From 981fde6f58d8ed0326ccd5f4ef0340f1bba934db Mon Sep 17 00:00:00 2001 From: Jon Gadsden Date: Wed, 25 Mar 2026 13:29:45 +0000 Subject: [PATCH 1/2] update automation dependencies to use hashes --- .github/workflows/housekeeping.yaml | 6 +++--- .github/workflows/pr.yaml | 16 ++++++++-------- .github/workflows/validate-owasp-metadata.yaml | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/housekeeping.yaml b/.github/workflows/housekeeping.yaml index ab219552..59ebdaf6 100644 --- a/.github/workflows/housekeeping.yaml +++ b/.github/workflows/housekeeping.yaml @@ -16,7 +16,7 @@ jobs: actions: write steps: - name: Delete stale workflow runs - uses: Mattraks/delete-workflow-runs@v2.1.0 + uses: Mattraks/delete-workflow-runs@5bf9a1dac5c4d041c029f0a8370ddf0c5cb5aeb7 with: token: ${{ github.token }} repository: ${{ github.repository }} @@ -24,7 +24,7 @@ jobs: keep_minimum_runs: 10 - name: Delete unused workflows - uses: otto-de/purge-deprecated-workflow-runs@v4.0.4 + uses: otto-de/purge-deprecated-workflow-runs@f586d3fe7f959c38ca76a0030521dfa47946bce3 with: token: ${{ github.token }} @@ -36,7 +36,7 @@ jobs: issues: write steps: - name: Tidy stale PRs and issues - uses: actions/stale@v10.2.0 + uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f with: days-before-issue-stale: 183 days-before-issue-close: -1 diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index cbcbfbf7..684ce868 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -14,10 +14,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout markdown - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Link Checker - uses: lycheeverse/lychee-action@v2.8.0 + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 with: # skip the jekyll files under '_includes' directory args: >- @@ -39,10 +39,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout markdown - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Lint markdown - uses: DavidAnson/markdownlint-cli2-action@v22.0.0 + uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 with: config: '.markdownlint.yaml' globs: '*.md' @@ -52,10 +52,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout markdown - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Spell check - uses: rojopolis/spellcheck-github-actions@0.58.0 + uses: rojopolis/spellcheck-github-actions@e3cd8e9aec4587ec73bc0e60745aafd45c37aa2e with: config_path: .spellcheck.yaml @@ -64,9 +64,9 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout markdown - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Spell check - uses: rojopolis/spellcheck-github-actions@0.58.0 + uses: rojopolis/spellcheck-github-actions@e3cd8e9aec4587ec73bc0e60745aafd45c37aa2e with: config_path: .spellcheck-es.yaml diff --git a/.github/workflows/validate-owasp-metadata.yaml b/.github/workflows/validate-owasp-metadata.yaml index 5742c6e5..4851385d 100644 --- a/.github/workflows/validate-owasp-metadata.yaml +++ b/.github/workflows/validate-owasp-metadata.yaml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6.0.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Validate metadata file - uses: owasp/nest-schema/.github/actions/validate@v0.1.51 + uses: owasp/nest-schema/.github/actions/validate@011b47d59567ae7cfd246948c67503ba2f6cc15b From 7f9a94da09f564c71813b4cbd830dc92b77ad9e3 Mon Sep 17 00:00:00 2001 From: Jon Gadsden Date: Wed, 25 Mar 2026 15:32:29 +0000 Subject: [PATCH 2/2] add link checker to housekeeping --- .github/workflows/housekeeping.yaml | 18 +++- .github/workflows/pr.yaml | 19 +---- .spellcheck-es.yaml | 19 ----- .wordlist-es.txt | 127 ---------------------------- 4 files changed, 20 insertions(+), 163 deletions(-) delete mode 100644 .spellcheck-es.yaml delete mode 100644 .wordlist-es.txt diff --git a/.github/workflows/housekeeping.yaml b/.github/workflows/housekeeping.yaml index 59ebdaf6..72aba7e4 100644 --- a/.github/workflows/housekeeping.yaml +++ b/.github/workflows/housekeeping.yaml @@ -7,7 +7,7 @@ on: - cron: '30 6 * * 6' workflow_dispatch: -# for security reasons the github actions are pinned to specific release versions +# for security reasons the github actions are pinned to specific SHAs jobs: chores: name: Tidy workflows @@ -47,3 +47,19 @@ jobs: days-before-pr-close: 7 stale-pr-message: 'This PR is stale because it has been open 21 days with no activity. Remove stale label, or add a comment, otherwise it will be closed in 7 days.' close-pr-message: 'This PR was closed because it has been stalled for 4 weeks with no activity.' + + link_checker: + name: Link checker + runs-on: ubuntu-24.04 + + steps: + - name: Checkout markdown + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + + - name: Link Checker + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 + with: + args: --verbose --no-progress --max-retries 1 '**/*.md' '*.md' + fail: true + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 684ce868..6fe72582 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -1,13 +1,11 @@ name: Pull request pipeline -# checks are only on the draft and root directories because that is where the changes should be - on: pull_request: branches: - main workflow_dispatch: -# for security reasons the github actions are pinned to specific release versions +# for security reasons the github actions are pinned to specific SHAs jobs: link_checker: name: Link checker @@ -21,6 +19,7 @@ jobs: with: # skip the jekyll files under '_includes' directory args: >- + --verbose --no-progress --max-retries 1 --retry-wait-time 10 @@ -48,7 +47,7 @@ jobs: globs: '*.md' check_en_spelling: - name: Check EN spelling + name: Check spelling runs-on: ubuntu-24.04 steps: - name: Checkout markdown @@ -58,15 +57,3 @@ jobs: uses: rojopolis/spellcheck-github-actions@e3cd8e9aec4587ec73bc0e60745aafd45c37aa2e with: config_path: .spellcheck.yaml - - check_es_spelling: - name: Check ES spelling - runs-on: ubuntu-24.04 - steps: - - name: Checkout markdown - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - - name: Spell check - uses: rojopolis/spellcheck-github-actions@e3cd8e9aec4587ec73bc0e60745aafd45c37aa2e - with: - config_path: .spellcheck-es.yaml diff --git a/.spellcheck-es.yaml b/.spellcheck-es.yaml deleted file mode 100644 index 59068b8d..00000000 --- a/.spellcheck-es.yaml +++ /dev/null @@ -1,19 +0,0 @@ -matrix: -- name: Markdown - aspell: - lang: es - dictionary: - wordlists: - - .wordlist-es.txt - output: wordlist.dic - encoding: utf-8 - pipeline: - - pyspelling.filters.markdown: - - pyspelling.filters.html: - comments: false - ignores: - - code - - pre - sources: - - 'release-es/**/*.md' - default_encoding: utf-8 diff --git a/.wordlist-es.txt b/.wordlist-es.txt deleted file mode 100644 index fa77d8f1..00000000 --- a/.wordlist-es.txt +++ /dev/null @@ -1,127 +0,0 @@ -access -Adam -amass -Amass -app -asvs -ASVS -Calderon -cheatsheets -check -Check -checklist -codebox -contributors -controls -crypto -csrf -csrfguard -CSRFGuard -cyclonedx -CycloneDX -dast -DAST -database -defectdojo -DefectDojo -dependencies -dependency -Dependency -design -development -devguide -DevGuide -document -documentation -dragon -Dragon -encode -errors -esapi -ESAPI -exceptions -foundations -frameworks -fundamentals -go -Go -GO -goscp -guard -guides -handle -headers -Headers -https -identity -Implementacion -implementation -inputs -Johan -layout -libraries -linddun -LINDDUN -logging -management -mastg -MASTG -maswe -Misspelled words: -modeling -monitoreo -Monitoreo -monitoring -nettacker -Nettacker -opencre -OpenCRE -order -org -oshp -OSHP -owasp -OWASP -owtf -OWTF -permalink -principles -proactive -proactivos -Proactivos -protect -Pythónico -pytm -rat -redirect -release -requirements -risk -Roxana -scp -secure -Secure -secureCodeBox -security -securityrat -SecurityRAT -Shostack -skf -SKF -Sydseter -tags -threat -Threat -title -to -toolkit -tools -top -Top -track -Track -validate -verification -vulnerability -wstg -WSTG