Skip to content

ci: check for correct spellings and secure practices in actions #484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
zimeg wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

ci: check for correct spellings and secure practices in actions #484

zimeg wants to merge 7 commits into from

Conversation

@zimeg
Copy link
Member

@zimeg zimeg commented Aug 2, 2025

Summary

This PR tests the prerelease of slackapi/slack-health-score@v0.2.0-rc.1 for spell checks and secure practices.

Requirements

@zimeg zimeg self-assigned this Aug 2, 2025
@zimeg zimeg added the github_actions Pull requests that update GitHub Actions code label Aug 2, 2025
@codecov
Copy link

codecov bot commented Aug 2, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.86%. Comparing base (749d8a6) to head (a958b2c).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #484   +/-   ##
=======================================
  Coverage   99.86%   99.86%           
=======================================
  Files           7        7           
  Lines         722      722           
=======================================
  Hits          721      721           
  Misses          1        1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-advanced-security
Copy link

github-advanced-security bot commented Aug 2, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@zimeg
Copy link
Member Author

zimeg commented Aug 2, 2025

📣 The zizmor check completes and typos isn't run with the healthscore itself now erroring with the following:

Run actions/github-script@v7
Error [ERR_REQUIRE_ASYNC_MODULE]: require() cannot be used on an ESM graph with top-level await. Use import() instead. To see where the top-level await comes from, use --experimental-print-required-tla.
    at ModuleJobSync.runSync (node:internal/modules/esm/module_job:384:13)
    at ModuleLoader.importSyncForRequire (node:internal/modules/esm/loader:323:47)
    at loadESMFromCJS (node:internal/modules/cjs/loader:1371:24)
    at Module._compile (node:internal/modules/cjs/loader:1511:5)
    at Module._extensions..js (node:internal/modules/cjs/loader:1572:16)
    at Module.load (node:internal/modules/cjs/loader:1275:32)
    at Module._load (node:internal/modules/cjs/loader:1096:12)
    at Module.require (node:internal/modules/cjs/loader:1298:19)
    at require (node:internal/modules/helpers:182:18)
    at Object.apply (/home/runner/work/_actions/actions/github-script/v7/dist/index.js:35467:27) {
  code: 'ERR_REQUIRE_ASYNC_MODULE'
}
Error: Unhandled error: Error [ERR_REQUIRE_ASYNC_MODULE]: require() cannot be used on an ESM graph with top-level await. Use import() instead. To see where the top-level await comes from, use --experimental-print-required-tla.

🔗 https://github.com/slackapi/slack-github-action/actions/runs/16688509618/job/47242358352?pr=484#step:31:208

@zimeg zimeg mentioned this pull request Aug 2, 2025
Draft
2 tasks
@zimeg
Copy link
Member Author

zimeg commented Aug 2, 2025

📣 Now we run the checkups and attempt to read a missing .typos.toml from the health score:

$ ./typos . --config .typos.toml
could not read config at `.typos.toml`

🔗 https://github.com/slackapi/slack-github-action/actions/runs/16689275015/job/47244330326#step:31:4605

@zimeg
Copy link
Member Author

zimeg commented Aug 2, 2025

📣 Now odd spellings are found!

$ ./typos . --config /home/runner/work/_actions/slackapi/slack-health-score/5f8af1380f3d43084c3a99d03dbb844fe0fb3ab9/.typos.toml
Warning: "seperator" should be "separator".
Warning: "Seperators" should be "Separators".
error: `seperator` should be `separator`
  --> ./action.yml:19:25
   |
19 |     description: "Field seperator for nested attributes in the input payload."
   |                         ^^^^^^^^^
   |
error: `Seperators` should be `Separators`
  --> ./src/config.js:47:45
   |
47 |    * @property {string?} payloadDelimiter - Seperators of nested attributes.
   |                                             ^^^^^^^^^^
   |
Error: Process completed with exit code 2.

🔗 https://github.com/slackapi/slack-github-action/actions/runs/16689481695/job/47244964073#step:31:4603

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@zimeg zimeg

Labels

github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zimeg