ var rule45 = {
5223
5288
  create(context) {
5224
5289
  return {
5225
5290
  Program() {
5291
+ if (!isWorkflowFile(context.filename)) {
5292
+ return;
5293
+ }
5226
5294
  const root = getWorkflowRoot(context);
5227
5295
  if (root === null) {
5228
5296
  return;
@@ -5351,6 +5419,9 @@ var rule46 = {
5351
5419
  const { allowDocker, allowedStyles, allowRepository, ignoredReferences } = normalizeStepUsesStyleOptions(option ?? void 0);
5352
5420
  return {
5353
5421
  Program() {
5422
+ if (!isWorkflowFile(context.filename)) {
5423
+ return;
5424
+ }
5354
5425
  const root = getWorkflowRoot(context);
5355
5426
  if (root === null) {
5356
5427
  return;
@@ -5648,6 +5719,9 @@ var rule50 = {
5648
5719
  create(context) {
5649
5720
  return {
5650
5721
  Program() {
5722
+ if (!isWorkflowFile(context.filename)) {
5723
+ return;
5724
+ }
5651
5725
  const root = getWorkflowRoot(context);
5652
5726
  if (root === null) {
5653
5727
  return;
@@ -5715,25 +5789,59 @@ var require_checkout_before_local_action_default = rule50;
5715
5789
 
5716
5790
  // dist/_internal/workflow-permissions.js
5717
5791
  var getPermissionsNode = (mapping) => getMappingPair(mapping, "permissions")?.value ?? null;
5718
- var scalarPermissionSatisfies = (scalarValue, requiredLevel) => {
5792
+ var getScalarPermissionLevel = (scalarValue) => {
5719
5793
  const normalizedValue = scalarValue.trim().toLowerCase();
5794
+ if (normalizedValue === "read-all") {
5795
+ return "read";
5796
+ }
5720
5797
  if (normalizedValue === "write-all") {
5798
+ return "write";
5799
+ }
5800
+ return null;
5801
+ };
5802
+ var scalarPermissionSatisfies = (scalarValue, requiredLevel) => {
5803
+ const permissionLevel = getScalarPermissionLevel(scalarValue);
5804
+ if (permissionLevel === "write") {
5721
5805
  return true;
5722
5806
  }
5723
5807
  if (requiredLevel === "read") {
5724
- return normalizedValue === "read-all";
5808
+ return permissionLevel === "read";
5725
5809
  }
5726
5810
  return false;
5727
5811
  };
5728
- var mappingPermissionSatisfies = (permissionsMapping, permissionName, requiredLevel) => {
5812
+ var getMappingPermissionLevel = (permissionsMapping, permissionName) => {
5729
5813
  const permissionValue = getScalarStringValue(getMappingPair(permissionsMapping, permissionName)?.value ?? null)?.trim();
5730
5814
  if (permissionValue === void 0 || permissionValue.length === 0) {
5815
+ return null;
5816
+ }
5817
+ if (permissionValue === "read") {
5818
+ return "read";
5819
+ }
5820
+ if (permissionValue === "write") {
5821
+ return "write";
5822
+ }
5823
+ return null;
5824
+ };
5825
+ var mappingPermissionSatisfies = (permissionsMapping, permissionName, requiredLevel) => {
5826
+ const permissionLevel = getMappingPermissionLevel(permissionsMapping, permissionName);
5827
+ if (permissionLevel === null) {
5731
5828
  return false;
5732
5829
  }
5733
5830
  if (requiredLevel === "read") {
5734
- return permissionValue === "read" || permissionValue === "write";
5831
+ return permissionLevel === "read" || permissionLevel === "write";
5735
5832
  }
5736
- return permissionValue === "write";
5833
+ return permissionLevel === "write";
5834
+ };
5835
+ var getPermissionsNodeLevel = (permissionsNode, permissionName) => {
5836
+ const scalarValue = getScalarStringValue(permissionsNode)?.trim();
5837
+ if (scalarValue !== void 0 && scalarValue.length > 0) {
5838
+ return getScalarPermissionLevel(scalarValue);
5839
+ }
5840
