slackapi
ci: check for correct spellings and secure practices in actions
Summary
This PR tests the prerelease of slackapi/[email protected] for spell checks and secure practices.
Requirements
- [x] I've read and understood the Contributing Guidelines and have done my best effort to follow them.
- [x] I've read and agree to the Code of Conduct.
Codecov Report
:white_check_mark: All modified and coverable lines are covered by tests.
:white_check_mark: Project coverage is 99.86%. Comparing base (749d8a6) to head (a958b2c).
Additional details and impacted files
@@ Coverage Diff @@
## main #484 +/- ##
=======================================
Coverage 99.86% 99.86%
=======================================
Files 7 7
Lines 722 722
=======================================
Hits 721 721
Misses 1 1
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.
![github-advanced-security[bot] avatar](https://avatars.githubusercontent.com/in/57789?v=4 "Published by a pub.dev verified publisher"){kind=small}
📣 The zizmor check completes and typos isn't run with the healthscore itself now erroring with the following:
Run actions/github-script@v7
Error [ERR_REQUIRE_ASYNC_MODULE]: require() cannot be used on an ESM graph with top-level await. Use import() instead. To see where the top-level await comes from, use --experimental-print-required-tla.
at ModuleJobSync.runSync (node:internal/modules/esm/module_job:384:13)
at ModuleLoader.importSyncForRequire (node:internal/modules/esm/loader:323:47)
at loadESMFromCJS (node:internal/modules/cjs/loader:1371:24)
at Module._compile (node:internal/modules/cjs/loader:1511:5)
at Module._extensions..js (node:internal/modules/cjs/loader:1572:16)
at Module.load (node:internal/modules/cjs/loader:1275:32)
at Module._load (node:internal/modules/cjs/loader:1096:12)
at Module.require (node:internal/modules/cjs/loader:1298:19)
at require (node:internal/modules/helpers:182:18)
at Object.apply (/home/runner/work/_actions/actions/github-script/v7/dist/index.js:35467:27) {
code: 'ERR_REQUIRE_ASYNC_MODULE'
}
Error: Unhandled error: Error [ERR_REQUIRE_ASYNC_MODULE]: require() cannot be used on an ESM graph with top-level await. Use import() instead. To see where the top-level await comes from, use --experimental-print-required-tla.
🔗 https://github.com/slackapi/slack-github-action/actions/runs/16688509618/job/47242358352?pr=484#step:31:208
📣 Now we run the checkups and attempt to read a missing .typos.toml from the health score:
$ ./typos . --config .typos.toml
could not read config at `.typos.toml`
🔗 https://github.com/slackapi/slack-github-action/actions/runs/16689275015/job/47244330326#step:31:4605
📣 Now odd spellings are found!
$ ./typos . --config /home/runner/work/_actions/slackapi/slack-health-score/5f8af1380f3d43084c3a99d03dbb844fe0fb3ab9/.typos.toml
Warning: "seperator" should be "separator".
Warning: "Seperators" should be "Separators".
error: `seperator` should be `separator`
--> ./action.yml:19:25
|
19 | description: "Field seperator for nested attributes in the input payload."
| ^^^^^^^^^
|
error: `Seperators` should be `Separators`
--> ./src/config.js:47:45
|
47 | * @property {string?} payloadDelimiter - Seperators of nested attributes.
| ^^^^^^^^^^
|
Error: Process completed with exit code 2.
🔗 https://github.com/slackapi/slack-github-action/actions/runs/16689481695/job/47244964073#step:31:4603