[Merged by Bors] - ci: Move GitHub apps private keys to Azure Key Vault and mint tokens Key Vault signing #4577
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check workflows | |
| on: | |
| pull_request: | |
| paths: | |
| - '.github/**' | |
| merge_group: | |
| jobs: | |
| actionlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: suggester / actionlint | |
| uses: reviewdog/action-actionlint@0d952c597ef8459f634d7145b0b044a9699e5e43 # v1.71.0 | |
| with: | |
| tool_name: actionlint | |
| fail_level: any | |
| ensure-sha-pinned-actions: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| # Using our fork's PR branch until upstream merges the improved error reporting: | |
| # https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/288 | |
| # TODO: Update to upstream release once merged. | |
| - name: Ensure all actions are pinned to SHA | |
| uses: kim-em/github-actions-ensure-sha-pinned-actions@00f51cdb5bbc21f5bc873ef3a2dceef45df213af # improve-error-reporting |