+ const unwrappedPermissionsNode = unwrapYamlValue(permissionsNode);
5841
+ if (unwrappedPermissionsNode?.type === "YAMLMapping") {
5842
+ return getMappingPermissionLevel(unwrappedPermissionsNode, permissionName);
5843
+ }
5844
+ return null;
5737
5845
  };
5738
5846
  var permissionsNodeSatisfies = (permissionsNode, permissionName, requiredLevel) => {
5739
5847
  const scalarValue = getScalarStringValue(permissionsNode)?.trim();
@@ -5753,12 +5861,22 @@ var hasRequiredWorkflowPermission = (root, job, permissionName, requiredLevel) =
5753
5861
  }
5754
5862
  return permissionsNodeSatisfies(getPermissionsNode(root), permissionName, requiredLevel);
5755
5863
  };
5864
+ var hasExactWorkflowPermission = (root, job, permissionName, requiredLevel) => {
5865
+ const jobPermissionsNode = getPermissionsNode(job.mapping);
5866
+ if (jobPermissionsNode !== null) {
5867
+ return getPermissionsNodeLevel(jobPermissionsNode, permissionName) === requiredLevel;
5868
+ }
5869
+ return getPermissionsNodeLevel(getPermissionsNode(root), permissionName) === requiredLevel;
5870
+ };
5756
5871
 
5757
5872
  // dist/rules/require-codeql-actions-read.js
5758
5873
  var rule51 = {
5759
5874
  create(context) {
5760
5875
  return {
5761
5876
  Program() {
5877
+ if (!isWorkflowFile(context.filename)) {
5878
+ return;
5879
+ }
5762
5880
  const root = getWorkflowRoot(context);
5763
5881
  if (root === null) {
5764
5882
  return;
@@ -5836,6 +5954,9 @@ var rule52 = {
5836
5954
  create(context) {
5837
5955
  return {
5838
5956
  Program() {
5957
+ if (!isWorkflowFile(context.filename)) {
5958
+ return;
5959
+ }
5839
5960
  const root = getWorkflowRoot(context);
5840
5961
  if (root === null || getCodeqlInitSteps(root).length === 0) {
5841
5962
  return;
@@ -5894,6 +6015,9 @@ var rule53 = {
5894
6015
  create(context) {
5895
6016
  return {
5896
6017
  Program() {
6018
+ if (!isWorkflowFile(context.filename)) {
6019
+ return;
6020
+ }
5897
6021
  const root = getWorkflowRoot(context);
5898
6022
  if (root === null) {
5899
6023
  return;
@@ -5949,6 +6073,9 @@ var rule54 = {
5949
6073
  create(context) {
5950
6074
  return {
5951
6075
  Program(node) {
6076
+ if (!isWorkflowFile(context.filename)) {
6077
+ return;
6078
+ }
5952
6079
  const root = getWorkflowRoot(context);
5953
6080
  if (root === null || getCodeqlInitSteps(root).length === 0) {
5954
6081
  return;
@@ -5993,6 +6120,9 @@ var rule55 = {
5993
6120
  create(context) {
5994
6121
  return {
5995
6122
  Program(node) {
6123
+ if (!isWorkflowFile(context.filename)) {
6124
+ return;
6125
+ }
5996
6126
  const root = getWorkflowRoot(context);
5997
6127
  if (root === null || getCodeqlInitSteps(root).length === 0) {
5998
6128
  return;
@@ -6037,6 +6167,9 @@ var rule56 = {
6037
6167
  create(context) {
6038
6168
  return {
6039
6169
  Program() {
6170
+ if (!isWorkflowFile(context.filename)) {
6171
+ return;
6172
+ }
6040
6173
  const root = getWorkflowRoot(context);
6041
6174
  if (root === null) {
6042
6175
  return;
@@ -6213,6 +6346,9 @@ var rule59 = {
6213
6346
  create(context) {
6214
6347
  return {
6215
6348
  Program() {
6349
+ if (!isWorkflowFile(context.filename)) {
6350
+ return;
6351
+ }
6216
6352
  const root = getWorkflowRoot(context);
6217
6353
  if (root === null) {
6218
6354
  return;
@@ -6275,6 +6411,9 @@ var rule60 = {
6275
6411
  create(context) {
6276
6412
  return {
6277
6413
  Program(node) {
6414
+ if (!isWorkflowFile(context.filename)) {
6415
+ return;
6416
+ }
