eslint-plugin-github-actions-2 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (217) hide show
  1. package/README.md +127 -127
  2. package/dist/_internal/github-actions-config-references.js +1 -1
  3. package/dist/_internal/github-actions-config-references.js.map +1 -1
  4. package/dist/_internal/rule-docs.d.ts +1 -1
  5. package/dist/_internal/rule-docs.d.ts.map +1 -1
  6. package/dist/_internal/workflow-permissions.d.ts +2 -0
  7. package/dist/_internal/workflow-permissions.d.ts.map +1 -1
  8. package/dist/_internal/workflow-permissions.js +54 -7
  9. package/dist/_internal/workflow-permissions.js.map +1 -1
  10. package/dist/plugin.cjs +276 -24
  11. package/dist/plugin.cjs.map +2 -2
  12. package/dist/plugin.d.ts.map +1 -1
  13. package/dist/plugin.js +1 -1
  14. package/dist/plugin.js.map +1 -1
  15. package/dist/rules/action-name-casing.d.ts.map +1 -1
  16. package/dist/rules/action-name-casing.js +4 -0
  17. package/dist/rules/action-name-casing.js.map +1 -1
  18. package/dist/rules/job-id-casing.d.ts.map +1 -1
  19. package/dist/rules/job-id-casing.js +4 -0
  20. package/dist/rules/job-id-casing.js.map +1 -1
  21. package/dist/rules/max-jobs-per-action.d.ts.map +1 -1
  22. package/dist/rules/max-jobs-per-action.js +4 -0
  23. package/dist/rules/max-jobs-per-action.js.map +1 -1
  24. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.d.ts.map +1 -1
  25. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.js +4 -0
  26. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.js.map +1 -1
  27. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.d.ts.map +1 -1
  28. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.js +4 -0
  29. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.js.map +1 -1
  30. package/dist/rules/no-external-job.d.ts.map +1 -1
  31. package/dist/rules/no-external-job.js +4 -0
  32. package/dist/rules/no-external-job.js.map +1 -1
  33. package/dist/rules/no-inherit-secrets.d.ts.map +1 -1
  34. package/dist/rules/no-inherit-secrets.js +4 -0
  35. package/dist/rules/no-inherit-secrets.js.map +1 -1
  36. package/dist/rules/no-invalid-concurrency-context.d.ts.map +1 -1
  37. package/dist/rules/no-invalid-concurrency-context.js +4 -0
  38. package/dist/rules/no-invalid-concurrency-context.js.map +1 -1
  39. package/dist/rules/no-invalid-reusable-workflow-job-key.d.ts.map +1 -1
  40. package/dist/rules/no-invalid-reusable-workflow-job-key.js +4 -0
  41. package/dist/rules/no-invalid-reusable-workflow-job-key.js.map +1 -1
  42. package/dist/rules/no-invalid-workflow-call-output-value.d.ts.map +1 -1
  43. package/dist/rules/no-invalid-workflow-call-output-value.js +4 -0
  44. package/dist/rules/no-invalid-workflow-call-output-value.js.map +1 -1
  45. package/dist/rules/no-pr-head-checkout-in-pull-request-target.d.ts.map +1 -1
  46. package/dist/rules/no-pr-head-checkout-in-pull-request-target.js +4 -0
  47. package/dist/rules/no-pr-head-checkout-in-pull-request-target.js.map +1 -1
  48. package/dist/rules/no-secrets-in-if.d.ts.map +1 -1
  49. package/dist/rules/no-secrets-in-if.js +4 -0
  50. package/dist/rules/no-secrets-in-if.js.map +1 -1
  51. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.d.ts.map +1 -1
  52. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.js +4 -0
  53. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.js.map +1 -1
  54. package/dist/rules/no-top-level-env.d.ts.map +1 -1
  55. package/dist/rules/no-top-level-env.js +4 -0
  56. package/dist/rules/no-top-level-env.js.map +1 -1
  57. package/dist/rules/no-top-level-permissions.d.ts.map +1 -1
  58. package/dist/rules/no-top-level-permissions.js +4 -1
  59. package/dist/rules/no-top-level-permissions.js.map +1 -1
  60. package/dist/rules/no-unknown-job-output-reference.d.ts.map +1 -1
  61. package/dist/rules/no-unknown-job-output-reference.js +4 -0
  62. package/dist/rules/no-unknown-job-output-reference.js.map +1 -1
  63. package/dist/rules/no-unknown-step-reference.d.ts.map +1 -1
  64. package/dist/rules/no-unknown-step-reference.js +4 -0
  65. package/dist/rules/no-unknown-step-reference.js.map +1 -1
  66. package/dist/rules/no-untrusted-input-in-run.d.ts.map +1 -1
  67. package/dist/rules/no-untrusted-input-in-run.js +4 -0
  68. package/dist/rules/no-untrusted-input-in-run.js.map +1 -1
  69. package/dist/rules/no-write-all-permissions.d.ts.map +1 -1
  70. package/dist/rules/no-write-all-permissions.js +4 -0
  71. package/dist/rules/no-write-all-permissions.js.map +1 -1
  72. package/dist/rules/pin-action-shas.d.ts.map +1 -1
  73. package/dist/rules/pin-action-shas.js +4 -0
  74. package/dist/rules/pin-action-shas.js.map +1 -1
  75. package/dist/rules/prefer-fail-fast.d.ts.map +1 -1
  76. package/dist/rules/prefer-fail-fast.js +4 -0
  77. package/dist/rules/prefer-fail-fast.js.map +1 -1
  78. package/dist/rules/prefer-file-extension.d.ts.map +1 -1
  79. package/dist/rules/prefer-file-extension.js +4 -0
  80. package/dist/rules/prefer-file-extension.js.map +1 -1
  81. package/dist/rules/prefer-inputs-context.d.ts.map +1 -1
  82. package/dist/rules/prefer-inputs-context.js +4 -0
  83. package/dist/rules/prefer-inputs-context.js.map +1 -1
  84. package/dist/rules/prefer-step-uses-style.d.ts.map +1 -1
  85. package/dist/rules/prefer-step-uses-style.js +4 -0
  86. package/dist/rules/prefer-step-uses-style.js.map +1 -1
  87. package/dist/rules/require-checkout-before-local-action.d.ts.map +1 -1
  88. package/dist/rules/require-checkout-before-local-action.js +4 -0
  89. package/dist/rules/require-checkout-before-local-action.js.map +1 -1
  90. package/dist/rules/require-codeql-actions-read.d.ts.map +1 -1
  91. package/dist/rules/require-codeql-actions-read.js +4 -0
  92. package/dist/rules/require-codeql-actions-read.js.map +1 -1
  93. package/dist/rules/require-codeql-branch-filters.d.ts.map +1 -1
  94. package/dist/rules/require-codeql-branch-filters.js +4 -0
  95. package/dist/rules/require-codeql-branch-filters.js.map +1 -1
  96. package/dist/rules/require-codeql-category-when-language-matrix.d.ts.map +1 -1
  97. package/dist/rules/require-codeql-category-when-language-matrix.js +4 -0
  98. package/dist/rules/require-codeql-category-when-language-matrix.js.map +1 -1
  99. package/dist/rules/require-codeql-pull-request-trigger.d.ts.map +1 -1
  100. package/dist/rules/require-codeql-pull-request-trigger.js +4 -0
  101. package/dist/rules/require-codeql-pull-request-trigger.js.map +1 -1
  102. package/dist/rules/require-codeql-schedule.d.ts.map +1 -1
  103. package/dist/rules/require-codeql-schedule.js +4 -0
  104. package/dist/rules/require-codeql-schedule.js.map +1 -1
  105. package/dist/rules/require-codeql-security-events-write.d.ts.map +1 -1
  106. package/dist/rules/require-codeql-security-events-write.js +4 -0
  107. package/dist/rules/require-codeql-security-events-write.js.map +1 -1
  108. package/dist/rules/require-dependabot-automation-permissions.d.ts.map +1 -1
  109. package/dist/rules/require-dependabot-automation-permissions.js +4 -0
  110. package/dist/rules/require-dependabot-automation-permissions.js.map +1 -1
  111. package/dist/rules/require-dependabot-automation-pull-request-trigger.d.ts.map +1 -1
  112. package/dist/rules/require-dependabot-automation-pull-request-trigger.js +4 -0
