# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # Puppet Lint tests Puppet code against the recommended Puppet language style guide. # https://puppet.com/docs/puppet/7/style_guide.html # Puppet Lint validates only code style; it does not validate syntax. # To test syntax, use Puppet's puppet parser validate command. # More details at https://github.com/puppetlabs/puppet-lint/ name: puppet-lint on: push: branches: [ $default-branch, $protected-branches ] pull_request: # The branches below must be a subset of the branches above branches: [ $default-branch ] schedule: - cron: $cron-weekly permissions: contents: read jobs: puppet-lint: name: Run puppet-lint scanning runs-on: ubuntu-latest permissions: contents: read # for checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Ruby uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf with: ruby-version: 2.7 bundler-cache: true - name: Install puppet-lint run: gem install puppet-lint - name: Run puppet-lint run: puppet-lint . --sarif > puppet-lint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub uses: github/codeql-action/upload-sarif@v2 with: sarif_file: puppet-lint-results.sarif wait-for-processing: true