6278
6417
  const root = getWorkflowRoot(context);
6279
6418
  if (root === null || !hasDependabotAutomation(root)) {
6280
6419
  return;
@@ -6320,6 +6459,9 @@ var rule61 = {
6320
6459
  create(context) {
6321
6460
  return {
6322
6461
  Program() {
6462
+ if (!isWorkflowFile(context.filename)) {
6463
+ return;
6464
+ }
6323
6465
  const root = getWorkflowRoot(context);
6324
6466
  if (root === null || !hasDependabotAutomation(root)) {
6325
6467
  return;
@@ -6771,6 +6913,7 @@ var require_dependabot_labels_default = rule68;
6771
6913
  // dist/rules/require-dependabot-open-pull-requests-limit.js
6772
6914
  var rule69 = {
6773
6915
  create(context) {
6916
+ const reportedGroupNames = /* @__PURE__ */ new Set();
6774
6917
  return {
6775
6918
  Program() {
6776
6919
  const root = getDependabotRoot(context);
@@ -6779,6 +6922,30 @@ var rule69 = {
6779
6922
  }
6780
6923
  for (const update of getDependabotUpdateEntries(root)) {
6781
6924
  const limitPair = getMappingPair(update.mapping, "open-pull-requests-limit");
6925
+ if (update.multiEcosystemGroup !== null) {
6926
+ if (limitPair !== null) {
6927
+ context.report({
6928
+ data: {
6929
+ updateLabel: getDependabotUpdateLabel(update)
6930
+ },
6931
+ messageId: "unsupportedOpenPullRequestsLimitOnGroupedUpdate",
6932
+ node: limitPair.key
6933
+ });
6934
+ }
6935
+ const groupMapping = getDependabotReferencedGroup(root, update);
6936
+ const groupLimitPair = groupMapping === null ? null : getMappingPair(groupMapping, "open-pull-requests-limit");
6937
+ if (groupLimitPair !== null && !reportedGroupNames.has(update.multiEcosystemGroup)) {
6938
+ reportedGroupNames.add(update.multiEcosystemGroup);
6939
+ context.report({
6940
+ data: {
6941
+ groupName: update.multiEcosystemGroup
6942
+ },
6943
+ messageId: "unsupportedOpenPullRequestsLimitOnGroup",
6944
+ node: groupLimitPair.key
6945
+ });
6946
+ }
6947
+ continue;
6948
+ }
6782
6949
  const limitValue = getScalarNumberValue(limitPair?.value ?? null);
6783
6950
  if (limitValue !== null) {
6784
6951
  continue;
@@ -6801,7 +6968,7 @@ var rule69 = {
6801
6968
  "github-actions.configs.all",
6802
6969
  "github-actions.configs.dependabot"
6803
6970
  ],
6804
- description: "require Dependabot update entries to define `open-pull-requests-limit`.",
6971
+ description: "require standalone Dependabot update entries to define `open-pull-requests-limit`.",
6805
6972
  dialects: ["Dependabot configuration"],
6806
6973
  frozen: false,
6807
6974
  recommended: true,
@@ -6811,7 +6978,9 @@ var rule69 = {
6811
6978
  url: "https://nick2bad4u.github.io/eslint-plugin-github-actions-2/docs/rules/require-dependabot-open-pull-requests-limit"
6812
6979
  },
6813
6980
  messages: {
6814
- missingOpenPullRequestsLimit: "{{updateLabel}} should define `open-pull-requests-limit` so Dependabot pull request volume is explicitly controlled."
6981
+ missingOpenPullRequestsLimit: "{{updateLabel}} should define `open-pull-requests-limit` so Dependabot pull request volume is explicitly controlled.",
6982
+ unsupportedOpenPullRequestsLimitOnGroup: "Multi-ecosystem group '{{groupName}}' should not define `open-pull-requests-limit`. Grouped updates already consolidate into a single Dependabot pull request.",
6983
+ unsupportedOpenPullRequestsLimitOnGroupedUpdate: "{{updateLabel}} uses `multi-ecosystem-group` and should not define `open-pull-requests-limit`. Grouped updates already consolidate into a single Dependabot pull request."