  113. package/dist/rules/require-dependabot-automation-pull-request-trigger.js.map +1 -1
  114. package/dist/rules/require-dependabot-bot-actor-guard.d.ts.map +1 -1
  115. package/dist/rules/require-dependabot-bot-actor-guard.js +4 -0
  116. package/dist/rules/require-dependabot-bot-actor-guard.js.map +1 -1
  117. package/dist/rules/require-dependabot-open-pull-requests-limit.d.ts.map +1 -1
  118. package/dist/rules/require-dependabot-open-pull-requests-limit.js +32 -2
  119. package/dist/rules/require-dependabot-open-pull-requests-limit.js.map +1 -1
  120. package/dist/rules/require-dependency-review-fail-on-severity.d.ts.map +1 -1
  121. package/dist/rules/require-dependency-review-fail-on-severity.js +4 -0
  122. package/dist/rules/require-dependency-review-fail-on-severity.js.map +1 -1
  123. package/dist/rules/require-dependency-review-permissions-contents-read.d.ts.map +1 -1
  124. package/dist/rules/require-dependency-review-permissions-contents-read.js +23 -18
  125. package/dist/rules/require-dependency-review-permissions-contents-read.js.map +1 -1
  126. package/dist/rules/require-dependency-review-pull-request-trigger.d.ts.map +1 -1
  127. package/dist/rules/require-dependency-review-pull-request-trigger.js +4 -0
  128. package/dist/rules/require-dependency-review-pull-request-trigger.js.map +1 -1
  129. package/dist/rules/require-fetch-metadata-github-token.d.ts.map +1 -1
  130. package/dist/rules/require-fetch-metadata-github-token.js +4 -0
  131. package/dist/rules/require-fetch-metadata-github-token.js.map +1 -1
  132. package/dist/rules/require-job-name.d.ts.map +1 -1
  133. package/dist/rules/require-job-name.js +4 -0
  134. package/dist/rules/require-job-name.js.map +1 -1
  135. package/dist/rules/require-job-step-name.d.ts.map +1 -1
  136. package/dist/rules/require-job-step-name.js +4 -0
  137. package/dist/rules/require-job-step-name.js.map +1 -1
  138. package/dist/rules/require-job-timeout-minutes.d.ts.map +1 -1
  139. package/dist/rules/require-job-timeout-minutes.js +4 -0
  140. package/dist/rules/require-job-timeout-minutes.js.map +1 -1
  141. package/dist/rules/require-merge-group-trigger.d.ts.map +1 -1
  142. package/dist/rules/require-merge-group-trigger.js +4 -0
  143. package/dist/rules/require-merge-group-trigger.js.map +1 -1
  144. package/dist/rules/require-pull-request-target-branches.d.ts.map +1 -1
  145. package/dist/rules/require-pull-request-target-branches.js +4 -0
  146. package/dist/rules/require-pull-request-target-branches.js.map +1 -1
  147. package/dist/rules/require-run-step-shell.d.ts.map +1 -1
  148. package/dist/rules/require-run-step-shell.js +4 -0
  149. package/dist/rules/require-run-step-shell.js.map +1 -1
  150. package/dist/rules/require-sarif-upload-security-events-write.d.ts.map +1 -1
  151. package/dist/rules/require-sarif-upload-security-events-write.js +4 -0
  152. package/dist/rules/require-sarif-upload-security-events-write.js.map +1 -1
  153. package/dist/rules/require-scorecard-results-format-sarif.d.ts.map +1 -1
  154. package/dist/rules/require-scorecard-results-format-sarif.js +4 -0
  155. package/dist/rules/require-scorecard-results-format-sarif.js.map +1 -1
  156. package/dist/rules/require-scorecard-upload-sarif-step.d.ts.map +1 -1
  157. package/dist/rules/require-scorecard-upload-sarif-step.js +4 -0
  158. package/dist/rules/require-scorecard-upload-sarif-step.js.map +1 -1
  159. package/dist/rules/require-secret-scan-contents-read.d.ts.map +1 -1
  160. package/dist/rules/require-secret-scan-contents-read.js +7 -3
  161. package/dist/rules/require-secret-scan-contents-read.js.map +1 -1
  162. package/dist/rules/require-secret-scan-fetch-depth-zero.d.ts.map +1 -1
  163. package/dist/rules/require-secret-scan-fetch-depth-zero.js +4 -0
  164. package/dist/rules/require-secret-scan-fetch-depth-zero.js.map +1 -1
  165. package/dist/rules/require-secret-scan-schedule.d.ts.map +1 -1
  166. package/dist/rules/require-secret-scan-schedule.js +4 -0
  167. package/dist/rules/require-secret-scan-schedule.js.map +1 -1
  168. package/dist/rules/require-trigger-types.d.ts.map +1 -1
  169. package/dist/rules/require-trigger-types.js +4 -0
  170. package/dist/rules/require-trigger-types.js.map +1 -1
  171. package/dist/rules/require-trufflehog-verified-results-mode.d.ts.map +1 -1
  172. package/dist/rules/require-trufflehog-verified-results-mode.js +4 -0
  173. package/dist/rules/require-trufflehog-verified-results-mode.js.map +1 -1
  174. package/dist/rules/require-workflow-call-input-type.d.ts.map +1 -1
  175. package/dist/rules/require-workflow-call-input-type.js +4 -0
  176. package/dist/rules/require-workflow-call-input-type.js.map +1 -1
  177. package/dist/rules/require-workflow-call-output-value.d.ts.map +1 -1
  178. package/dist/rules/require-workflow-call-output-value.js +4 -0
  179. package/dist/rules/require-workflow-call-output-value.js.map +1 -1
  180. package/dist/rules/require-workflow-concurrency.d.ts.map +1 -1
  181. package/dist/rules/require-workflow-concurrency.js +4 -0
  182. package/dist/rules/require-workflow-concurrency.js.map +1 -1
  183. package/dist/rules/require-workflow-dispatch-input-type.d.ts.map +1 -1
  184. package/dist/rules/require-workflow-dispatch-input-type.js +4 -0
  185. package/dist/rules/require-workflow-dispatch-input-type.js.map +1 -1
  186. package/dist/rules/require-workflow-interface-description.d.ts.map +1 -1
  187. package/dist/rules/require-workflow-interface-description.js +4 -0
  188. package/dist/rules/require-workflow-interface-description.js.map +1 -1
  189. package/dist/rules/require-workflow-run-branches.d.ts.map +1 -1
  190. package/dist/rules/require-workflow-run-branches.js +4 -0
  191. package/dist/rules/require-workflow-run-branches.js.map +1 -1
  192. package/dist/rules/valid-timeout-minutes.d.ts.map +1 -1
  193. package/dist/rules/valid-timeout-minutes.js +4 -0
  194. package/dist/rules/valid-timeout-minutes.js.map +1 -1
  195. package/dist/rules/valid-trigger-events.d.ts.map +1 -1
  196. package/dist/rules/valid-trigger-events.js +4 -0
  197. package/dist/rules/valid-trigger-events.js.map +1 -1
  198. package/docs/rules/guides/authoring-rules.md +34 -0
  199. package/docs/rules/guides/docs-authoring.md +34 -0
  200. package/docs/rules/guides/index.md +15 -0
  201. package/docs/rules/guides/testing-rules.md +34 -0
  202. package/docs/rules/no-top-level-permissions.md +4 -4
  203. package/docs/rules/presets/action-metadata.md +8 -8
  204. package/docs/rules/presets/all.md +123 -124
  205. package/docs/rules/presets/code-scanning.md +8 -8
  206. package/docs/rules/presets/dependabot.md +8 -8
  207. package/docs/rules/presets/index.md +119 -123
  208. package/docs/rules/presets/recommended.md +8 -8
  209. package/docs/rules/presets/security.md +8 -8
  210. package/docs/rules/presets/strict.md +8 -8
  211. package/docs/rules/presets/workflow-template-properties.md +8 -8
  212. package/docs/rules/presets/workflow-templates.md +8 -8
  213. package/docs/rules/require-dependabot-open-pull-requests-limit.md +21 -4
  214. package/docs/rules/require-dependency-review-permissions-contents-read.md +15 -4
  215. package/docs/rules/require-secret-scan-contents-read.md +10 -2
  216. package/docs/rules/require-workflow-permissions.md +4 -4
  217. package/package.json +1 -1
