diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json index 88c80ed..add1fa3 100644 --- a/.github/linters/.jscpd.json +++ b/.github/linters/.jscpd.json @@ -1,3 +1,3 @@ { - "ignore": ["**/dist/**"] + "ignore": ["**/dist/**", "**/node_modules/**", "**/coverage/**"] } diff --git a/.github/workflows/__check-action.yml b/.github/workflows/__check-action.yml index c97464b..b06bdfc 100644 --- a/.github/workflows/__check-action.yml +++ b/.github/workflows/__check-action.yml @@ -3,222 +3,193 @@ name: Internal - Tests for action on: workflow_call: -permissions: - contents: read +permissions: {} jobs: - test-action-with-services: + test-action: runs-on: ubuntu-latest - name: Test with services - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + name: ${{ matrix.name }} - ${{ matrix.assertion-name }} + permissions: + contents: read + strategy: + fail-fast: false + matrix: + include: + - name: Given multiple services when filtering services + assertion-name: "Then only expected services run" + compose-file: ./test/docker-compose.yml + services: | + service-b + service-c + assertion: | + docker compose -f ./test/docker-compose.yml ps - - name: Act - uses: ./ - with: - compose-file: "./test/docker-compose.yml" - services: | - service-b - service-c + docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) + docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1) + (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true - - name: "Assert: only expected services are running" - run: | - docker compose -f ./test/docker-compose.yml ps + - name: Given compose file when applying down flags + assertion-name: "Then teardown honors down flags" + compose-file: ./test/docker-compose.yml + down-flags: "--volumes" + assertion: | + docker compose -f ./test/docker-compose.yml ps - docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) - docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1) - (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true + docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 || (echo "Service service-a is not running" && exit 1) + (docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 && echo "Service service-b should not be running without profile" && exit 1) || true + (docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 && echo "Service service-c should not be running without profile" && exit 1) || true - test-action-with-down-flags: - runs-on: ubuntu-latest - name: Test compose action - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Given compose profile when passing compose flags + assertion-name: "Then the requested profile is active" + compose-file: ./test/docker-compose.yml + compose-flags: "--profile profile-1" + down-flags: "--volumes" + assertion: | + docker compose -f ./test/docker-compose.yml -p profile-1 ps || (echo "Profile not used" && exit 1) - - name: Act - uses: ./ - with: - compose-file: "./test/docker-compose.yml" - down-flags: "--volumes" + - name: Given image supplied via env when running action + assertion-name: "Then compose uses the provided env" + compose-file: ./test/docker-compose-with-env.yml + image-name: busybox + assertion: | + docker compose -f ./test/docker-compose-with-env.yml ps - test-action-with-compose-flags: - runs-on: ubuntu-latest - name: Test with compose flags - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + docker compose -f ./test/docker-compose-with-env.yml ps | grep test-service-a-1 || (echo "Service service-a is not running" && exit 1) - - name: Act - uses: ./ - with: - compose-file: "./test/docker-compose.yml" - compose-flags: "--profile profile-1" - down-flags: "--volumes" + - name: Given multiple compose files when selecting services + assertion-name: "Then only services from selection run" + compose-file: | + ./test/docker-compose.yml + ./test/docker-compose.ci.yml + services: | + service-b + service-d + assertion: | + docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps - - name: "Assert: profile is used" - run: | - docker compose -f ./test/docker-compose.yml -p profile-1 ps || (echo "Profile not used" && exit 1) + docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) + docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-d-1 || (echo "Service service-d is not running" && exit 1) + (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true + (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-c-1 && echo "Unexpected service service-c is running" && exit 1) || true - test-action-with-env: - runs-on: ubuntu-latest - name: Test with env - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Given compose file in subdirectory when setting cwd + assertion-name: "Then only expected services run" + compose-file: docker-compose.yml + cwd: ./test + services: | + service-b + service-c + assertion: | + docker compose -f ./test/docker-compose.yml ps - - name: Act - uses: ./ - with: - compose-file: "./test/docker-compose-with-env.yml" - env: - IMAGE_NAME: busybox + docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) + docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1) + (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true - - name: "Assert: env is used" - env: - IMAGE_NAME: busybox - run: | - docker compose -f ./test/docker-compose-with-env.yml ps + - name: Given absolute compose path when running action + assertion-name: "Then only expected services run" + compose-file: test/docker-compose.yml + use-absolute-path: true + services: | + service-b + service-c + assertion: | + docker compose -f ./test/docker-compose.yml ps - docker compose -f ./test/docker-compose-with-env.yml ps | grep test-service-a-1 || (echo "Service service-a is not running" && exit 1) + docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) + docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1) + (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true - test-action-with-multiple-compose-files: - runs-on: ubuntu-latest - name: Test with multiple compose files - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Given compose with multiple services when using abort-on-container-exit + assertion-name: "Then execution stops on container exit" + compose-file: test/docker-compose-web-mysql.yml + up-flags: "--build --abort-on-container-exit --exit-code-from=web" + assertion: | + WEB_EXIT_CODE=$(docker compose -f ./test/docker-compose-web-mysql.yml ps web --all --format json | jq ".ExitCode") + [ "$WEB_EXIT_CODE" == "0" ] || (echo "Web service did not exit successfully" && exit 1) - - name: Act - uses: ./ - with: - compose-file: | - ./test/docker-compose.yml - ./test/docker-compose.ci.yml - services: | - service-b - service-d + MYSQL_STATE=$(docker compose -f ./test/docker-compose-web-mysql.yml ps mysql --all --format json | jq -r ".State") + if [ "$MYSQL_STATE" = "running" ]; then + echo "MySQL service is still running" + exit 1 + fi - - name: "Assert: only expected services are running" - run: | - docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps + - name: Given failing dependency when attaching dependencies + assertion-name: "Then failing service exits with code 1" + compose-file: test/docker-compose-fail.yml + up-flags: "--attach-dependencies" + assertion: | + EXIT_CODE=$(docker compose -f ./test/docker-compose-fail.yml ps service-a --all --format json | jq ".ExitCode") + [ "$EXIT_CODE" == "1" ] || (echo "Service service-a did not exit with code 1" && exit 1) - docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) - docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-d-1 || (echo "Service service-d is not running" && exit 1) - (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true - (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-c-1 && echo "Unexpected service service-c is running" && exit 1) || true + - name: Given compose version mismatch when requesting explicit version + assertion-name: "Then docker compose reports the requested version" + compose-file: ./test/docker-compose.yml + compose-version: "2.29.0" + expected-compose-version: "2.29.0" + ensure-version-mismatch: true + assertion: | + CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short) + echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION" - test-action-with-cwd: - runs-on: ubuntu-latest - name: Test with cwd - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then + echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version" + exit 1 + fi - - name: Act - uses: ./ - with: - compose-file: "docker-compose.yml" - cwd: "./test" - services: | - service-b - service-c + - name: Given compose version mismatch when requesting latest version + assertion-name: "Then docker compose reports the requested version" + compose-file: ./test/docker-compose.yml + compose-version: latest + fetch-latest-compose: true + ensure-version-mismatch: true + assertion: | + CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short) + echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION" - - name: "Assert: only expected services are running" - run: | - docker compose -f ./test/docker-compose.yml ps + if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then + echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version" + exit 1 + fi - docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) - docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1) - (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true + - name: Given custom docker context when providing docker flags + assertion-name: "Then docker compose uses that context" + compose-file: ./test/docker-compose.yml + compose-version: latest + docker-flags: "--context test-context" + docker-context: test-context + assertion: | + CURRENT_CONTEXT=$(docker context show) + if [ "$CURRENT_CONTEXT" != "test-context" ]; then + echo "Docker context is '$CURRENT_CONTEXT' instead of 'test-context'" + exit 1 + fi - test-action-with-absolute-path: - runs-on: ubuntu-latest - name: Test with absolute path - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + docker compose -f ./test/docker-compose.yml ps - - name: Act - uses: ./ - with: - compose-file: "${{ github.workspace }}/test/docker-compose.yml" - services: | - service-b - service-c + docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 || (echo "Service service-a is not running under custom context" && exit 1) + (docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 && echo "Service service-b should not be running without profile" && exit 1) || true - - name: "Assert: only expected services are running" - run: | - docker compose -f ./test/docker-compose.yml ps - - docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1) - docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1) - (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true - - test-abort-on-container-exit: - runs-on: ubuntu-latest - name: Test with --abort-on-container-exit - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Act - uses: ./ - with: - compose-file: "test/docker-compose-web-mysql.yml" - up-flags: "--build --abort-on-container-exit --exit-code-from=web" - - test-attach-dependencies-failure: - runs-on: ubuntu-latest - name: Test with --attach-dependencies and service failure - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Act - uses: ./ - with: - compose-file: "test/docker-compose-fail.yml" - up-flags: "--attach-dependencies" - - - name: Assert - run: | - EXIT_CODE=$(docker compose -f ./test/docker-compose-fail.yml ps service-a --all --format json | jq ".ExitCode") - [ "$EXIT_CODE" == "1" ] || (echo "Service service-a did not exit with code 1" && exit 1) - - test-action-with-compose-version: - runs-on: ubuntu-latest - name: Test with compose version env: - DOCKER_COMPOSE_VERSION: "2.29.0" + DOCKER_COMPOSE_VERSION: ${{ matrix.expected-compose-version || '' }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: "Arrange: ensure original docker compose version is not the expected one" - run: | - CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short) - echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION" - - if [ "$CURRENT_DOCKER_COMPOSE_VERSION" == "$DOCKER_COMPOSE_VERSION" ]; then - echo "Docker compose version is already in $DOCKER_COMPOSE_VERSION version" - exit 1 - fi - - - name: Act - uses: ./ + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: - compose-file: "./test/docker-compose.yml" - compose-version: "2.29.0" + persist-credentials: false - - name: "Assert: compose version is used" - run: | - CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short) - echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION" + - name: Set up Docker context + if: ${{ matrix.docker-context }} + uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0 + with: + context: ${{ matrix.docker-context }} - if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then - echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version" - exit 1 - fi - - test-action-with-compose-version-latest: - runs-on: ubuntu-latest - name: Test with compose version latest - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Resolve absolute compose path + if: ${{ matrix.use-absolute-path }} + id: compose-path + run: echo "absolute=${GITHUB_WORKSPACE}/${{ matrix.compose-file }}" >> "$GITHUB_OUTPUT" - name: "Arrange: retrieve latest version of docker compose" + if: ${{ matrix.fetch-latest-compose }} uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | @@ -230,6 +201,7 @@ jobs: core.exportVariable('DOCKER_COMPOSE_VERSION', dockerComposeVersion); - name: "Arrange: ensure original docker compose version is not the expected one" + if: ${{ matrix.ensure-version-mismatch }} run: | CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short) echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION" @@ -242,33 +214,19 @@ jobs: - name: Act uses: ./ with: - compose-file: "./test/docker-compose.yml" - compose-version: "latest" + compose-file: ${{ matrix.use-absolute-path && steps.compose-path.outputs.absolute || matrix.compose-file }} + services: ${{ matrix.services || '' }} + down-flags: ${{ matrix.down-flags || '' }} + compose-flags: ${{ matrix.compose-flags || '' }} + compose-version: ${{ matrix.compose-version || '' }} + cwd: ${{ matrix.cwd || '' }} + up-flags: ${{ matrix.up-flags || '' }} + docker-flags: ${{ matrix.docker-flags || '' }} + env: + IMAGE_NAME: ${{ matrix.image-name || '' }} - - name: "Assert: compose version is used" - run: | - CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short) - echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION" - - if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then - echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version" - exit 1 - fi - - test-action-with-docker-context: - runs-on: ubuntu-latest - name: Test with docker context - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Set up Docker - uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0 - with: - context: test-context - - - name: Act - uses: ./ - with: - docker-flags: "--context test-context" - compose-file: "./test/docker-compose.yml" - compose-version: "latest" + - name: ${{ matrix.assertion-name }} + if: ${{ matrix.assertion }} + run: ${{ matrix.assertion }} + env: + IMAGE_NAME: ${{ matrix.image-name || '' }} diff --git a/.github/workflows/__check-dist.yml b/.github/workflows/__check-dist.yml index 2cca280..5a724fd 100644 --- a/.github/workflows/__check-dist.yml +++ b/.github/workflows/__check-dist.yml @@ -3,20 +3,25 @@ name: Internal - Checks for dist on: workflow_call: -permissions: - contents: read +permissions: {} jobs: check-dist: name: Check dist runs-on: ubuntu-latest + permissions: + contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@0264395060bbde4ec3276b6dca84f0db828070f3 # 0.17.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + + - id: setup-node + uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@a9809af04394e66675b8644865be1ddcec02cdcd # 0.20.0 - name: Build dist/ Directory id: package - run: npm run package + run: ${{ steps.setup-node.outputs.run-script-command }} package # This will fail the workflow if the PR wasn't created by Dependabot. - name: Compare Directories @@ -27,13 +32,3 @@ jobs: git diff --ignore-space-at-eol --text dist/ exit 1 fi - - # If `dist/` was different than expected, and this was not a Dependabot - # PR, upload the expected version as a workflow artifact. - - if: ${{ failure() && steps.diff.outcome == 'failure' }} - name: Upload Artifact - id: upload - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 - with: - name: dist - path: dist/ diff --git a/.github/workflows/__check-nodejs.yml b/.github/workflows/__check-nodejs.yml index eabcebc..a47be0b 100644 --- a/.github/workflows/__check-nodejs.yml +++ b/.github/workflows/__check-nodejs.yml @@ -3,17 +3,16 @@ name: Internal - Checks for nodejs on: workflow_call: -permissions: - contents: read - security-events: write - id-token: write +permissions: {} jobs: test-nodejs: - uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@0264395060bbde4ec3276b6dca84f0db828070f3 # 0.17.0 + uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@a9809af04394e66675b8644865be1ddcec02cdcd # 0.20.0 permissions: - id-token: write - security-events: write contents: read + id-token: write + packages: read + pull-requests: write + security-events: write with: build: "" diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml index d8d5570..806bb10 100644 --- a/.github/workflows/__shared-ci.yml +++ b/.github/workflows/__shared-ci.yml @@ -3,17 +3,16 @@ name: Common Continuous Integration tasks on: workflow_call: -permissions: - actions: read - contents: read - packages: read - security-events: write - statuses: write - id-token: write +permissions: {} jobs: linter: - uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0 + uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1 + permissions: + actions: read + contents: read + security-events: write + statuses: write with: linter-env: | FILTER_REGEX_EXCLUDE=dist/**/* @@ -28,14 +27,24 @@ jobs: name: Test nodejs needs: linter uses: ./.github/workflows/__check-nodejs.yml + permissions: + contents: read + id-token: write + packages: read + pull-requests: write + security-events: write secrets: inherit check-dist: name: Test nodejs needs: linter uses: ./.github/workflows/__check-dist.yml + permissions: + contents: read check-action: name: Test action needs: [check-nodejs, check-dist] uses: ./.github/workflows/__check-action.yml + permissions: + contents: read diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 05319fa..986bc84 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -6,11 +6,12 @@ on: pull_request_target: branches: [main] -permissions: - contents: read - issues: write - pull-requests: write +permissions: {} jobs: greetings: - uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0 + uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1 + permissions: + contents: read + issues: write + pull-requests: write diff --git a/.github/workflows/main-ci.yml b/.github/workflows/main-ci.yml index e9586f3..1e57046 100644 --- a/.github/workflows/main-ci.yml +++ b/.github/workflows/main-ci.yml @@ -22,10 +22,11 @@ jobs: permissions: actions: read contents: read + id-token: write packages: read + pull-requests: write security-events: write statuses: write - id-token: write secrets: inherit release: @@ -37,7 +38,9 @@ jobs: outputs: artifact-id: ${{ steps.upload-artifact.outputs.artifact-id }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false - name: 📖 Generate documentation id: generate-documentation @@ -45,13 +48,13 @@ jobs: with: source: action.yml - - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 id: generate-token with: app-id: ${{ vars.CI_BOT_APP_ID }} private-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }} - - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0 + - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1 with: github-token: ${{ steps.generate-token.outputs.token }} branch: docs/actions-workflows-documentation-update diff --git a/.github/workflows/need-fix-to-issue.yml b/.github/workflows/need-fix-to-issue.yml index 164ddab..c8c3f9d 100644 --- a/.github/workflows/need-fix-to-issue.yml +++ b/.github/workflows/need-fix-to-issue.yml @@ -15,13 +15,14 @@ on: before it; to go back further, enter an earlier SHA here" required: false -permissions: - contents: read - issues: write +permissions: {} jobs: main: - uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0 + uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1 + permissions: + contents: read + issues: write with: manual-commit-ref: ${{ inputs.manual-commit-ref }} manual-base-ref: ${{ inputs.manual-base-ref }} diff --git a/.github/workflows/pull-request-ci.yml b/.github/workflows/pull-request-ci.yml index f0c2a6c..f4fe16a 100644 --- a/.github/workflows/pull-request-ci.yml +++ b/.github/workflows/pull-request-ci.yml @@ -5,13 +5,7 @@ on: pull_request: branches: [main] -permissions: - actions: read - contents: read - packages: read - statuses: write - security-events: write - id-token: write +permissions: {} concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -20,4 +14,12 @@ concurrency: jobs: ci: uses: ./.github/workflows/__shared-ci.yml + permissions: + actions: read + contents: read + id-token: write + packages: read + pull-requests: write + security-events: write + statuses: write secrets: inherit diff --git a/.github/workflows/release-new-action-version.yml b/.github/workflows/release-new-action-version.yml index 03c385d..b3c910d 100644 --- a/.github/workflows/release-new-action-version.yml +++ b/.github/workflows/release-new-action-version.yml @@ -13,15 +13,16 @@ on: env: TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} -permissions: - contents: write +permissions: {} jobs: update_tag: name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes + runs-on: ubuntu-latest + permissions: + contents: write environment: name: releaseNewActionVersion - runs-on: ubuntu-latest steps: - name: Update the ${{ env.TAG_NAME }} tag uses: actions/publish-action@23f4c6f12633a2da8f44938b71fde9afec138fb4 # v0.4.0 diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index ca52151..6afc844 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -7,10 +7,11 @@ on: - edited - synchronize -permissions: - contents: write - pull-requests: write +permissions: {} jobs: main: - uses: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0 + uses: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1 + permissions: + contents: write + pull-requests: write diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 71dab5a..859c8a3 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,10 +4,11 @@ on: schedule: - cron: "30 1 * * *" -permissions: - issues: write - pull-requests: write +permissions: {} jobs: main: - uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0 + uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1 + permissions: + issues: write + pull-requests: write diff --git a/.gitignore b/.gitignore index 47fb503..dcd2d55 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ lerna-debug.log* # Diagnostic reports (https://nodejs.org/api/report.html) report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json +eslint-report.json # Runtime data pids diff --git a/package.json b/package.json index 88df1a0..cb2e06f 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,8 @@ "package:post": "ncc build src/post.ts -o dist/post && mv dist/post/index.js dist/post.js && rm -rf dist/post", "package:watch": "npm run package -- --watch", "lint": "eslint \"src/**/*.{ts,tsx}\"", - "all": "npm run format && npm run lint && npm run test && npm run package", + "lint:ci": "npm run lint -- --output-file eslint-report.json --format json", + "all": "npm run format && npm run lint:ci && npm run test:ci && npm run package", "build": "tsc --noEmit", "format": "prettier --cache --write .", "jest": "jest --detectOpenHandles --forceExit",