6815
6984
  },
6816
6985
  schema: [],
6817
6986
  type: "suggestion"
@@ -7466,6 +7635,9 @@ var rule81 = {
7466
7635
  create(context) {
7467
7636
  return {
7468
7637
  Program() {
7638
+ if (!isWorkflowFile(context.filename)) {
7639
+ return;
7640
+ }
7469
7641
  const root = getWorkflowRoot(context);
7470
7642
  if (root === null) {
7471
7643
  return;
@@ -7519,20 +7691,28 @@ var rule82 = {
7519
7691
  create(context) {
7520
7692
  return {
7521
7693
  Program() {
7694
+ if (!isWorkflowFile(context.filename)) {
7695
+ return;
7696
+ }
7522
7697
  const root = getWorkflowRoot(context);
7523
7698
  if (root === null || !hasDependencyReviewAction(root)) {
7524
7699
  return;
7525
7700
  }
7526
- const permissionsMapping = getMappingValueAsMapping(root, "permissions");
7527
- const contentsPair = permissionsMapping === null ? null : getMappingPair(permissionsMapping, "contents");
7528
- const contentsValue = getScalarStringValue(contentsPair?.value ?? null)?.trim();
7529
- if (contentsValue === "read") {
7530
- return;
7701
+ const seenJobIds = /* @__PURE__ */ new Set();
7702
+ for (const step of getDependencyReviewActionSteps(root)) {
7703
+ if (seenJobIds.has(step.job.id)) {
7704
+ continue;
7705
+ }
7706
+ seenJobIds.add(step.job.id);
7707
+ if (hasExactWorkflowPermission(root, step.job, "contents", "read")) {
7708
+ continue;
7709
+ }
7710
+ context.report({
7711
+ data: { jobId: step.job.id },
7712
+ messageId: "missingContentsReadPermission",
7713
+ node: step.job.idNode
7714
+ });
7531
7715
  }
7532
- context.report({
7533
- messageId: "missingContentsReadPermission",
7534
- node: contentsPair?.value ?? contentsPair ?? permissionsMapping ?? root
7535
- });
7536
7716
  }
7537
7717
  };
7538
7718
  },
@@ -7544,7 +7724,7 @@ var rule82 = {
7544
7724
  "github-actions.configs.codeScanning",
7545
7725
  "github-actions.configs.security"
7546
7726
  ],
7547
- description: "require workflows using `actions/dependency-review-action` to set top-level `permissions.contents: read`.",
7727
+ description: "require jobs using `actions/dependency-review-action` to grant effective `contents: read`.",
7548
7728
  dialects: ["GitHub Actions workflow"],
7549
7729
  frozen: false,
7550
7730
  recommended: false,
@@ -7554,7 +7734,7 @@ var rule82 = {
7554
7734
  url: "https://nick2bad4u.github.io/eslint-plugin-github-actions-2/docs/rules/require-dependency-review-permissions-contents-read"
7555
7735
  },
7556
7736
  messages: {
7557
- missingContentsReadPermission: "Workflows using `actions/dependency-review-action` should set top-level `permissions.contents: read`."
7737
+ missingContentsReadPermission: "Job '{{jobId}}' uses `actions/dependency-review-action` and should grant effective `contents: read` at the job or workflow level."
7558
7738
  },
7559
7739
  schema: [],
7560
7740
  type: "problem"
@@ -7567,6 +7747,9 @@ var rule83 = {
7567
7747
  create(context) {
7568
7748
  return {
7569
7749
  Program() {
7750
+ if (!isWorkflowFile(context.filename)) {
7751
+ return;
7752
+ }
7570
7753
  const root = getWorkflowRoot(context);
7571
7754
  if (root === null || !hasDependencyReviewAction(root)) {
7572
7755
  return;
@@ -7612,6 +7795,9 @@ var rule84 = {
7612
7795
  create(context) {
7613
7796
  return {
7614
7797
  Program() {
7798
+ if (!isWorkflowFile(context.filename)) {
7799
+ return;
7800
+ }
7615
7801
  const root = getWorkflowRoot(context);
7616
7802
  if (root === null) {
7617
7803
  return;
@@ -7662,6 +7848,9 @@ var rule85 = {
7662
7848
  create(context) {
7663
7849
  return {
7664
7850
  Program() {
7851
+ if (!isWorkflowFile(context.filename)) {
