From f98105e5b7ca5aa58f955bb7256500aa4a3151a3 Mon Sep 17 00:00:00 2001 From: gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:59:09 +0800 Subject: [PATCH] chore: update workflows --- .github/dependabot.yml | 21 +++++++++++---------- .github/workflows/ci.yml | 22 +++++++++++----------- .github/workflows/{sast.yml => codeql.yml} | 16 +++++++++++----- .github/workflows/labeler.yml | 13 +++++++++---- 4 files changed, 42 insertions(+), 30 deletions(-) rename .github/workflows/{sast.yml => codeql.yml} (50%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ae17f3da..e7e07693 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,13 @@ version: 2 updates: -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 -- package-ecosystem: npm - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + open-pull-requests-limit: 10 + + - package-ecosystem: npm + directory: / + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a6db3233..2e864050 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: ci +name: CI on: push: @@ -10,33 +10,33 @@ on: - 'docs/**' - '*.md' +permissions: + contents: read + jobs: dependency-review: name: Dependency Review if: github.event_name == 'pull_request' runs-on: ubuntu-latest - permissions: - contents: read steps: - - name: Check out repo - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 with: persist-credentials: false - name: Dependency review - uses: actions/dependency-review-action@v2 + uses: actions/dependency-review-action@v4 test: runs-on: ${{ matrix.os }} - permissions: - contents: read strategy: matrix: node-version: [16, 18, 20] os: [ubuntu-latest, windows-latest, macOS-latest] fail-fast: false steps: - - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 with: persist-credentials: false @@ -45,6 +45,8 @@ jobs: with: node-version: ${{ matrix.node-version }} check-latest: true + cache: npm + cache-dependency-path: package.json - name: Install run: | @@ -68,8 +70,6 @@ jobs: coverage: needs: test runs-on: ubuntu-latest - permissions: - contents: read steps: - name: Coveralls Finished uses: coverallsapp/github-action@master diff --git a/.github/workflows/sast.yml b/.github/workflows/codeql.yml similarity index 50% rename from .github/workflows/sast.yml rename to .github/workflows/codeql.yml index 1deda65d..0170f08c 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/codeql.yml @@ -1,4 +1,4 @@ -name: sast +name: CodeQL on: push: @@ -11,19 +11,25 @@ jobs: name: Analyze runs-on: ubuntu-latest permissions: + actions: read contents: read security-events: write strategy: fail-fast: true matrix: - language: [ 'javascript' ] + language: [ 'javascript-typescript' ] steps: - - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 with: persist-credentials: false - - uses: github/codeql-action/init@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - - uses: github/codeql-action/analyze@v3 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index d1b07822..21997102 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -1,10 +1,15 @@ -name: "Pull Request Labeler" +name: Pull Request Labeler + on: pull_request_target +permissions: + contents: read + pull-requests: write + jobs: label: runs-on: ubuntu-latest steps: - - uses: actions/labeler@main - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}"