Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: SonarSource/gh-action_pre-commit
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.0.2
Choose a base ref
...
head repository: SonarSource/gh-action_pre-commit
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.0.3
Choose a head ref
  • 2 commits
  • 4 files changed
  • 2 contributors

Commits on Sep 13, 2024

  1. BUILD-6088 Create SECURITY.md

    @SamirM-BE
    SamirM-BE committed Sep 13, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    f880249 View commit details

Commits on Oct 1, 2024

  1. chore(deps): update actions/checkout action to v4.2.0 (#22) 

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    @renovate
    renovate[bot] authored Oct 1, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    3c7fc5a View commit details
Showing with 27 additions and 8 deletions.
  1. +6 −6 .github/workflows/it-test.yml
  2. +1 −1 .github/workflows/pre-commit.yml
  3. +19 −0 SECURITY.md
  4. +1 −1 action.yml
12 changes: 6 additions & 6 deletions .github/workflows/it-test.yml
View file
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@ jobs:
name: "IT Test - default inputs values should work fine on this repo"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Given the gh-action is used with default values
id: test-data
uses: ./
@@ -24,7 +24,7 @@ jobs:
name: "IT Test - custom extra-args should be honored"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Given the gh-action is used with extra-args=--help
id: test-data
uses: ./
@@ -41,7 +41,7 @@ jobs:
name: "IT Test - output status should be 1 given pre-commit detected some issue"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Given a pre-commit-config not correctly respected
id: test-data
uses: ./
@@ -60,7 +60,7 @@ jobs:
name: "IT Test - output status should be 0 given pre-commit detected no issue"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Given a pre-commit-config correctly respected
id: test-data
uses: ./
@@ -79,7 +79,7 @@ jobs:
name: "IT Test - output logs should contain failures given pre-commit detected some issue"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Given a pre-commit-config not correctly respected
id: test-data
uses: ./
@@ -98,7 +98,7 @@ jobs:
name: "IT Test - output logs should contain no failure given pre-commit detected no issue"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Given a pre-commit-config correctly respected
id: test-data
uses: ./
2 changes: 1 addition & 1 deletion .github/workflows/pre-commit.yml
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ jobs:
name: "pre-commit"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: ./
with:
extra-args: >
19 changes: 19 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Reporting Security Issues

A mature software vulnerability treatment process is a cornerstone of a robust information security management system.
Contributions from the community play an important role in the evolution and security of our products, and in safeguarding
the security and privacy of our users.

If you believe you have discovered a security vulnerability in Sonar's products, we encourage you to report it immediately.

To responsibly report a security issue, please email us at [security@sonarsource.com](mailto:security@sonarsource.com).
Sonar’s security team will acknowledge your report, guide you through the next steps,
or request additional information if necessary.
Customers with a support contract can also report the vulnerability directly through the support channel.

For security vulnerabilities found in third-party libraries, please also contact the library's owner or maintainer directly.

## Responsible Disclosure Policy

For more information about disclosing a security vulnerability to Sonar, please refer to our community post:
[Responsible Vulnerability Disclosure](https://community.sonarsource.com/t/responsible-vulnerability-disclosure/9317/).
2 changes: 1 addition & 1 deletion action.yml
View file
Original file line number Diff line number Diff line change
@@ -25,7 +25,7 @@ runs:
using: composite
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch origin
run: git fetch origin # avoid unknown revision or path not in the working tree when
# using --from-ref --to-ref feature of pre-commit