package/dist/rules/valid-trigger-events.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"valid-trigger-events.d.ts","sourceRoot":"","sources":["../../src/rules/valid-trigger-events.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAWnC,oEAAoE;AACpE,QAAA,MAAM,IAAI,EAAE,IAAI,CAAC,UA4HhB,CAAC;AAEF,eAAe,IAAI,CAAC"}
1
+ {"version":3,"file":"valid-trigger-events.d.ts","sourceRoot":"","sources":["../../src/rules/valid-trigger-events.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAYnC,oEAAoE;AACpE,QAAA,MAAM,IAAI,EAAE,IAAI,CAAC,UAgIhB,CAAC;AAEF,eAAe,IAAI,CAAC"}
package/dist/rules/valid-trigger-events.js CHANGED
@@ -1,4 +1,5 @@
1
1
  import { githubActionsTriggerEventSet } from "../_internal/github-actions-trigger-events.js";
2
+ import { isWorkflowFile } from "../_internal/lint-targets.js";
2
3
  import { getMappingPair, getScalarStringValue, getWorkflowRoot, unwrapYamlValue, } from "../_internal/workflow-yaml.js";
3
4
  /** Rule implementation for validating `on:` trigger event names. */
4
5
  const rule = {
@@ -14,6 +15,9 @@ const rule = {
14
15
  };
15
16
  return {
16
17
  Program() {
18
+ if (!isWorkflowFile(context.filename)) {
19
+ return;
20
+ }
17
21
  const root = getWorkflowRoot(context);
18
22
  if (root === null) {
19
23
  return;
package/dist/rules/valid-trigger-events.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"valid-trigger-events.js","sourceRoot":"","sources":["../../src/rules/valid-trigger-events.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAC7F,OAAO,EACH,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,eAAe,GAClB,MAAM,+BAA+B,CAAC;AAEvC,oEAAoE;AACpE,MAAM,IAAI,GAAoB;IAC1B,MAAM,CAAC,OAAO;QACV,MAAM,kBAAkB,GAAG,CACvB,IAA4B,EAC5B,SAAiB,EACb,EAAE;YACN,OAAO,CAAC,MAAM,CAAC;gBACX,IAAI,EAAE;oBACF,KAAK,EAAE,SAAS;iBACnB;gBACD,SAAS,EAAE,cAAc;gBACzB,IAAI,EAAE,IAA4B;aACrC,CAAC,CAAC;QACP,CAAC,CAAC;QAEF,OAAO;YACH,OAAO;gBACH,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;gBAEtC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAChB,OAAO;gBACX,CAAC;gBAED,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBAC1C,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,EAAE,KAAK,IAAI,IAAI,CAAC,CAAC;gBAEvD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;oBACnB,OAAO;gBACX,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChC,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;oBAEhD,IACI,SAAS,KAAK,IAAI;wBAClB,CAAC,4BAA4B,CAAC,GAAG,CAAC,SAAS,CAAC,EAC9C,CAAC;wBACC,kBAAkB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;oBAC3C,CAAC;oBAED,OAAO;gBACX,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBAClC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBAClC,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;wBAC9C,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;wBAEvD,IACI,cAAc,KAAK,IAAI;4BACvB,CAAC,SAAS,KAAK,IAAI;gCACf,CAAC,4BAA4B,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EACnD,CAAC;4BACC,OAAO,CAAC,MAAM,CAAC;gCACX,IAAI,EAAE;oCACF,KAAK,EAAE,SAAS,IAAI,WAAW;iCAClC;gCACD,SAAS,EACL,SAAS,KAAK,IAAI;oCACd,CAAC,CAAC,mBAAmB;oCACrB,CAAC,CAAC,cAAc;gCACxB,IAAI,EAAE,cAAsC;6BAC/C,CAAC,CAAC;wBACP,CAAC;oBACL,CAAC;oBAED,OAAO;gBACX,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,mBAAmB;wBAC9B,IAAI,EAAE,OAA+B;qBACxC,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;oBAC/B,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAEjD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;wBACrB,OAAO,CAAC,MAAM,CAAC;4BACX,SAAS,EAAE,mBAAmB;4BAC9B,IAAI,EAAE,IAA4B;yBACrC,CAAC,CAAC;wBAEH,SAAS;oBACb,CAAC;oBAED,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC/C,kBAAkB,CAAC,IAAI,CAAC,GAAmB,EAAE,SAAS,CAAC,CAAC;oBAC5D,CAAC;gBACL,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,OAAO,EAAE;gBACL,4BAA4B;gBAC5B,oCAAoC;gBACpC,+BAA+B;aAClC;YACD,WAAW,EACP,6EAA6E;YACjF,QAAQ,EAAE,CAAC,yBAAyB,CAAC;YACrC,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,IAAI;YACjB,oBAAoB,EAAE,KAAK;YAC3B,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,EAAE;YACd,GAAG,EAAE,6FAA6F;SACrG;QACD,QAAQ,EAAE;YACN,YAAY,EACR,wEAAwE;YAC5E,iBAAiB,EACb,oDAAoD;SAC3D;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KACG;CACzB,CAAC;AAEF,eAAe,IAAI,CAAC"}
1
+ {"version":3,"file":"valid-trigger-events.js","sourceRoot":"","sources":["../../src/rules/valid-trigger-events.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,4BAA4B,EAAE,MAAM,+CAA+C,CAAC;AAC7F,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EACH,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,eAAe,GAClB,MAAM,+BAA+B,CAAC;AAEvC,oEAAoE;AACpE,MAAM,IAAI,GAAoB;IAC1B,MAAM,CAAC,OAAO;QACV,MAAM,kBAAkB,GAAG,CACvB,IAA4B,EAC5B,SAAiB,EACb,EAAE;YACN,OAAO,CAAC,MAAM,CAAC;gBACX,IAAI,EAAE;oBACF,KAAK,EAAE,SAAS;iBACnB;gBACD,SAAS,EAAE,cAAc;gBACzB,IAAI,EAAE,IAA4B;aACrC,CAAC,CAAC;QACP,CAAC,CAAC;QAEF,OAAO;YACH,OAAO;gBACH,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpC,OAAO;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;gBAEtC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAChB,OAAO;gBACX,CAAC;gBAED,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBAC1C,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,EAAE,KAAK,IAAI,IAAI,CAAC,CAAC;gBAEvD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;oBACnB,OAAO;gBACX,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChC,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;oBAEhD,IACI,SAAS,KAAK,IAAI;wBAClB,CAAC,4BAA4B,CAAC,GAAG,CAAC,SAAS,CAAC,EAC9C,CAAC;wBACC,kBAAkB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;oBAC3C,CAAC;oBAED,OAAO;gBACX,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBAClC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBAClC,MAAM,cAAc,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;wBAC9C,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;wBAEvD,IACI,cAAc,KAAK,IAAI;4BACvB,CAAC,SAAS,KAAK,IAAI;gCACf,CAAC,4BAA4B,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EACnD,CAAC;4BACC,OAAO,CAAC,MAAM,CAAC;gCACX,IAAI,EAAE;oCACF,KAAK,EAAE,SAAS,IAAI,WAAW;iCAClC;gCACD,SAAS,EACL,SAAS,KAAK,IAAI;oCACd,CAAC,CAAC,mBAAmB;oCACrB,CAAC,CAAC,cAAc;gCACxB,IAAI,EAAE,cAAsC;6BAC/C,CAAC,CAAC;wBACP,CAAC;oBACL,CAAC;oBAED,OAAO;gBACX,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,mBAAmB;wBAC9B,IAAI,EAAE,OAA+B;qBACxC,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;oBAC/B,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAEjD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;wBACrB,OAAO,CAAC,MAAM,CAAC;4BACX,SAAS,EAAE,mBAAmB;4BAC9B,IAAI,EAAE,IAA4B;yBACrC,CAAC,CAAC;wBAEH,SAAS;oBACb,CAAC;oBAED,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC/C,kBAAkB,CAAC,IAAI,CAAC,GAAmB,EAAE,SAAS,CAAC,CAAC;oBAC5D,CAAC;gBACL,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,OAAO,EAAE;gBACL,4BAA4B;gBAC5B,oCAAoC;gBACpC,+BAA+B;aAClC;YACD,WAAW,EACP,6EAA6E;YACjF,QAAQ,EAAE,CAAC,yBAAyB,CAAC;YACrC,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,IAAI;YACjB,oBAAoB,EAAE,KAAK;YAC3B,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,EAAE;YACd,GAAG,EAAE,6FAA6F;SACrG;QACD,QAAQ,EAAE;YACN,YAAY,EACR,wEAAwE;YAC5E,iBAAiB,EACb,oDAAoD;SAC3D;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KACG;CACzB,CAAC;AAEF,eAAe,IAAI,CAAC"}
package/docs/rules/guides/authoring-rules.md ADDED
@@ -0,0 +1,34 @@
1
+ # Authoring ESLint rules
2
+
3
+ This guide covers how to add or evolve a rule safely.
