-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #446 from RalphHightower/RalphHightower-patch-959969
[improve](build): standardize workflows
- Loading branch information
Showing
9 changed files
with
32 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,7 +6,7 @@ | |
| # PRs introducing known-vulnerable packages will be blocked from merging. | ||
| # | ||
| # Source repository: https://github.com/actions/dependency-review-action | ||
| name: 'Dependency Review' | ||
| name: 'dependency – Dependency Review' | ||
| on: [pull_request] | ||
|
|
||
| permissions: | ||
|
|
@@ -16,12 +16,7 @@ jobs: | |
| dependency-review: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: 'Checkout Repository' | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| uses: actions/[email protected] | ||
| - name: 'Dependency Review' | ||
| uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 | ||
| uses: actions/[email protected] | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -31,22 +31,17 @@ jobs: | |
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Checkout | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| uses: actions/[email protected] | ||
| - name: Setup Ruby | ||
| uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 | ||
| uses: ruby/[email protected] | ||
| with: | ||
| ruby-version: '3.3.6' # Not needed with a .ruby-version file | ||
| bundler-cache: true # runs 'bundle install' and caches installed gems automatically | ||
| cache-version: 1 # Increment this number if you need to re-download cached gems | ||
| - name: Setup Pages | ||
| id: pages | ||
| uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 | ||
| uses: actions/[email protected] | ||
| - name: Build with Jekyll | ||
| # Outputs to the './_site' directory by default | ||
| run: bundle exec jekyll build --trace --incremental --baseurl "${{ steps.pages.outputs.base_path }}" | ||
|
|
@@ -56,7 +51,7 @@ jobs: | |
| LOG_LEVEL: debug | ||
| - name: Upload artifact | ||
| # Automatically uploads an artifact from the './_site' directory by default | ||
| uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | ||
| uses: actions/[email protected] | ||
|
|
||
| # Deployment job | ||
| deploy: | ||
|
|
@@ -66,11 +61,6 @@ jobs: | |
| runs-on: ubuntu-latest | ||
| needs: build | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Deploy to GitHub Pages | ||
| id: deployment | ||
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 | ||
| uses: actions/[email protected] | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,12 +21,7 @@ jobs: | |
| advisor: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: GitHubSecurityLab/actions-permissions/advisor@e80931f0826124db0a241ba9876c8e8eb3ca4d75 # v1.0.2-beta2 | ||
| - uses: GitHubSecurityLab/actions-permissions/[email protected] | ||
| with: | ||
| name: ${{ inputs.name }} | ||
| count: ${{ inputs.count }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| name: readme-checker.yml – Checks for suggested markdown | ||
| on: [push, pull_request] | ||
|
|
||
| permissions: | ||
|
|
@@ -7,15 +8,12 @@ jobs: | |
| lint: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: DavidAnson/markdownlint-cli2-action@eb5ca3ab411449c66620fe7f1b3c9e10547144b0 # v18.0.0 | ||
| - name: Checkout | ||
| uses: actions/[email protected] | ||
| - name: Checking markdown | ||
| uses: DavidAnson/[email protected] | ||
| with: | ||
| globs: | | ||
| *.md | ||
| _posts/*.md | ||
| **/*.md | ||
| !test/*.md | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| name: release-please.yml – Automate releases with Conventional Commit Messages. | ||
| on: | ||
| push: | ||
| branches: | ||
|
|
@@ -12,12 +13,7 @@ jobs: | |
| release-please: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3 | ||
| - uses: googleapis/[email protected] | ||
| with: | ||
| contents: write | ||
| # this assumes that you have created a personal access token | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| name: release.yml – Release | ||
| "on": | ||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| - main | ||
| - next | ||
| - beta | ||
| - "*.x" | ||
|
|
@@ -18,13 +18,8 @@ jobs: | |
| name: release | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | ||
| - uses: actions/[email protected] | ||
| - uses: actions/[email protected] | ||
| with: | ||
| cache: npm | ||
| node-version: lts/* | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,7 +16,7 @@ | |
| # under the License. | ||
|
|
||
|
|
||
| name: Semantic Pull Request | ||
| name: systematic-release.yml – Pull Request | ||
|
|
||
| on: | ||
| pull_request: | ||
|
|
@@ -40,12 +40,8 @@ jobs: | |
| main: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 | ||
| name: semantic release | ||
| uses: amannn/[email protected] | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,7 +3,7 @@ name: test.yml — Test | |
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| - main | ||
| # renovate/** branches are generated by https://github.com/apps/renovate | ||
| - renovate/** | ||
|
|
||
|
|
@@ -34,15 +34,15 @@ jobs: | |
|
|
||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/[email protected] | ||
| - run: git config --global user.name github-actions | ||
| - run: git config --global user.email [email protected] | ||
| - name: Use Node.js ${{ matrix.node-version }} | ||
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | ||
| uses: actions/[email protected] | ||
| with: | ||
| node-version: ${{ matrix.node-version }} | ||
| cache: npm | ||
|
|
@@ -56,16 +56,12 @@ jobs: | |
| timeout-minutes: 5 | ||
|
|
||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - name: Test | ||
| - uses: actions/[email protected] | ||
| - run: git config --global user.name github-actions | ||
| - run: git config --global user.email [email protected] | ||
| - name: Use Node.js from .nvmrc | ||
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | ||
| uses: actions/[email protected] | ||
| with: | ||
| node-version-file: .nvmrc | ||
| cache: npm | ||
|
|
@@ -82,11 +78,6 @@ jobs: | |
| - test_matrix | ||
| if: ${{ !cancelled() }} | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: All matrix versions passed | ||
| if: ${{ !(contains(needs.*.result, 'failure')) }} | ||
| run: exit 0 | ||
|
|
||