diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 00a61a7fb..26568f6d6 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -25,15 +25,19 @@ jobs: - web-api - webhook runs-on: ${{ matrix.os }} + permissions: + contents: read steps: - name: Configure git settings (Windows) if: matrix.os == 'windows-latest' run: | git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: ${{ matrix.node-version }} - run: npm --version @@ -81,12 +85,12 @@ jobs: working-directory: packages/${{ matrix.package }} - name: Check for coverage report existence id: check_coverage - uses: andstor/file-existence-action@v3 + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 with: files: packages/${{ matrix.package }}/coverage/lcov.info - name: Upload code coverage if: matrix.node-version == '22.x' && matrix.os == 'ubuntu-latest' && steps.check_coverage.outputs.files_exists == 'true' - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 with: token: ${{ secrets.CODECOV_TOKEN }} directory: packages/${{ matrix.package }}/coverage @@ -94,7 +98,7 @@ jobs: verbose: true - name: Upload test results to Codecov if: ${{ !cancelled() }} - uses: codecov/test-results-action@v1 + uses: codecov/test-results-action@f2dba722c67b86c6caa034178c6e4d35335f6706 # v1.1.0 with: file: packages/${{ matrix.package }}/coverage/test-results.xml flags: ${{ matrix.node-version }},${{ matrix.os }},${{ matrix.package }} diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 54523819e..ed18c4b1d 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -5,23 +5,26 @@ on: branches: - main paths: - - 'docs/**' + - "docs/**" push: branches: - main paths: - - 'docs/**' + - "docs/**" workflow_dispatch: jobs: build: name: Build Docusaurus runs-on: ubuntu-latest + permissions: + contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: actions/setup-node@v4 + persist-credentials: false + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 20 cache: npm @@ -36,7 +39,7 @@ jobs: working-directory: ./docs - name: Upload Build Artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 with: path: ./docs/build @@ -59,4 +62,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 \ No newline at end of file + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index d1275a94d..b37c13422 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -4,20 +4,19 @@ name: Close stale issues and PRs -on: +on: workflow_dispatch: schedule: - - cron: '0 0 * * 1' - -permissions: - issues: write - pull-requests: write + - cron: "0 0 * * 1" jobs: stale: runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write steps: - - uses: actions/stale@v9.1.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: days-before-issue-stale: 30 days-before-issue-close: 10 @@ -30,4 +29,4 @@ jobs: exempt-all-milestones: true remove-stale-when-updated: true enable-statistics: true - operations-per-run: 60 \ No newline at end of file + operations-per-run: 60