From c8510574b596c5a75175dc56b305a2a11e9aca9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matou=C5=A1=20Volf?=
 <66163112+matous-volf@users.noreply.github.com>
Date: Thu, 15 Aug 2024 12:23:10 +0200
Subject: [PATCH 1/5] ci: add a GitHub action for code linting

---
 .github/workflows/lint.yml | 40 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 .github/workflows/lint.yml

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 0000000..1fd6962
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,40 @@
+name: lint
+
+on:
+  pull_request:
+    types: [ opened, synchronize, reopened, edited ]
+
+permissions: { }
+
+jobs:
+  build:
+    name: lint
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+      # to report GitHub Actions status checks
+      statuses: write
+
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v4
+        with:
+          # super-linter needs the full git history to get the list of files that changed across commits
+          fetch-depth: 0
+
+      - name: Super-linter check
+        uses: super-linter/super-linter@v6.9.0 # x-release-please-version
+        env:
+          # to report GitHub Actions status checks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VALIDATE_ALL_CODEBASE: false
+          FIX_CSS_PRETTIER: true
+          FIX_HTML_PRETTIER: true
+          FIX_JAVASCRIPT_ES: true
+          FIX_JSON_PRETTIER: true
+          FIX_RUST_2021: true
+          FIX_RUST_CLIPPY: true
+          FIX_TYPESCRIPT_ES: true
+          FIX_YAML_PRETTIER: true

From e130da77f48f8cd2fb47db85eae2bb37c3485019 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matou=C5=A1=20Volf?=
 <66163112+matous-volf@users.noreply.github.com>
Date: Thu, 15 Aug 2024 12:42:25 +0200
Subject: [PATCH 2/5] ci: make the conventional commits and PR actions more
 consistent

---
 .github/workflows/conventional-commits.yml       | 6 ++++--
 .github/workflows/conventional-pull-requests.yml | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml
index ae0e33e..5ebc73b 100644
--- a/.github/workflows/conventional-commits.yml
+++ b/.github/workflows/conventional-commits.yml
@@ -9,7 +9,9 @@ jobs:
     name: conventional commits
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
-      - uses: webiny/action-conventional-commits@v1.3.0
+      - name: checkout code
+        uses: actions/checkout@v3
+      - name: conventional commits check
+        uses: webiny/action-conventional-commits@v1.3.0
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/conventional-pull-requests.yml b/.github/workflows/conventional-pull-requests.yml
index 525552e..400ee38 100644
--- a/.github/workflows/conventional-pull-requests.yml
+++ b/.github/workflows/conventional-pull-requests.yml
@@ -8,7 +8,7 @@ jobs:
   validate-pr-title:
     runs-on: ubuntu-22.04
     steps:
-      - name: PR Conventional Commit Validation
+      - name: conventional pull requests check
         uses: ytanikin/PRConventionalCommits@1.1.0
         with:
           task_types: '["build","chore","ci","docs","feat","fix","perf","refactor","revert","style","test"]'

From fc4d83b4459ace11c47a96238bdf8fbf3e367298 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matou=C5=A1=20Volf?=
 <66163112+matous-volf@users.noreply.github.com>
Date: Thu, 15 Aug 2024 13:49:11 +0200
Subject: [PATCH 3/5] fix: formatting

---
 .github/workflows/lint.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 1fd6962..f0b0d16 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -10,20 +10,16 @@ jobs:
   build:
     name: lint
     runs-on: ubuntu-latest
-
     permissions:
       contents: read
       packages: read
-      # to report GitHub Actions status checks
       statuses: write
-
     steps:
       - name: checkout code
         uses: actions/checkout@v4
         with:
-          # super-linter needs the full git history to get the list of files that changed across commits
+          # Super-linter needs the full git history to get the list of files that changed across commits
           fetch-depth: 0
-
       - name: Super-linter check
         uses: super-linter/super-linter@v6.9.0 # x-release-please-version
         env:

From 943f0d48cac118fcd02491ace4ea930e572b088d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matou=C5=A1=20Volf?=
 <66163112+matous-volf@users.noreply.github.com>
Date: Thu, 15 Aug 2024 13:49:34 +0200
Subject: [PATCH 4/5] ci: rename the conventional PRs action job

---
 .github/workflows/conventional-pull-requests.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/conventional-pull-requests.yml b/.github/workflows/conventional-pull-requests.yml
index 400ee38..a9ffc80 100644
--- a/.github/workflows/conventional-pull-requests.yml
+++ b/.github/workflows/conventional-pull-requests.yml
@@ -5,7 +5,8 @@ on:
     types: [ opened, synchronize, reopened, edited ]
 
 jobs:
-  validate-pr-title:
+  build:
+    name: conventional pull requests
     runs-on: ubuntu-22.04
     steps:
       - name: conventional pull requests check

From 2d1f1aa05b8c8bf327cdb15ffacf296ff8eb2390 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matou=C5=A1=20Volf?=
 <66163112+matous-volf@users.noreply.github.com>
Date: Thu, 15 Aug 2024 13:50:01 +0200
Subject: [PATCH 5/5] ci: restrict the CI actions permissions

---
 .github/workflows/conventional-commits.yml       | 7 +++++++
 .github/workflows/conventional-pull-requests.yml | 7 +++++++
 .github/workflows/lint.yml                       | 1 +
 3 files changed, 15 insertions(+)

diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml
index 5ebc73b..2ea04ff 100644
--- a/.github/workflows/conventional-commits.yml
+++ b/.github/workflows/conventional-commits.yml
@@ -4,10 +4,17 @@ on:
   pull_request:
     types: [ opened, synchronize, reopened, edited ]
 
+permissions: { }
+
 jobs:
   build:
     name: conventional commits
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
     steps:
       - name: checkout code
         uses: actions/checkout@v3
diff --git a/.github/workflows/conventional-pull-requests.yml b/.github/workflows/conventional-pull-requests.yml
index a9ffc80..65331b2 100644
--- a/.github/workflows/conventional-pull-requests.yml
+++ b/.github/workflows/conventional-pull-requests.yml
@@ -4,10 +4,17 @@ on:
   pull_request:
     types: [ opened, synchronize, reopened, edited ]
 
+permissions: { }
+
 jobs:
   build:
     name: conventional pull requests
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
     steps:
       - name: conventional pull requests check
         uses: ytanikin/PRConventionalCommits@1.1.0
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index f0b0d16..274d9d8 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,6 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      pull-requests: read
       packages: read
       statuses: write
     steps: