PrivateBin/.github/workflows/eslint.yml
El RIDO 630886e2c2
harden gihub actions
- restrict all default permissions
- content: read is not necessary for public repos
- security-events: write is needed for CodeQL uploads of SARIF reports
- persist-credentials: false prevents any github token to remain configured in the checked out repo (not necessary when not intending to push from the action)
2026-05-25 08:03:43 +02:00

43 lines
854 B
YAML

name: ESLint Check
on:
push:
paths:
- 'js/**/*.js'
- 'js/package-lock.json'
- .github/workflows/eslint.yml
pull_request:
paths:
- 'js/**/*.js'
- 'js/package-lock.json'
- .github/workflows/eslint.yml
permissions: {}
jobs:
eslint:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
- name: Install dependencies
run: |
if [ -f js/package.json ]; then
cd js && npm ci
fi
- name: Run ESLint
run: |
if [ -f js/package.json ]; then
cd js && npx eslint .
else
npx eslint js/
fi