More trunk junk / remove old workflows (#6153)

2025-02-26 20:43:01 -05:00 · 2025-02-26 20:43:01 -05:00 · b437f0fb54
commit b437f0fb54
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -2,7 +2,7 @@
 version: 2
 updates:
  - package-ecosystem: docker
-    directory: devcontainer
+    directory: /.devcontainer
    schedule:
      interval: daily
      time: "05:00"
--- a/.github/workflows/generate-userprefs.yml
+++ b/.github/workflows/generate-userprefs.yml
@ -1,35 +0,0 @@
-name: Generate UsersPrefs JSON manifest
-
-on:
-  push:
-    paths:
-      - userPrefs.h
-    branches:
-      - master
-
-jobs:
-  generate-userprefs:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install Clang
-        run: sudo apt-get install -y clang
-
-      - name: Install trunk
-        run: curl https://get.trunk.io -fsSL | bash
-
-      - name: Generate userPrefs.jsom
-        run: python3 ./bin/build-userprefs-json.py
-
-      - name: Trunk format json
-        run: trunk format userPrefs.json
-
-      - name: Commit userPrefs.json
-        run: |
-          git config --global user.email "actions@github.com"
-          git config --global user.name "GitHub Actions"
-          git add userPrefs.json
-          git commit -m "Update userPrefs.json"
-          git push
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@ -9,7 +9,7 @@ permissions: read-all
 jobs:
  trunk_check:
    name: Trunk Check and Upload
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04

    steps:
      - name: Checkout
@ -23,7 +23,7 @@ jobs:
  trunk_upgrade:
    # See: https://github.com/trunk-io/trunk-action/blob/v1/readme.md#automatic-upgrades
    name: Trunk Upgrade (PR)
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    permissions:
      contents: write # For trunk to create PRs
      pull-requests: write # For trunk to create PRs
--- a/.github/workflows/sec_sast_flawfinder.yml
+++ b/.github/workflows/sec_sast_flawfinder.yml
@ -1,41 +0,0 @@
---
-name: Flawfinder Scan
-
-on:
-  push:
-    branches: [master, develop]
-    paths-ignore:
-      - "**.md"
-      - "version.properties"
-
-jobs:
-  flawfinder:
-    runs-on: ubuntu-latest
-    name: Flawfinder
-
-    steps:
-      # step 1
-      - name: clone application source code
-        uses: actions/checkout@v4
-
-      # step 2
-      - name: flawfinder_scan
-        uses: david-a-wheeler/flawfinder@2.0.19
-        with:
-          arguments: "--sarif ./"
-          output: "flawfinder_report.sarif"
-
-      # step 3
-      - name: save report as pipeline artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: flawfinder_report.sarif
-          overwrite: true
-          path: flawfinder_report.sarif
-
-      # step 4
-      - name: publish code scanning alerts
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: flawfinder_report.sarif
-          category: flawfinder
--- a/.github/workflows/sec_sast_semgrep_cron.yml
+++ b/.github/workflows/sec_sast_semgrep_cron.yml
@ -3,10 +3,10 @@ name: Semgrep Full Scan

 on:
  workflow_dispatch:
-    branches:
-      - master
  schedule:
-    - cron: "0 1 * * 6"
+    - cron: 0 1 * * 6
+
+permissions: read-all

 jobs:
  semgrep-full:
--- a/.github/workflows/sec_sast_semgrep_pull.yml
+++ b/.github/workflows/sec_sast_semgrep_pull.yml
@ -2,6 +2,8 @@
 name: Semgrep Differential Scan
 on: pull_request

+permissions: read-all
+
 jobs:
  semgrep-diff:
    runs-on: ubuntu-22.04
--- a/.github/workflows/trunk_annotate_pr.yml
+++ b/.github/workflows/trunk_annotate_pr.yml
@ -11,7 +11,7 @@ permissions: read-all
 jobs:
  trunk_check:
    name: Trunk Code Quality Annotate
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    permissions:
      checks: write # For trunk to post annotations
      contents: read # For repo checkout
--- a/.github/workflows/trunk_check.yml
+++ b/.github/workflows/trunk_check.yml
@ -9,7 +9,7 @@ permissions: read-all
 jobs:
  trunk_check:
    name: Trunk Check Runner
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    permissions:
      checks: write # For trunk to post annotations
      contents: read # For repo checkout
--- a/.github/workflows/trunk_format_pr.yml
+++ b/.github/workflows/trunk_format_pr.yml
@ -4,11 +4,15 @@ on:
  issue_comment:
    types: [created]

+permissions: read-all
+
 jobs:
  trunk-fmt:
    if: github.event.issue.pull_request != null && contains(github.event.comment.body, 'trunk fmt')
    runs-on: ubuntu-latest
-
+    permissions:
+      contents: write
+      pull-requests: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
--- a/.github/workflows/update_protobufs.yml
+++ b/.github/workflows/update_protobufs.yml
@ -1,10 +1,14 @@
 name: Update protobufs and regenerate classes
 on: workflow_dispatch

+permissions: read-all
+
 jobs:
  update-protobufs:
    runs-on: ubuntu-latest
-
+    permissions:
+      contents: write
+      pull-requests: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
--- a/monitor/filter_c3_exception_decoder.py
+++ b/monitor/filter_c3_exception_decoder.py
@ -1,3 +1,6 @@
+# trunk-ignore-all(bandit/B404): subprocess is used to call addr2line
+# trunk-ignore-all(bandit/B603): subprocess is used to call addr2line
+
 # Copyright (c) 2014-present PlatformIO <contact@platformio.org>
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
--- a/src/graphics/fonts/OLEDDisplayFontsPL.cpp
+++ b/src/graphics/fonts/OLEDDisplayFontsPL.cpp