introspect.yml

name: "CI"

on: # yamllint disable-line rule:truthy
    push:
        paths:
            - ".github/workflows/**"
        branches:
            - "main"
    pull_request:
        paths:
            - ".github/workflows/**"
        branches:
            - "main"
            - "!v[0-9]*"

permissions:
    contents: "read"

jobs:
    lint-workflows:
        runs-on: "ubuntu-latest"
        steps:
            - name: "Harden Runner"
              uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1
              with:
                  egress-policy: "audit"

            - name: "Git checkout"
              uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1
              env:
                  GIT_COMMITTER_NAME: "GitHub Actions Shell"
                  GIT_AUTHOR_NAME: "GitHub Actions Shell"
                  EMAIL: "github-actions[bot]@users.noreply.github.com"

            # From https://github.com/rhysd/actionlint/blob/main/docs/usage.md#use-actionlint-on-github-actions
            - name: "Check workflow files"
              run: |
                  bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
                  ./actionlint -color -shellcheck=""