d6d4ddb15b
Templates for repos to enable language-specific security scanning: - security-php.yml: PHPStan + Semgrep SAST - security-shell.yml: ShellCheck for bash scripts - security-docker.yml: Hadolint for Dockerfiles CodeQL default setup now enabled across all public repos for: - Go, JavaScript/TypeScript (core, core-gui, build) - JavaScript/TypeScript (core-admin, core-api, core-mcp, etc.) - Actions workflow scanning (core-php, core-tenant, etc.) - Python (ansible-*, docker-server-blockchain) - C# (btcpayserver-docker) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
23 lines
485 B
YAML
23 lines
485 B
YAML
name: Dockerfile Lint
|
|
|
|
on:
|
|
push:
|
|
branches: [dev, main]
|
|
paths: ['**/Dockerfile*', '**.dockerfile']
|
|
pull_request:
|
|
branches: [dev, main]
|
|
paths: ['**/Dockerfile*', '**.dockerfile']
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
hadolint:
|
|
name: Hadolint
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Run Hadolint
|
|
uses: hadolint/hadolint-action@v3.1.0
|
|
with:
|
|
recursive: true
|
|
failure-threshold: warning
|