From 0271b166cea12230e5e6805353630a60bd27ec9a Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Fri, 12 Apr 2024 13:57:27 +0100
Subject: [PATCH 1/2] Reorder Health Check profile

---
 profiles/github/stacklok-health-check.yaml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/profiles/github/stacklok-health-check.yaml b/profiles/github/stacklok-health-check.yaml
index 3b402f8..ce19a7a 100644
--- a/profiles/github/stacklok-health-check.yaml
+++ b/profiles/github/stacklok-health-check.yaml
@@ -9,6 +9,16 @@ context:
 alert: "off"
 remediate: "off"
 repository:
+  - type: secret_scanning
+    name: "Secret Scanning is enabled"
+    def:
+      enabled: true
+      skip_private_repos: true
+  - type: secret_push_protection
+    name: "Secret push protection is enabled"
+    def:
+      enabled: true
+      skip_private_repos: true
   - type: actions_check_pinned_tags
     name: "GitHub Actions workflows reference pinned tags"
     def:
@@ -55,13 +65,3 @@ repository:
   - type: dockerfile_no_latest_tag
     name: "Dockerfiles reference specific tags"
     def: {}
-  - type: secret_push_protection
-    name: "Secret push protection is enabled"
-    def:
-      enabled: true
-      skip_private_repos: true
-  - type: secret_scanning
-    name: "Secret Scanning is enabled"
-    def:
-      enabled: true
-      skip_private_repos: true

From 1015c708158803572a3f5ca1ea4a961bcadec33e Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Fri, 12 Apr 2024 14:14:24 +0100
Subject: [PATCH 2/2] Correct typo in health check ("limited" not "limit")

---
 profiles/github/stacklok-health-check.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profiles/github/stacklok-health-check.yaml b/profiles/github/stacklok-health-check.yaml
index ce19a7a..eec0c59 100644
--- a/profiles/github/stacklok-health-check.yaml
+++ b/profiles/github/stacklok-health-check.yaml
@@ -40,7 +40,7 @@ repository:
     params:
       branch: ""
   - type: default_workflow_permissions
-    name: "GitHub Actions workflows have limit permissions"
+    name: "GitHub Actions workflows have limited permissions"
     def:
       default_workflow_permissions: read
       can_approve_pull_request_reviews: false