4
+
5
+ ## Workflow
6
+
7
+ 1. Create or update a rule module under `src/rules/`.
8
+ 2. Ensure `meta.docs` and preset metadata are correct.
9
+ 3. Register the rule if needed via the internal rules registry.
10
+ 4. Add rule docs in `docs/rules/<rule-name>.md`.
11
+ 5. Add tests in `test/` for valid/invalid cases and edge behavior.
12
+
13
+ ## Metadata checklist
14
+
15
+ - `meta.docs.description` is clear and actionable.
16
+ - `meta.docs.url` points to the docs page.
17
+ - `meta.docs.configs` includes correct preset references.
18
+ - `meta.messages` has stable message IDs.
19
+
20
+ ## Safety checks
21
+
22
+ Run before opening a PR:
23
+
24
+ ```sh
25
+ npm run typecheck
26
+ npm run test
27
+ npm run lint:all
28
+ ```
29
+
30
+ ## Tips
31
+
32
+ - Prefer narrow, deterministic diagnostics over broad heuristics.
33
+ - Keep rule options minimal and strongly typed.
34
+ - Avoid false positives in common workflow patterns.
package/docs/rules/guides/docs-authoring.md ADDED
@@ -0,0 +1,34 @@
1
+ # Docs authoring
2
+
3
+ ## Docs surfaces
4
+
5
+ - End-user rule docs: `docs/rules/`
6
+ - Docusaurus site docs: `docs/docusaurus/site-docs/`
7
+ - TypeDoc API output: `docs/docusaurus/site-docs/developer/api/`
8
+
9
+ ## Common tasks
10
+
11
+ ### Update README rules matrix
12
+
13
+ ```sh
14
+ npm run sync:readme-rules-table
15
+ node scripts/sync-readme-rules-table.mjs --check
16
+ ```
17
+
18
+ ### Regenerate TypeDoc docs
19
+
20
+ ```sh
21
+ npm run docs:api
22
+ ```
23
+
24
+ ### Build docs site
25
+
26
+ ```sh
27
+ npm run --workspace docs/docusaurus build:fast
28
+ ```
29
+
30
+ ## Style guidance
31
+
32
+ - Prefer short paragraphs and descriptive headings.
33
+ - Use consistent terminology across rules, presets, and developer docs.
34
+ - Keep links stable and avoid duplicated sources of truth.
package/docs/rules/guides/index.md ADDED
@@ -0,0 +1,15 @@
1
+ # Guides
2
+
3
+ Task-oriented guides for common contributor workflows around rules, tests, and docs.
4
+
5
+ ## Available guides
6
+
7
+ - [Authoring ESLint rules](./authoring-rules.md)
8
+ - [Testing rules and fixtures](./testing-rules.md)
9
+ - [Authoring and maintaining docs](./docs-authoring.md)
10
+
11
+ ## Related
12
+
13
+ - [Getting started](../getting-started.md)
14
+ - [Rule overview](../overview.md)
15
+ - [Preset reference](../presets/index.md)
package/docs/rules/guides/testing-rules.md ADDED
@@ -0,0 +1,34 @@
1
+ # Testing rules and fixtures
2
+
3
+ ## Test structure
4
+
5
+ Rule tests are under `test/` and should validate:
6
+
7
+ - positive cases (expected reports)
8
+ - negative cases (no reports)
9
+ - fixer/suggestion behavior when applicable
10
+ - option combinations and edge cases
11
+
12
+ ## Recommended loop
13
+
14
+ ```sh
15
+ npm run build
16
+ npm run test
17
+ ```
18
+
19
+ For focused work, run relevant test files directly through Vitest filters.
20
+
21
+ ## Coverage expectations
22
+
23
+ - Cover primary rule branches.
24
+ - Include malformed input and boundary conditions.
25
+ - Assert message IDs rather than only counts where possible.
26
+
27
+ ## Regression strategy
28
+
29
+ When fixing a bug:
30
+
31
+ 1. add a failing test that reproduces the issue,
32
+ 2. implement fix,
33
+ 3. ensure test passes,
34
+ 4. keep the new test in the suite as a regression guard.
package/docs/rules/no-top-level-permissions.md CHANGED
@@ -32,10 +32,9 @@ jobs:
32
32
  runs-on: ubuntu-latest
33
33
  ```
34
34
 
35
-
36
35
  ## Additional examples
37
36
 
38
- For larger repositories, this rule is often enabled together with one of the published presets so violations are caught in pull requests before workflow changes are merged.
37
+ This is an intentionally opinionated opt-in rule for repositories that require every job to declare its token scope locally.
39
38
 
40
39
  ## ESLint flat config example
41
40
 
@@ -58,7 +57,8 @@ export default [
58
57
  ## When not to use it
59
58
 
60
59
  You can disable this rule when its policy does not match your repository standards, or when equivalent enforcement is already handled by another policy tool.
60
+
61
61
  ## Further reading
62
62
 
63
- - [https://docs.github.com/actions/reference/workflows-and-actions/workflow-syntax#permissions](https://docs.github.com/actions/reference/workflows-and-actions/workflow-syntax#permissions)
64
- - [https://docs.github.com/actions/security-for-github-actions/security-guides/automatic-token-authentication](https://docs.github.com/actions/security-for-github-actions/security-guides/automatic-token-authentication)
63
+ - [GitHub Actions workflow syntax: permissions](https://docs.github.com/actions/reference/workflows-and-actions/workflow-syntax#permissions)
64
+ - [GitHub Actions automatic token authentication guide](https://docs.github.com/actions/security-for-github-actions/security-guides/automatic-token-authentication)
package/docs/rules/presets/action-metadata.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 1
3
- ---
4
-
5
- # `githubActions.configs.actionMetadata`
6
-
7
- Linting defaults for GitHub Action metadata files (`action.yml` / `action.yaml`).
8
-
1
+ ---
2
+ sidebar_position: 1
3
+ ---
4
+
5
+ # `githubActions.configs.actionMetadata`
6
+
7
+ Linting defaults for GitHub Action metadata files (`action.yml` / `action.yaml`).
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
package/docs/rules/presets/all.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 9
3
- ---
4
-
5
- # `githubActions.configs.all`
6
-
7
- Enables every available rule published by `eslint-plugin-github-actions-2`.
8
-
1
+ ---
2
+ sidebar_position: 9
3
+ ---
4
+
5
+ # `githubActions.configs.all`
6
+
7
+ Enables the complete bundled rule set published by `eslint-plugin-github-actions-2`, while leaving explicitly opt-in policy rules manual.