7852
+ return;
7853
+ }
7665
7854
  const root = getWorkflowRoot(context);
7666
7855
  if (root === null) {
7667
7856
  return;
@@ -7777,6 +7966,9 @@ var rule86 = {
7777
7966
  create(context) {
7778
7967
  return {
7779
7968
  Program() {
7969
+ if (!isWorkflowFile(context.filename)) {
7970
+ return;
7971
+ }
7780
7972
  const root = getWorkflowRoot(context);
7781
7973
  if (root === null) {
7782
7974
  return;
@@ -7886,6 +8078,9 @@ var rule87 = {
7886
8078
  const maxMinutes = options?.maxMinutes ?? DEFAULT_MAX_MINUTES;
7887
8079
  return {
7888
8080
  Program() {
8081
+ if (!isWorkflowFile(context.filename)) {
8082
+ return;
8083
+ }
7889
8084
  const root = getWorkflowRoot(context);
7890
8085
  if (root === null) {
7891
8086
  return;
@@ -7998,6 +8193,9 @@ var rule88 = {
7998
8193
  create(context) {
7999
8194
  return {
8000
8195
  Program() {
8196
+ if (!isWorkflowFile(context.filename)) {
8197
+ return;
8198
+ }
8001
8199
  const root = getWorkflowRoot(context);
8002
8200
  if (root === null || !hasTriggerEvent(root, "pull_request")) {
8003
8201
  return;
@@ -8070,6 +8268,9 @@ var rule89 = {
8070
8268
  };
8071
8269
  return {
8072
8270
  Program() {
8271
+ if (!isWorkflowFile(context.filename)) {
8272
+ return;
8273
+ }
8073
8274
  const root = getWorkflowRoot(context);
8074
8275
  if (root === null) {
8075
8276
  return;
@@ -8170,6 +8371,9 @@ var rule90 = {
8170
8371
  };
8171
8372
  return {
8172
8373
  Program() {
8374
+ if (!isWorkflowFile(context.filename)) {
8375
+ return;
8376
+ }
8173
8377
  const root = getWorkflowRoot(context);
8174
8378
  if (root === null) {
8175
8379
  return;
@@ -8253,6 +8457,9 @@ var rule91 = {
8253
8457
  create(context) {
8254
8458
  return {
8255
8459
  Program() {
8460
+ if (!isWorkflowFile(context.filename)) {
8461
+ return;
8462
+ }
8256
8463
  const root = getWorkflowRoot(context);
8257
8464
  if (root === null) {
8258
8465
  return;
@@ -8301,6 +8508,9 @@ var rule92 = {
8301
8508
  create(context) {
8302
8509
  return {
8303
8510
  Program() {
8511
+ if (!isWorkflowFile(context.filename)) {
8512
+ return;
8513
+ }
8304
8514
  const root = getWorkflowRoot(context);
8305
8515
  if (root === null) {
8306
8516
  return;
@@ -8351,6 +8561,9 @@ var rule93 = {
8351
8561
  create(context) {
8352
8562
  return {
8353
8563
  Program(node) {
8564
+ if (!isWorkflowFile(context.filename)) {
8565
+ return;
8566
+ }
8354
8567
  const root = getWorkflowRoot(context);
8355
8568
  if (root === null || getScorecardSteps(root).length === 0) {
8356
8569
  return;
@@ -8403,12 +8616,15 @@ var rule94 = {
8403
8616
  create(context) {
8404
8617
  return {
8405
8618
  Program() {
8619
+ if (!isWorkflowFile(context.filename)) {
8620
+ return;
8621
+ }
8406
8622
  const root = getWorkflowRoot(context);
8407
8623
  if (root === null) {
8408
8624
  return;
8409
8625
  }
8410
8626
  for (const step of getSecretScanningActionSteps(root)) {
8411
- if (hasRequiredWorkflowPermission(root, step.job, "contents", "read")) {
8627
+ if (hasExactWorkflowPermission(root, step.job, "contents", "read")) {
8412
8628
  continue;
8413
8629
  }
8414
8630
  context.report({
@@ -8437,7 +8653,7 @@ var rule94 = {
8437
8653
  url: "https://nick2bad4u.github.io/eslint-plugin-github-actions-2/docs/rules/require-secret-scan-contents-read"
8438
8654
  },
8439
8655
  messages: {
8440
- missingContentsRead: "Job '{{jobId}}' runs a secret scanner and should grant `contents: read`."
8656
+ missingContentsRead: "Job '{{jobId}}' runs a secret scanner and should grant effective `contents: read` at the job or workflow level."
