Skip to content

Commit c8ebf36

Browse files
author
asyncapi-bot
committed
ci: update of files from global .github repo
1 parent c5e1362 commit c8ebf36

3 files changed

Lines changed: 26 additions & 10 deletions

File tree

.github/workflows/bump.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ on:
1313
branches:
1414
- master
1515

16+
permissions:
17+
contents: read # To checkout code
18+
1619
jobs:
1720
bump-in-dependent-projects:
1821
name: Bump this package in repositories that depend on it
@@ -21,9 +24,11 @@ jobs:
2124
steps:
2225
- name: Checkout repo
2326
uses: actions/checkout@v4
27+
with:
28+
persist-credentials: false
2429
- name: Check if Node.js project and has package.json
2530
id: packagejson
26-
run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
31+
run: test -e ./package.json && echo "exists=true" >> "$GITHUB_OUTPUT" || echo "exists=false" >> "$GITHUB_OUTPUT"
2732
- name: Setup corepack with pnpm and yarn
2833
if: steps.packagejson.outputs.exists == 'true'
2934
run: corepack enable

.github/workflows/if-nodejs-release.yml

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,9 @@ on:
1818
- next
1919

2020
permissions:
21-
contents: write # to be able to publish a GitHub release
22-
issues: write # to be able to comment on released issues
23-
pull-requests: write # to be able to comment on released pull requests
24-
id-token: write # to enable use of OIDC for trusted publishing and npm provenance
21+
contents: read
2522

2623
jobs:
27-
2824
test-nodejs:
2925
# We just check the message of first commit as there is always just one commit because we squash into one before merging
3026
# "commits" contains array of objects where one of the properties is commit "message"
@@ -48,9 +44,11 @@ jobs:
4844
shell: bash
4945
- name: Checkout repository
5046
uses: actions/checkout@v4
47+
with:
48+
persist-credentials: false
5149
- name: Check if Node.js project and has package.json
5250
id: packagejson
53-
run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
51+
run: test -e ./package.json && echo "exists=true" >> "$GITHUB_OUTPUT" || echo "exists=false" >> "$GITHUB_OUTPUT"
5452
shell: bash
5553
- if: steps.packagejson.outputs.exists == 'true'
5654
name: Determine what node version to use
@@ -90,16 +88,23 @@ jobs:
9088
needs: [test-nodejs]
9189
name: Publish to any of NPM, Github, or Docker Hub
9290
runs-on: ubuntu-latest
91+
permissions:
92+
contents: write # to be able to publish a GitHub release
93+
issues: write # to be able to comment on released issues
94+
pull-requests: write # to be able to comment on released pull requests
95+
id-token: write # to enable use of OIDC for trusted publishing and npm provenance
9396
steps:
9497
- name: Set git to use LF #to once and for all finish neverending fight between Unix and Windows
9598
run: |
9699
git config --global core.autocrlf false
97100
git config --global core.eol lf
98101
- name: Checkout repository
99102
uses: actions/checkout@v4
103+
with:
104+
persist-credentials: false
100105
- name: Check if Node.js project and has package.json
101106
id: packagejson
102-
run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
107+
run: test -e ./package.json && echo "exists=true" >> "$GITHUB_OUTPUT" || echo "exists=false" >> "$GITHUB_OUTPUT"
103108
shell: bash
104109
- if: steps.packagejson.outputs.exists == 'true'
105110
name: Determine what node version to use

.github/workflows/if-nodejs-version-bump.yml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,15 @@ on:
99
types:
1010
- published
1111

12+
permissions: {}
13+
1214
jobs:
1315
version_bump:
1416
name: Generate assets and bump NodeJS
1517
runs-on: ubuntu-latest
18+
permissions:
19+
contents: write # required to create PR with bumped version in package.json
20+
pull-requests: write # required to create PR with bumped version in package.json
1621
steps:
1722
- name: Checkout repository
1823
uses: actions/checkout@v4
@@ -21,9 +26,10 @@ jobs:
2126
# in case release is created from release branch then we need to checkout from given branch
2227
# if @semantic-release/github is used to publish, the minimum version is 7.2.0 for proper working
2328
ref: ${{ github.event.release.target_commitish }}
29+
persist-credentials: false
2430
- name: Check if Node.js project and has package.json
2531
id: packagejson
26-
run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
32+
run: test -e ./package.json && echo "exists=true" >> "$GITHUB_OUTPUT" || echo "exists=false" >> "$GITHUB_OUTPUT"
2733
- if: steps.packagejson.outputs.exists == 'true'
2834
name: Determine what node version to use
2935
# This workflow is from our own org repo and safe to reference by 'master'.
@@ -59,7 +65,7 @@ jobs:
5965
RELEASE_TAG: ${{github.event.release.tag_name}}
6066
RELEASE_URL: ${{github.event.release.html_url}}
6167
with:
62-
token: ${{ secrets.GH_TOKEN }}
68+
token: ${{ github.token }}
6369
commit-message: 'chore(release): ${{ env.RELEASE_TAG }}'
6470
committer: asyncapi-bot <info@asyncapi.io>
6571
author: asyncapi-bot <info@asyncapi.io>

0 commit comments

Comments
 (0)