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
@@ -14,119 +14,118 @@ Fix legend:
14
14
  - 💡 = suggestions available
15
15
  - — = report only
16
16
 
17
- | Rule | Fix |
18
- | --- | :-: |
19
- | <span class="sb-inline-rule-number">R009</span> [`action-name-casing`](../action-name-casing.md) | 🔧 |
20
- | <span class="sb-inline-rule-number">R010</span> [`job-id-casing`](../job-id-casing.md) | |
21
- | <span class="sb-inline-rule-number">R011</span> [`max-jobs-per-action`](../max-jobs-per-action.md) | |
22
- | <span class="sb-inline-rule-number">R048</span> [`no-case-insensitive-input-id-collision`](../no-case-insensitive-input-id-collision.md) | |
23
- | <span class="sb-inline-rule-number">R097</span> [`no-codeql-autobuild-for-javascript-typescript`](../no-codeql-autobuild-for-javascript-typescript.md) | |
24
- | <span class="sb-inline-rule-number">R096</span> [`no-codeql-javascript-typescript-split-language-matrix`](../no-codeql-javascript-typescript-split-language-matrix.md) | |
25
- | <span class="sb-inline-rule-number">R049</span> [`no-composite-input-env-access`](../no-composite-input-env-access.md) | |
26
- | <span class="sb-inline-rule-number">R044</span> [`no-deprecated-node-runtime`](../no-deprecated-node-runtime.md) | |
27
- | <span class="sb-inline-rule-number">R051</span> [`no-duplicate-composite-step-id`](../no-duplicate-composite-step-id.md) | |
28
- | <span class="sb-inline-rule-number">R060</span> [`no-empty-template-file-pattern`](../no-empty-template-file-pattern.md) | 🔧 |
29
- | <span class="sb-inline-rule-number">R012</span> [`no-external-job`](../no-external-job.md) | |
30
- | <span class="sb-inline-rule-number">R068</span> [`no-hardcoded-default-branch-in-template`](../no-hardcoded-default-branch-in-template.md) | |
31
- | <span class="sb-inline-rule-number">R063</span> [`no-icon-file-extension-in-template-icon-name`](../no-icon-file-extension-in-template-icon-name.md) | 🔧 |
32
- | <span class="sb-inline-rule-number">R026</span> [`no-inherit-secrets`](../no-inherit-secrets.md) | |
33
- | <span class="sb-inline-rule-number">R042</span> [`no-invalid-concurrency-context`](../no-invalid-concurrency-context.md) | |
34
- | <span class="sb-inline-rule-number">R019</span> [`no-invalid-key`](../no-invalid-key.md) | |
35
- | <span class="sb-inline-rule-number">R041</span> [`no-invalid-reusable-workflow-job-key`](../no-invalid-reusable-workflow-job-key.md) | |
36
- | <span class="sb-inline-rule-number">R059</span> [`no-invalid-template-file-pattern-regex`](../no-invalid-template-file-pattern-regex.md) | |
37
- | <span class="sb-inline-rule-number">R040</span> [`no-invalid-workflow-call-output-value`](../no-invalid-workflow-call-output-value.md) | |
38
- | <span class="sb-inline-rule-number">R095</span> [`no-overlapping-dependabot-directories`](../no-overlapping-dependabot-directories.md) | |
39
- | <span class="sb-inline-rule-number">R064</span> [`no-path-separators-in-template-icon-name`](../no-path-separators-in-template-icon-name.md) | 💡 |
40
- | <span class="sb-inline-rule-number">R046</span> [`no-post-if-without-post`](../no-post-if-without-post.md) | 🔧 |
41
- | <span class="sb-inline-rule-number">R030</span> [`no-pr-head-checkout-in-pull-request-target`](../no-pr-head-checkout-in-pull-request-target.md) | |
42
- | <span class="sb-inline-rule-number">R045</span> [`no-pre-if-without-pre`](../no-pre-if-without-pre.md) | 🔧 |
43
- | <span class="sb-inline-rule-number">R047</span> [`no-required-input-with-default`](../no-required-input-with-default.md) | 💡 |
44
- | <span class="sb-inline-rule-number">R027</span> [`no-secrets-in-if`](../no-secrets-in-if.md) | |
45
- | <span class="sb-inline-rule-number">R036</span> [`no-self-hosted-runner-on-fork-pr-events`](../no-self-hosted-runner-on-fork-pr-events.md) | |
46
- | <span class="sb-inline-rule-number">R062</span> [`no-subdirectory-template-file-pattern`](../no-subdirectory-template-file-pattern.md) | |
47
- | <span class="sb-inline-rule-number">R069</span> [`no-template-placeholder-in-non-template-workflow`](../no-template-placeholder-in-non-template-workflow.md) | |
48
- | <span class="sb-inline-rule-number">R013</span> [`no-top-level-env`](../no-top-level-env.md) | |
49
- | <span class="sb-inline-rule-number">R014</span> [`no-top-level-permissions`](../no-top-level-permissions.md) | |
50
- | <span class="sb-inline-rule-number">R061</span> [`no-universal-template-file-pattern`](../no-universal-template-file-pattern.md) | |
51
- | <span class="sb-inline-rule-number">R081</span> [`no-unknown-dependabot-multi-ecosystem-group`](../no-unknown-dependabot-multi-ecosystem-group.md) | |
52
- | <span class="sb-inline-rule-number">R050</span> [`no-unknown-input-reference-in-composite`](../no-unknown-input-reference-in-composite.md) | |
53
- | <span class="sb-inline-rule-number">R037</span> [`no-unknown-job-output-reference`](../no-unknown-job-output-reference.md) | |
54
- | <span class="sb-inline-rule-number">R038</span> [`no-unknown-step-reference`](../no-unknown-step-reference.md) | |
55
- | <span class="sb-inline-rule-number">R029</span> [`no-untrusted-input-in-run`](../no-untrusted-input-in-run.md) | |
56
- | <span class="sb-inline-rule-number">R085</span> [`no-unused-dependabot-enable-beta-ecosystems`](../no-unused-dependabot-enable-beta-ecosystems.md) | 🔧 |
57
- | <span class="sb-inline-rule-number">R053</span> [`no-unused-input-in-composite`](../no-unused-input-in-composite.md) | |
58
- | <span class="sb-inline-rule-number">R023</span> [`no-write-all-permissions`](../no-write-all-permissions.md) | |
59
- | <span class="sb-inline-rule-number">R003</span> [`pin-action-shas`](../pin-action-shas.md) | |
60
- | <span class="sb-inline-rule-number">R043</span> [`prefer-action-yml`](../prefer-action-yml.md) | |
61
- | <span class="sb-inline-rule-number">R015</span> [`prefer-fail-fast`](../prefer-fail-fast.md) | |
62
- | <span class="sb-inline-rule-number">R020</span> [`prefer-file-extension`](../prefer-file-extension.md) | |
63
- | <span class="sb-inline-rule-number">R033</span> [`prefer-inputs-context`](../prefer-inputs-context.md) | 🔧 |
64
- | <span class="sb-inline-rule-number">R016</span> [`prefer-step-uses-style`](../prefer-step-uses-style.md) | |
65
- | <span class="sb-inline-rule-number">R066</span> [`prefer-template-yml-extension`](../prefer-template-yml-extension.md) | |
66
- | <span class="sb-inline-rule-number">R005</span> [`require-action-name`](../require-action-name.md) | |
67
- | <span class="sb-inline-rule-number">R006</span> [`require-action-run-name`](../require-action-run-name.md) | |
68
- | <span class="sb-inline-rule-number">R025</span> [`require-checkout-before-local-action`](../require-checkout-before-local-action.md) | |
69
- | <span class="sb-inline-rule-number">R099</span> [`require-codeql-actions-read`](../require-codeql-actions-read.md) | |
70
- | <span class="sb-inline-rule-number">R113</span> [`require-codeql-branch-filters`](../require-codeql-branch-filters.md) | |
71
- | <span class="sb-inline-rule-number">R114</span> [`require-codeql-category-when-language-matrix`](../require-codeql-category-when-language-matrix.md) | |
72
- | <span class="sb-inline-rule-number">R100</span> [`require-codeql-pull-request-trigger`](../require-codeql-pull-request-trigger.md) | |
73
- | <span class="sb-inline-rule-number">R101</span> [`require-codeql-schedule`](../require-codeql-schedule.md) | |
74
- | <span class="sb-inline-rule-number">R098</span> [`require-codeql-security-events-write`](../require-codeql-security-events-write.md) | |
75
- | <span class="sb-inline-rule-number">R052</span> [`require-composite-step-name`](../require-composite-step-name.md) | |
76
- | <span class="sb-inline-rule-number">R077</span> [`require-dependabot-assignees`](../require-dependabot-assignees.md) | |
77
- | <span class="sb-inline-rule-number">R111</span> [`require-dependabot-automation-permissions`](../require-dependabot-automation-permissions.md) | |
78
