From c22d8b0cc7d8eb6ce9b72f4855c584d23ed5eddc Mon Sep 17 00:00:00 2001 From: Jason Karns Date: Tue, 4 Jun 2024 10:36:03 -0400 Subject: [PATCH 1/2] Bump workflows --- .github/workflows/release.yml | 22 +++++-------------- ...ain-master.yml => sync-default-branch.yml} | 11 +++++----- .github/workflows/tag-major.yml | 7 +++--- .github/workflows/test.yml | 2 +- 4 files changed, 14 insertions(+), 28 deletions(-) rename .github/workflows/{sync-main-master.yml => sync-default-branch.yml} (81%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 790e775..aa57f12 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,22 +1,10 @@ name: Release on: push: { tags: 'v[0-9]+.[0-9]+.[0-9]+*' } - -permissions: { contents: read } +permissions: {} jobs: - github: - permissions: { contents: write } - uses: nodenv/.github/.github/workflows/release.yml@v3 - - npm: - runs-on: ubuntu-latest - permissions: { id-token: write } - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - registry-url: 'https://registry.npmjs.org' - - run: npm publish --provenance - env: - NODE_AUTH_TOKEN: ${{ secrets.NPMJS_TOKEN }} + release: + permissions: {contents: write, id-token: write} + uses: nodenv/.github/.github/workflows/release.yml@v4 + secrets: inherit diff --git a/.github/workflows/sync-main-master.yml b/.github/workflows/sync-default-branch.yml similarity index 81% rename from .github/workflows/sync-main-master.yml rename to .github/workflows/sync-default-branch.yml index b14ff4d..dd20794 100644 --- a/.github/workflows/sync-main-master.yml +++ b/.github/workflows/sync-default-branch.yml @@ -2,8 +2,12 @@ name: Sync Default Branch on: push: { branches: main } workflow_dispatch: +permissions: {contents: read} -permissions: { contents: read } +jobs: + sync: + permissions: {contents: write} + uses: nodenv/.github/.github/workflows/sync-default-branch.yml@v4 # One-time commands for users to switch-over: # @@ -13,8 +17,3 @@ permissions: { contents: read } # git branch -u origin/main main # git remote set-head origin -a # ``` - -jobs: - sync: - permissions: { contents: write } - uses: nodenv/.github/.github/workflows/sync-default-branch.yml@v3 diff --git a/.github/workflows/tag-major.yml b/.github/workflows/tag-major.yml index b590d50..2bbb11f 100644 --- a/.github/workflows/tag-major.yml +++ b/.github/workflows/tag-major.yml @@ -2,10 +2,9 @@ name: Tag Major Version on: push: { tags: "v*.*.*" } workflow_dispatch: - -permissions: { contents: read } +permissions: {} jobs: tag: - permissions: { contents: write } - uses: nodenv/.github/.github/workflows/tag-major.yml@v3 + permissions: {contents: write} + uses: nodenv/.github/.github/workflows/tag-major.yml@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8882c16..3042619 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,7 +1,7 @@ name: Test on: [push, pull_request, workflow_dispatch] -permissions: { contents: read } +permissions: {contents: read} jobs: test: From 88c11ee59e098ed9ef0a849483849b55ef846cea Mon Sep 17 00:00:00 2001 From: Jason Karns Date: Tue, 4 Jun 2024 10:40:06 -0400 Subject: [PATCH 2/2] Reuse test workflow --- .github/workflows/test.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3042619..e52565b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,19 +1,26 @@ name: Test -on: [push, pull_request, workflow_dispatch] - +on: + pull_request: + push: {branches: main} + schedule: [{cron: '0 0 10 * *'}] # monthly https://crontab.guru/#0_0_10_*_* + workflow_dispatch: permissions: {contents: read} jobs: test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - run: npm cit + uses: nodenv/.github/.github/workflows/test.yml@v4 + with: {superlinter: false} # TODO renable superlinter + permissions: + contents: read + packages: read + id-token: write + security-events: write + statuses: write - lint: + superlinter: runs-on: ubuntu-latest if: github.ref_name != github.event.repository.default_branch - permissions: { statuses: write } + permissions: {statuses: write} steps: - uses: actions/checkout@v4 with: { fetch-depth: 0 } # super-linter needs full git history