Skip to content

Commit fd76fb4

Browse files
setup(ci): update + clean
1 parent 3af7c48 commit fd76fb4

7 files changed

Lines changed: 29 additions & 47 deletions

File tree

.github/workflows/code-quality.yml

Lines changed: 6 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -37,40 +37,18 @@ permissions:
3737
contents: read
3838

3939
jobs:
40-
get-matrix:
41-
name: Get Node + OS matrix
42-
runs-on: ubuntu-latest
40+
lint-and-types:
41+
name: Lint & types
42+
runs-on: ubuntu-slim
4343

4444
if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
4545

46-
outputs:
47-
latest: ${{ steps.set-matrix.outputs.requireds }}
4846
steps:
4947
- name: Harden the runner (Audit all outbound calls)
5048
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
5149
with:
5250
egress-policy: audit
5351

54-
- uses: ljharb/actions/node/matrix@7f214d8efdbdcefc96ad9689663ef387a195deec # main
55-
id: set-matrix
56-
with:
57-
versionsAsRoot: true
58-
type: majors
59-
preset: ">= 22" # glob is not backported below 22.x
60-
61-
lint-and-types:
62-
name: Lint & types
63-
runs-on: ubuntu-slim
64-
65-
if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
66-
67-
steps:
68-
# FIXME https://github.com/step-security/harden-runner/issues/627
69-
# - name: Harden the runner (Audit all outbound calls)
70-
# uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
71-
# with:
72-
# egress-policy: audit
73-
7452
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
7553
with:
7654
persist-credentials: false
@@ -91,7 +69,7 @@ jobs:
9169
matrix:
9270
os:
9371
- macos-latest
94-
- ubuntu-latest
72+
- ubuntu-slim
9573
- windows-latest
9674

9775
steps:
@@ -106,7 +84,9 @@ jobs:
10684
persist-credentials: false
10785
show-progress: false
10886

87+
# ubuntu-slim already include lts node so we don't need to setup node on ubuntu-slim runner
10988
- name: Set up Node.js
89+
if: ${{ matrix.os != 'ubuntu-slim' }}
11090
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
11191
with:
11292
cache: "npm"

.github/workflows/codemod_publish.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,16 @@ jobs:
3232

3333
steps:
3434
- name: Harden Runner
35-
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
35+
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
3636
with:
37-
egress-policy: audit
37+
egress-policy: block
38+
allowed-endpoints: >
39+
api.github.com:443
40+
app.codemod.com:443
41+
github.com:443
42+
registry.npmjs.org:443
43+
release-assets.githubusercontent.com:443
44+
us.i.posthog.com:443
3845
3946
- name: Checkout repository
4047
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

.github/workflows/dir-organisation.yml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,10 @@ jobs:
2727
if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
2828

2929
steps:
30-
# FIXME https://github.com/step-security/harden-runner/issues/627
31-
# - name: Harden the runner (Audit all outbound calls)
32-
# uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
33-
# with:
34-
# egress-policy: audit
30+
- name: Harden the runner (Audit all outbound calls)
31+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
32+
with:
33+
egress-policy: audit
3534

3635
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
3736
with:

.github/workflows/lint-workflows.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,12 @@ permissions:
2525
contents: read
2626

2727
jobs:
28-
2928
validate-yaml:
3029
name: Validate YAML files
3130

3231
if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
3332

34-
runs-on: ubuntu-latest
33+
runs-on: ubuntu-slim
3534

3635
steps:
3736
- name: Harden the runner (Audit all outbound calls)

.github/workflows/pr.yml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,10 @@ jobs:
2323
if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
2424

2525
steps:
26-
# FIXME https://github.com/step-security/harden-runner/issues/627
27-
# - name: Harden Runner
28-
# uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
29-
# with:
30-
# egress-policy: audit
26+
- name: Harden Runner
27+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
28+
with:
29+
egress-policy: audit
3130

3231
- name: Checkout
3332
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

.github/workflows/workflow-tests.yml

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,19 +25,17 @@ permissions:
2525
contents: read
2626

2727
jobs:
28-
2928
run-workflow-script-tests:
3029
name: Test scripts
3130
runs-on: ubuntu-slim
3231

3332
if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
3433

3534
steps:
36-
# FIXME https://github.com/step-security/harden-runner/issues/627
37-
# - name: Harden the runner (Audit all outbound calls)
38-
# uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
39-
# with:
40-
# egress-policy: audit
35+
- name: Harden the runner (Audit all outbound calls)
36+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
37+
with:
38+
egress-policy: audit
4139

4240
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
4341
with:

.nvmrc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
24
1+
lts/*

0 commit comments

Comments
 (0)