- | <span class="sb-inline-rule-number">R112</span> [`require-dependabot-automation-pull-request-trigger`](../require-dependabot-automation-pull-request-trigger.md) | |
79
- | <span class="sb-inline-rule-number">R109</span> [`require-dependabot-bot-actor-guard`](../require-dependabot-bot-actor-guard.md) | |
80
- | <span class="sb-inline-rule-number">R089</span> [`require-dependabot-commit-message-include-scope`](../require-dependabot-commit-message-include-scope.md) | |
81
- | <span class="sb-inline-rule-number">R079</span> [`require-dependabot-commit-message-prefix`](../require-dependabot-commit-message-prefix.md) | |
82
- | <span class="sb-inline-rule-number">R090</span> [`require-dependabot-commit-message-prefix-development`](../require-dependabot-commit-message-prefix-development.md) | |
83
- | <span class="sb-inline-rule-number">R086</span> [`require-dependabot-cooldown`](../require-dependabot-cooldown.md) | |
84
- | <span class="sb-inline-rule-number">R073</span> [`require-dependabot-directory`](../require-dependabot-directory.md) | |
85
- | <span class="sb-inline-rule-number">R084</span> [`require-dependabot-github-actions-directory-root`](../require-dependabot-github-actions-directory-root.md) | 🔧 |
86
- | <span class="sb-inline-rule-number">R080</span> [`require-dependabot-labels`](../require-dependabot-labels.md) | |
87
- | <span class="sb-inline-rule-number">R087</span> [`require-dependabot-open-pull-requests-limit`](../require-dependabot-open-pull-requests-limit.md) | |
88
- | <span class="sb-inline-rule-number">R072</span> [`require-dependabot-package-ecosystem`](../require-dependabot-package-ecosystem.md) | |
89
- | <span class="sb-inline-rule-number">R082</span> [`require-dependabot-patterns-for-multi-ecosystem-group`](../require-dependabot-patterns-for-multi-ecosystem-group.md) | |
90
- | <span class="sb-inline-rule-number">R083</span> [`require-dependabot-schedule-cronjob`](../require-dependabot-schedule-cronjob.md) | |
91
- | <span class="sb-inline-rule-number">R074</span> [`require-dependabot-schedule-interval`](../require-dependabot-schedule-interval.md) | |
92
- | <span class="sb-inline-rule-number">R075</span> [`require-dependabot-schedule-time`](../require-dependabot-schedule-time.md) | |
93
- | <span class="sb-inline-rule-number">R076</span> [`require-dependabot-schedule-timezone`](../require-dependabot-schedule-timezone.md) | |
94
- | <span class="sb-inline-rule-number">R078</span> [`require-dependabot-target-branch`](../require-dependabot-target-branch.md) | |
95
- | <span class="sb-inline-rule-number">R071</span> [`require-dependabot-updates`](../require-dependabot-updates.md) | |
96
- | <span class="sb-inline-rule-number">R070</span> [`require-dependabot-version`](../require-dependabot-version.md) | 🔧 |
97
- | <span class="sb-inline-rule-number">R088</span> [`require-dependabot-versioning-strategy-for-npm`](../require-dependabot-versioning-strategy-for-npm.md) | |
98
- | <span class="sb-inline-rule-number">R091</span> [`require-dependency-review-action`](../require-dependency-review-action.md) | |
99
- | <span class="sb-inline-rule-number">R093</span> [`require-dependency-review-fail-on-severity`](../require-dependency-review-fail-on-severity.md) | |
100
- | <span class="sb-inline-rule-number">R092</span> [`require-dependency-review-permissions-contents-read`](../require-dependency-review-permissions-contents-read.md) | |
101
- | <span class="sb-inline-rule-number">R094</span> [`require-dependency-review-pull-request-trigger`](../require-dependency-review-pull-request-trigger.md) | |
102
- | <span class="sb-inline-rule-number">R110</span> [`require-fetch-metadata-github-token`](../require-fetch-metadata-github-token.md) | |
103
- | <span class="sb-inline-rule-number">R007</span> [`require-job-name`](../require-job-name.md) | 💡 |
104
- | <span class="sb-inline-rule-number">R008</span> [`require-job-step-name`](../require-job-step-name.md) | 💡 |
105
- | <span class="sb-inline-rule-number">R002</span> [`require-job-timeout-minutes`](../require-job-timeout-minutes.md) | |
106
- | <span class="sb-inline-rule-number">R035</span> [`require-merge-group-trigger`](../require-merge-group-trigger.md) | |
107
- | <span class="sb-inline-rule-number">R032</span> [`require-pull-request-target-branches`](../require-pull-request-target-branches.md) | |
108
- | <span class="sb-inline-rule-number">R021</span> [`require-run-step-shell`](../require-run-step-shell.md) | |
109
- | <span class="sb-inline-rule-number">R102</span> [`require-sarif-upload-security-events-write`](../require-sarif-upload-security-events-write.md) | |
110
- | <span class="sb-inline-rule-number">R103</span> [`require-scorecard-results-format-sarif`](../require-scorecard-results-format-sarif.md) | |
111
- | <span class="sb-inline-rule-number">R104</span> [`require-scorecard-upload-sarif-step`](../require-scorecard-upload-sarif-step.md) | |
112
- | <span class="sb-inline-rule-number">R107</span> [`require-secret-scan-contents-read`](../require-secret-scan-contents-read.md) | |
113
- | <span class="sb-inline-rule-number">R105</span> [`require-secret-scan-fetch-depth-zero`](../require-secret-scan-fetch-depth-zero.md) | |
114
- | <span class="sb-inline-rule-number">R106</span> [`require-secret-scan-schedule`](../require-secret-scan-schedule.md) | |
115
- | <span class="sb-inline-rule-number">R057</span> [`require-template-categories`](../require-template-categories.md) | |
116
- | <span class="sb-inline-rule-number">R058</span> [`require-template-file-patterns`](../require-template-file-patterns.md) | |
117
- | <span class="sb-inline-rule-number">R065</span> [`require-template-icon-file-exists`](../require-template-icon-file-exists.md) | |
118
- | <span class="sb-inline-rule-number">R056</span> [`require-template-icon-name`](../require-template-icon-name.md) | |
119
- | <span class="sb-inline-rule-number">R067</span> [`require-template-workflow-name`](../require-template-workflow-name.md) | |
120
- | <span class="sb-inline-rule-number">R031</span> [`require-trigger-types`](../require-trigger-types.md) | |
121
- | <span class="sb-inline-rule-number">R108</span> [`require-trufflehog-verified-results-mode`](../require-trufflehog-verified-results-mode.md) | |
122
- | <span class="sb-inline-rule-number">R034</span> [`require-workflow-call-input-type`](../require-workflow-call-input-type.md) | |
123
- | <span class="sb-inline-rule-number">R039</span> [`require-workflow-call-output-value`](../require-workflow-call-output-value.md) | |
124
- | <span class="sb-inline-rule-number">R004</span> [`require-workflow-concurrency`](../require-workflow-concurrency.md) | |
125
- | <span class="sb-inline-rule-number">R022</span> [`require-workflow-dispatch-input-type`](../require-workflow-dispatch-input-type.md) | |
126
- | <span class="sb-inline-rule-number">R024</span> [`require-workflow-interface-description`](../require-workflow-interface-description.md) | |
127
- | <span class="sb-inline-rule-number">R001</span> [`require-workflow-permissions`](../require-workflow-permissions.md) | |
128
- | <span class="sb-inline-rule-number">R028</span> [`require-workflow-run-branches`](../require-workflow-run-branches.md) | |
129
- | <span class="sb-inline-rule-number">R054</span> [`require-workflow-template-pair`](../require-workflow-template-pair.md) | |
130
- | <span class="sb-inline-rule-number">R055</span> [`require-workflow-template-properties-pair`](../require-workflow-template-properties-pair.md) | |
131
- | <span class="sb-inline-rule-number">R017</span> [`valid-timeout-minutes`](../valid-timeout-minutes.md) | |
132
- | <span class="sb-inline-rule-number">R018</span> [`valid-trigger-events`](../valid-trigger-events.md) | — |
17
+ | Rule | Fix |
18
+ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-: |
19
+ | <span class="sb-inline-rule-number">R009</span> [`action-name-casing`](../action-name-casing.md) | 🔧 |
20
+ | <span class="sb-inline-rule-number">R010</span> [`job-id-casing`](../job-id-casing.md) | |
21
+ | <span class="sb-inline-rule-number">R011</span> [`max-jobs-per-action`](../max-jobs-per-action.md) | |
