name: Check GitHub Actions

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  check-actions:
    name: Check GitHub Actions
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Check Changed Files
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
          filters: |
            actions:
              - ".github/workflows/*.yml"
              - ".github/workflows/*.yaml"
      - uses: aquaproj/aqua-installer@e2d0136abcf70b7a2f6f505720640750557c4b33 # v3.1.1
        if: steps.filter.outputs.actions == 'true'
        with:
          aqua_version: v2.28.0
      - name: Linting
        if: steps.filter.outputs.actions == 'true'
        run: |
          shellcheck --version
          ghalint run
          actionlint -color