8441
8657
  },
8442
8658
  schema: [],
8443
8659
  type: "problem"
@@ -8451,6 +8667,9 @@ var rule95 = {
8451
8667
  create(context) {
8452
8668
  return {
8453
8669
  Program() {
8670
+ if (!isWorkflowFile(context.filename)) {
8671
+ return;
8672
+ }
8454
8673
  const root = getWorkflowRoot(context);
8455
8674
  if (root === null) {
8456
8675
  return;
@@ -8521,6 +8740,9 @@ var rule96 = {
8521
8740
  create(context) {
8522
8741
  return {
8523
8742
  Program(node) {
8743
+ if (!isWorkflowFile(context.filename)) {
8744
+ return;
8745
+ }
8524
8746
  const root = getWorkflowRoot(context);
8525
8747
  if (root === null || !hasSecretScanningAction(root)) {
8526
8748
  return;
@@ -8876,6 +9098,9 @@ var rule102 = {
8876
9098
  };
8877
9099
  return {
8878
9100
  Program() {
9101
+ if (!isWorkflowFile(context.filename)) {
9102
+ return;
9103
+ }
8879
9104
  const root = getWorkflowRoot(context);
8880
9105
  if (root === null) {
8881
9106
  return;
@@ -8954,6 +9179,9 @@ var rule103 = {
8954
9179
  create(context) {
8955
9180
  return {
8956
9181
  Program() {
9182
+ if (!isWorkflowFile(context.filename)) {
9183
+ return;
9184
+ }
8957
9185
  const root = getWorkflowRoot(context);
8958
9186
  if (root === null) {
8959
9187
  return;
@@ -9010,6 +9238,9 @@ var rule104 = {
9010
9238
  create(context) {
9011
9239
  return {
9012
9240
  Program() {
9241
+ if (!isWorkflowFile(context.filename)) {
9242
+ return;
9243
+ }
9013
9244
  const root = getWorkflowRoot(context);
9014
9245
  if (root === null) {
9015
9246
  return;
@@ -9090,6 +9321,9 @@ var rule105 = {
9090
9321
  create(context) {
9091
9322
  return {
9092
9323
  Program() {
9324
+ if (!isWorkflowFile(context.filename)) {
9325
+ return;
9326
+ }
9093
9327
  const root = getWorkflowRoot(context);
9094
9328
  if (root === null) {
9095
9329
  return;
@@ -9179,6 +9413,9 @@ var rule106 = {
9179
9413
  const requireCancelInProgress = options?.requireCancelInProgress ?? true;
9180
9414
  return {
9181
9415
  Program() {
9416
+ if (!isWorkflowFile(context.filename)) {
9417
+ return;
9418
+ }
9182
9419
  const root = getWorkflowRoot(context);
9183
9420
  if (root === null) {
9184
9421
  return;
@@ -9324,6 +9561,9 @@ var rule107 = {
9324
9561
  create(context) {
9325
9562
  return {
9326
9563
  Program() {
9564
+ if (!isWorkflowFile(context.filename)) {
9565
+ return;
9566
+ }
9327
9567
  const root = getWorkflowRoot(context);
9328
9568
  if (root === null) {
9329
9569
  return;
@@ -9435,6 +9675,9 @@ var rule108 = {
9435
9675
  create(context) {
9436
9676
  return {
9437
9677
  Program() {
9678
+ if (!isWorkflowFile(context.filename)) {
9679
+ return;
9680
+ }
9438
9681
  const root = getWorkflowRoot(context);
9439
9682
  if (root === null) {
9440
9683
  return;
@@ -9605,6 +9848,9 @@ var rule110 = {
9605
9848
  create(context) {
9606
9849
  return {
9607
9850
  Program() {
9851
+ if (!isWorkflowFile(context.filename)) {
9852
+ return;
9853
+ }
9608
9854
  const root = getWorkflowRoot(context);
9609
9855
  if (root === null) {
9610
9856
  return;
@@ -9818,6 +10064,9 @@ var rule113 = {
9818
10064
  };
9819
10065
  return {
9820
10066
  Program() {
10067
+ if (!isWorkflowFile(context.filename)) {
10068
+ return;
10069
+ }
9821
10070
  const root = getWorkflowRoot(context);
9822
10071
  if (root === null) {
9823
10072
  return;
@@ -10050,6 +10299,9 @@ var rule114 = {
10050
10299
  };
10051
10300
  return {
10052
10301
  Program() {
10302
+ if (!isWorkflowFile(context.filename)) {
10303
+ return;
10304
+ }
10053
10305
  const root = getWorkflowRoot(context);
10054
10306
  if (root === null) {
10055
10307
  return;
@@ -10266,7 +10518,7 @@ var getRuleConfigReferences = (ruleName, rule115) => {
10266
10518
  const references = docs?.configs;
10267
10519
  const referenceList = Array.isArray(references) ? references : [references];
10268
10520
  if (referenceList.length === 0 || referenceList[0] === void 0) {
10269
- throw new TypeError(`Rule '${ruleName}' is missing docs.configs preset metadata.`);
10521
+ return [];
10270
10522
  }
10271
10523
  for (const reference of referenceList) {
10272
10524
  if (typeof reference !== "string" || !isGithubActionsConfigReference(reference)) {