22
+ | <span class="sb-inline-rule-number">R048</span> [`no-case-insensitive-input-id-collision`](../no-case-insensitive-input-id-collision.md) | |
23
+ | <span class="sb-inline-rule-number">R097</span> [`no-codeql-autobuild-for-javascript-typescript`](../no-codeql-autobuild-for-javascript-typescript.md) | |
24
+ | <span class="sb-inline-rule-number">R096</span> [`no-codeql-javascript-typescript-split-language-matrix`](../no-codeql-javascript-typescript-split-language-matrix.md) | |
25
+ | <span class="sb-inline-rule-number">R049</span> [`no-composite-input-env-access`](../no-composite-input-env-access.md) | |
26
+ | <span class="sb-inline-rule-number">R044</span> [`no-deprecated-node-runtime`](../no-deprecated-node-runtime.md) | |
27
+ | <span class="sb-inline-rule-number">R051</span> [`no-duplicate-composite-step-id`](../no-duplicate-composite-step-id.md) | |
28
+ | <span class="sb-inline-rule-number">R060</span> [`no-empty-template-file-pattern`](../no-empty-template-file-pattern.md) | 🔧 |
29
+ | <span class="sb-inline-rule-number">R012</span> [`no-external-job`](../no-external-job.md) | |
30
+ | <span class="sb-inline-rule-number">R068</span> [`no-hardcoded-default-branch-in-template`](../no-hardcoded-default-branch-in-template.md) | |
31
+ | <span class="sb-inline-rule-number">R063</span> [`no-icon-file-extension-in-template-icon-name`](../no-icon-file-extension-in-template-icon-name.md) | 🔧 |
32
+ | <span class="sb-inline-rule-number">R026</span> [`no-inherit-secrets`](../no-inherit-secrets.md) | |
33
+ | <span class="sb-inline-rule-number">R042</span> [`no-invalid-concurrency-context`](../no-invalid-concurrency-context.md) | |
34
+ | <span class="sb-inline-rule-number">R019</span> [`no-invalid-key`](../no-invalid-key.md) | |
35
+ | <span class="sb-inline-rule-number">R041</span> [`no-invalid-reusable-workflow-job-key`](../no-invalid-reusable-workflow-job-key.md) | |
36
+ | <span class="sb-inline-rule-number">R059</span> [`no-invalid-template-file-pattern-regex`](../no-invalid-template-file-pattern-regex.md) | |
37
+ | <span class="sb-inline-rule-number">R040</span> [`no-invalid-workflow-call-output-value`](../no-invalid-workflow-call-output-value.md) | |
38
+ | <span class="sb-inline-rule-number">R095</span> [`no-overlapping-dependabot-directories`](../no-overlapping-dependabot-directories.md) | |
39
+ | <span class="sb-inline-rule-number">R064</span> [`no-path-separators-in-template-icon-name`](../no-path-separators-in-template-icon-name.md) | 💡 |
40
+ | <span class="sb-inline-rule-number">R046</span> [`no-post-if-without-post`](../no-post-if-without-post.md) | 🔧 |
41
+ | <span class="sb-inline-rule-number">R030</span> [`no-pr-head-checkout-in-pull-request-target`](../no-pr-head-checkout-in-pull-request-target.md) | |
42
+ | <span class="sb-inline-rule-number">R045</span> [`no-pre-if-without-pre`](../no-pre-if-without-pre.md) | 🔧 |
43
+ | <span class="sb-inline-rule-number">R047</span> [`no-required-input-with-default`](../no-required-input-with-default.md) | 💡 |
44
+ | <span class="sb-inline-rule-number">R027</span> [`no-secrets-in-if`](../no-secrets-in-if.md) | |
45
+ | <span class="sb-inline-rule-number">R036</span> [`no-self-hosted-runner-on-fork-pr-events`](../no-self-hosted-runner-on-fork-pr-events.md) | |
46
+ | <span class="sb-inline-rule-number">R062</span> [`no-subdirectory-template-file-pattern`](../no-subdirectory-template-file-pattern.md) | |
47
+ | <span class="sb-inline-rule-number">R069</span> [`no-template-placeholder-in-non-template-workflow`](../no-template-placeholder-in-non-template-workflow.md) | |
48
+ | <span class="sb-inline-rule-number">R013</span> [`no-top-level-env`](../no-top-level-env.md) | |
49
+ | <span class="sb-inline-rule-number">R061</span> [`no-universal-template-file-pattern`](../no-universal-template-file-pattern.md) | |
50
+ | <span class="sb-inline-rule-number">R081</span> [`no-unknown-dependabot-multi-ecosystem-group`](../no-unknown-dependabot-multi-ecosystem-group.md) | |
51
+ | <span class="sb-inline-rule-number">R050</span> [`no-unknown-input-reference-in-composite`](../no-unknown-input-reference-in-composite.md) | |
52
+ | <span class="sb-inline-rule-number">R037</span> [`no-unknown-job-output-reference`](../no-unknown-job-output-reference.md) | |
53
+ | <span class="sb-inline-rule-number">R038</span> [`no-unknown-step-reference`](../no-unknown-step-reference.md) | |
54
+ | <span class="sb-inline-rule-number">R029</span> [`no-untrusted-input-in-run`](../no-untrusted-input-in-run.md) | |
55
+ | <span class="sb-inline-rule-number">R085</span> [`no-unused-dependabot-enable-beta-ecosystems`](../no-unused-dependabot-enable-beta-ecosystems.md) | 🔧 |
56
+ | <span class="sb-inline-rule-number">R053</span> [`no-unused-input-in-composite`](../no-unused-input-in-composite.md) ||
57
+ | <span class="sb-inline-rule-number">R023</span> [`no-write-all-permissions`](../no-write-all-permissions.md) | |
58
+ | <span class="sb-inline-rule-number">R003</span> [`pin-action-shas`](../pin-action-shas.md) | |
59
+ | <span class="sb-inline-rule-number">R043</span> [`prefer-action-yml`](../prefer-action-yml.md) | |
60
+ | <span class="sb-inline-rule-number">R015</span> [`prefer-fail-fast`](../prefer-fail-fast.md) | |
61
+ | <span class="sb-inline-rule-number">R020</span> [`prefer-file-extension`](../prefer-file-extension.md) | |
62
+ | <span class="sb-inline-rule-number">R033</span> [`prefer-inputs-context`](../prefer-inputs-context.md) | 🔧 |
63
+ | <span class="sb-inline-rule-number">R016</span> [`prefer-step-uses-style`](../prefer-step-uses-style.md) ||
64
+ | <span class="sb-inline-rule-number">R066</span> [`prefer-template-yml-extension`](../prefer-template-yml-extension.md) | |
65
+ | <span class="sb-inline-rule-number">R005</span> [`require-action-name`](../require-action-name.md) | |
66
+ | <span class="sb-inline-rule-number">R006</span> [`require-action-run-name`](../require-action-run-name.md) | |
67
+ | <span class="sb-inline-rule-number">R025</span> [`require-checkout-before-local-action`](../require-checkout-before-local-action.md) | |
68
+ | <span class="sb-inline-rule-number">R099</span> [`require-codeql-actions-read`](../require-codeql-actions-read.md) | |
69
+ | <span class="sb-inline-rule-number">R113</span> [`require-codeql-branch-filters`](../require-codeql-branch-filters.md) | |
70
+ | <span class="sb-inline-rule-number">R114</span> [`require-codeql-category-when-language-matrix`](../require-codeql-category-when-language-matrix.md) | |
71
+ | <span class="sb-inline-rule-number">R100</span> [`require-codeql-pull-request-trigger`](../require-codeql-pull-request-trigger.md) | |
72
+ | <span class="sb-inline-rule-number">R101</span> [`require-codeql-schedule`](../require-codeql-schedule.md) | |
73
+ | <span class="sb-inline-rule-number">R098</span> [`require-codeql-security-events-write`](../require-codeql-security-events-write.md) | |
74
+ | <span class="sb-inline-rule-number">R052</span> [`require-composite-step-name`](../require-composite-step-name.md) | |
75
+ | <span class="sb-inline-rule-number">R077</span> [`require-dependabot-assignees`](../require-dependabot-assignees.md) | |
76
+ | <span class="sb-inline-rule-number">R111</span> [`require-dependabot-automation-permissions`](../require-dependabot-automation-permissions.md) | |
77
+ | <span class="sb-inline-rule-number">R112</span> [`require-dependabot-automation-pull-request-trigger`](../require-dependabot-automation-pull-request-trigger.md) | |
78
+ | <span class="sb-inline-rule-number">R109</span> [`require-dependabot-bot-actor-guard`](../require-dependabot-bot-actor-guard.md) | |
79
+ | <span class="sb-inline-rule-number">R089</span> [`require-dependabot-commit-message-include-scope`](../require-dependabot-commit-message-include-scope.md) | |
80
+ | <span class="sb-inline-rule-number">R079</span> [`require-dependabot-commit-message-prefix`](../require-dependabot-commit-message-prefix.md) | |
81
