Improve workflow security

[dannystaple]

Improve security with shell quoting rules

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	5		0	0	0.11s
✅ BASH	bash-exec	1		0	0	0.01s
✅ BASH	shellcheck	1		0	0	0.11s
✅ BASH	shfmt	1		0	0	0.01s
❌ C	cppcheck	8		8	0	0.5s
❌ CPP	cppcheck	8		8	0	0.37s
✅ JSON	npm-package-json-lint	yes		no	no	0.52s
✅ JSON	v8r	12		0	0	11.34s
✅ REPOSITORY	gitleaks	yes		no	no	16.24s
✅ REPOSITORY	git_diff	yes		no	no	0.94s
❌ REPOSITORY	grype	yes		2	no	43.05s
✅ REPOSITORY	secretlint	yes		no	no	46.25s
✅ REPOSITORY	syft	yes		no	no	3.08s
✅ REPOSITORY	trivy-sbom	yes		no	no	4.46s
✅ REPOSITORY	trufflehog	yes		no	no	5.94s
✅ XML	xmllint	1		0	0	188.34s
✅ YAML	v8r	13		0	0	11.34s

Detailed Issues

❌ C / cppcheck - 8 errors

Results of cppcheck linter (version 2.14.2)
See documentation on https://megalinter.io/9.1.0/descriptors/c_cppcheck/
-----------------------------------------------

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ CPP / cppcheck - 8 errors

Results of cppcheck linter (version 2.14.2)
See documentation on https://megalinter.io/9.1.0/descriptors/cpp_cppcheck/
-----------------------------------------------

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h
    Checking assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h ...
    assets/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/alternative_demo/Motors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/DistanceSensor.h:3:1: error: Code 'classSR04{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class SR04 {
    ^

❌ [ERROR] galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h
    Checking galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h ...
    galleries/2013-11-14-explorer-wall-avoider-kit/demo_sketch/TurtleMotors.h:3:1: error: Code 'classMotor{' is invalid C code. Use --std or --language to configure the language. [syntaxError]
    class Motor {
    ^

❌ REPOSITORY / grype - 2 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME                      INSTALLED                                 FIXED IN  TYPE           VULNERABILITY        SEVERITY  EPSS          RISK         
tj-actions/changed-files  HIDDEN_BY_MEGALINTER 46.0.1    github-action  GHSA-mrrh-fwg8-r2c3  High      88.4% (99th)  84.5  (kev)  
tj-actions/changed-files  HIDDEN_BY_MEGALINTER 41        github-action  GHSA-mcph-m25j-8j63  High      0.7% (70th)   0.5
[0042] ERROR discovered vulnerabilities at or above the severity threshold

See detailed reports in MegaLinter artifacts

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/[email protected] (63 linters)
• oxsecurity/megalinter/flavors/[email protected] (72 linters)

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,C_CPPCHECK,CPP_CPPCHECK,JSON_V8R,JSON_NPM_PACKAGE_JSON_LINT,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,XML_XMLLINT,YAML_V8R

[github-actions]

🐳 Docker Base Image Available

A new base Docker image has been built and pushed for this PR:

Image: ghcr.io/orionrobots/orionrobots-site.base:306

How to use this image:

# Pull the image
docker pull ghcr.io/orionrobots/orionrobots-site.base:306

# Run with the image
docker run -it ghcr.io/orionrobots/orionrobots-site.base:306 bash

For local development:

You can use this image as a base for testing changes without rebuilding dependencies.

This comment is automatically updated when the base image is rebuilt.