From 9aad447fe644a340d64a3e965646e3b0dd74f49b Mon Sep 17 00:00:00 2001
From: Sam <109683132+kernelsam@users.noreply.github.com>
Date: Wed, 10 Jan 2024 13:30:37 -0800
Subject: [PATCH] #69 add linter workflow and update permissions (#84)

* linter test

* #69 cleanup

* #69 fix linting

* #69 fix linting
---
 .github/workflows/add-labels-to-issue.yaml |  3 ++
 .github/workflows/issue-automation.yaml    |  2 +-
 .github/workflows/lint-workflows.yaml      | 54 ++++++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/lint-workflows.yaml

diff --git a/.github/workflows/add-labels-to-issue.yaml b/.github/workflows/add-labels-to-issue.yaml
index 7fbf8c7..dd62fa6 100644
--- a/.github/workflows/add-labels-to-issue.yaml
+++ b/.github/workflows/add-labels-to-issue.yaml
@@ -8,6 +8,9 @@ on:
       SENZING_MEMBERS:
         required: false
 
+permissions:
+  issues: write
+
 jobs:
 
   add-customer-submission-label:
diff --git a/.github/workflows/issue-automation.yaml b/.github/workflows/issue-automation.yaml
index 8916d90..9a50524 100644
--- a/.github/workflows/issue-automation.yaml
+++ b/.github/workflows/issue-automation.yaml
@@ -3,8 +3,8 @@ name: 'issue automation'
 on:
   issues:
     types:
-      - reopened
       - opened
+      - reopened
 
 jobs:
 
diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml
new file mode 100644
index 0000000..4f50320
--- /dev/null
+++ b/.github/workflows/lint-workflows.yaml
@@ -0,0 +1,54 @@
+name: 'lint workflows'
+
+on:
+  workflow_call:
+    inputs:
+      validate-all-codebase:
+        default: false
+        description: 'Lint all files or only modified: true/false.'
+        required: false
+        type: boolean
+
+permissions:
+  contents: read
+  packages: read
+  statuses: write
+
+jobs:
+  # In order to require linting as a status check we need to
+  # run the overall workflow on every pr.
+  # This is used to skip at the job level if there are no
+  # changes to the workflow files.
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      workflows: ${{ steps.changes.outputs.workflows }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dorny/paths-filter@v2
+        id: changes
+        with:
+          filters: |
+            workflows:
+              - '.github/workflows/**'
+
+  lint-workflows:
+    name: Lint Workflows
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.workflows == 'true' }}
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Lint Code Base
+        uses: github/super-linter@v5
+        env:
+          DEFAULT_BRANCH: main
+          FILTER_REGEX_INCLUDE: .*.github/workflows/.*
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # only lint new and modified files
+          VALIDATE_ALL_CODEBASE: false