+ | <span class="sb-inline-rule-number">R090</span> [`require-dependabot-commit-message-prefix-development`](../require-dependabot-commit-message-prefix-development.md) | |
82
+ | <span class="sb-inline-rule-number">R086</span> [`require-dependabot-cooldown`](../require-dependabot-cooldown.md) | |
83
+ | <span class="sb-inline-rule-number">R073</span> [`require-dependabot-directory`](../require-dependabot-directory.md) | |
84
+ | <span class="sb-inline-rule-number">R084</span> [`require-dependabot-github-actions-directory-root`](../require-dependabot-github-actions-directory-root.md) | 🔧 |
85
+ | <span class="sb-inline-rule-number">R080</span> [`require-dependabot-labels`](../require-dependabot-labels.md) ||
86
+ | <span class="sb-inline-rule-number">R087</span> [`require-dependabot-open-pull-requests-limit`](../require-dependabot-open-pull-requests-limit.md) | |
87
+ | <span class="sb-inline-rule-number">R072</span> [`require-dependabot-package-ecosystem`](../require-dependabot-package-ecosystem.md) | |
88
+ | <span class="sb-inline-rule-number">R082</span> [`require-dependabot-patterns-for-multi-ecosystem-group`](../require-dependabot-patterns-for-multi-ecosystem-group.md) | |
89
+ | <span class="sb-inline-rule-number">R083</span> [`require-dependabot-schedule-cronjob`](../require-dependabot-schedule-cronjob.md) | |
90
+ | <span class="sb-inline-rule-number">R074</span> [`require-dependabot-schedule-interval`](../require-dependabot-schedule-interval.md) | |
91
+ | <span class="sb-inline-rule-number">R075</span> [`require-dependabot-schedule-time`](../require-dependabot-schedule-time.md) | |
92
+ | <span class="sb-inline-rule-number">R076</span> [`require-dependabot-schedule-timezone`](../require-dependabot-schedule-timezone.md) | |
93
+ | <span class="sb-inline-rule-number">R078</span> [`require-dependabot-target-branch`](../require-dependabot-target-branch.md) | |
94
+ | <span class="sb-inline-rule-number">R071</span> [`require-dependabot-updates`](../require-dependabot-updates.md) | |
95
+ | <span class="sb-inline-rule-number">R070</span> [`require-dependabot-version`](../require-dependabot-version.md) | 🔧 |
96
+ | <span class="sb-inline-rule-number">R088</span> [`require-dependabot-versioning-strategy-for-npm`](../require-dependabot-versioning-strategy-for-npm.md) ||
97
+ | <span class="sb-inline-rule-number">R091</span> [`require-dependency-review-action`](../require-dependency-review-action.md) | |
98
+ | <span class="sb-inline-rule-number">R093</span> [`require-dependency-review-fail-on-severity`](../require-dependency-review-fail-on-severity.md) | |
99
+ | <span class="sb-inline-rule-number">R092</span> [`require-dependency-review-permissions-contents-read`](../require-dependency-review-permissions-contents-read.md) | |
100
+ | <span class="sb-inline-rule-number">R094</span> [`require-dependency-review-pull-request-trigger`](../require-dependency-review-pull-request-trigger.md) | |
101
+ | <span class="sb-inline-rule-number">R110</span> [`require-fetch-metadata-github-token`](../require-fetch-metadata-github-token.md) | |
102
+ | <span class="sb-inline-rule-number">R007</span> [`require-job-name`](../require-job-name.md) | 💡 |
103
+ | <span class="sb-inline-rule-number">R008</span> [`require-job-step-name`](../require-job-step-name.md) | 💡 |
104
+ | <span class="sb-inline-rule-number">R002</span> [`require-job-timeout-minutes`](../require-job-timeout-minutes.md) ||
105
+ | <span class="sb-inline-rule-number">R035</span> [`require-merge-group-trigger`](../require-merge-group-trigger.md) | |
106
+ | <span class="sb-inline-rule-number">R032</span> [`require-pull-request-target-branches`](../require-pull-request-target-branches.md) | |
107
+ | <span class="sb-inline-rule-number">R021</span> [`require-run-step-shell`](../require-run-step-shell.md) | |
108
+ | <span class="sb-inline-rule-number">R102</span> [`require-sarif-upload-security-events-write`](../require-sarif-upload-security-events-write.md) | |
109
+ | <span class="sb-inline-rule-number">R103</span> [`require-scorecard-results-format-sarif`](../require-scorecard-results-format-sarif.md) | |
110
+ | <span class="sb-inline-rule-number">R104</span> [`require-scorecard-upload-sarif-step`](../require-scorecard-upload-sarif-step.md) | |
111
+ | <span class="sb-inline-rule-number">R107</span> [`require-secret-scan-contents-read`](../require-secret-scan-contents-read.md) | |
112
+ | <span class="sb-inline-rule-number">R105</span> [`require-secret-scan-fetch-depth-zero`](../require-secret-scan-fetch-depth-zero.md) | |
113
+ | <span class="sb-inline-rule-number">R106</span> [`require-secret-scan-schedule`](../require-secret-scan-schedule.md) | |
114
+ | <span class="sb-inline-rule-number">R057</span> [`require-template-categories`](../require-template-categories.md) | |
115
+ | <span class="sb-inline-rule-number">R058</span> [`require-template-file-patterns`](../require-template-file-patterns.md) | |
116
+ | <span class="sb-inline-rule-number">R065</span> [`require-template-icon-file-exists`](../require-template-icon-file-exists.md) | |
117
+ | <span class="sb-inline-rule-number">R056</span> [`require-template-icon-name`](../require-template-icon-name.md) | |
118
+ | <span class="sb-inline-rule-number">R067</span> [`require-template-workflow-name`](../require-template-workflow-name.md) | |
119
+ | <span class="sb-inline-rule-number">R031</span> [`require-trigger-types`](../require-trigger-types.md) | |
120
+ | <span class="sb-inline-rule-number">R108</span> [`require-trufflehog-verified-results-mode`](../require-trufflehog-verified-results-mode.md) | |
121
+ | <span class="sb-inline-rule-number">R034</span> [`require-workflow-call-input-type`](../require-workflow-call-input-type.md) | |
122
+ | <span class="sb-inline-rule-number">R039</span> [`require-workflow-call-output-value`](../require-workflow-call-output-value.md) | |
123
+ | <span class="sb-inline-rule-number">R004</span> [`require-workflow-concurrency`](../require-workflow-concurrency.md) | |
124
+ | <span class="sb-inline-rule-number">R022</span> [`require-workflow-dispatch-input-type`](../require-workflow-dispatch-input-type.md) | |
125
+ | <span class="sb-inline-rule-number">R024</span> [`require-workflow-interface-description`](../require-workflow-interface-description.md) | |
126
+ | <span class="sb-inline-rule-number">R001</span> [`require-workflow-permissions`](../require-workflow-permissions.md) | |
127
+ | <span class="sb-inline-rule-number">R028</span> [`require-workflow-run-branches`](../require-workflow-run-branches.md) | |
128
+ | <span class="sb-inline-rule-number">R054</span> [`require-workflow-template-pair`](../require-workflow-template-pair.md) | |
129
+ | <span class="sb-inline-rule-number">R055</span> [`require-workflow-template-properties-pair`](../require-workflow-template-properties-pair.md) | |
130
+ | <span class="sb-inline-rule-number">R017</span> [`valid-timeout-minutes`](../valid-timeout-minutes.md) | |
131
+ | <span class="sb-inline-rule-number">R018</span> [`valid-trigger-events`](../valid-trigger-events.md) | |
package/docs/rules/presets/code-scanning.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 2
3
- ---
4
-
5
- # `githubActions.configs.codeScanning`
6
-
7
- Workflow security defaults for CodeQL, SARIF upload, dependency review, and related code-scanning integrations.
8
-
1
+ ---
2
+ sidebar_position: 2
3
+ ---
4
+
5
+ # `githubActions.configs.codeScanning`
6
+
7
+ Workflow security defaults for CodeQL, SARIF upload, dependency review, and related code-scanning integrations.
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
package/docs/rules/presets/dependabot.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 3
3
- ---
4
-
5
- # `githubActions.configs.dependabot`
6
-
7
- Linting defaults for repository Dependabot configuration files.
8
-
1
+ ---
2
+ sidebar_position: 3
3
+ ---
4
+
5
+ # `githubActions.configs.dependabot`
6
+
7
+ Linting defaults for repository Dependabot configuration files.
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend: