actions/github-script
1
0
Fork 0
mirror of https://github.com/actions/github-script.git synced 2025-12-08 08:06:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #531 from actions/joshmgross/update-workflows

Browse Source 
Define `permissions` in workflows and update actions
This commit is contained in:
Josh Gross
2025-01-29 11:20:46 -05:00
committed by GitHub
parent c94e1c45ff 19e58d8525
commit 08caaddc54
10 changed files with 41 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/install-dependencies/action.yml vendored
View File

@@ -3,7 +3,7 @@ description: 'Set up node and install dependencies'
runs:
using: 'composite'
steps:
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: '20.x'
cache: npm

5
.github/workflows/check-dist.yml vendored
View File

@@ -13,12 +13,15 @@ on:
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
check-dist:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/install-dependencies

5
.github/workflows/ci.yml vendored
View File

@@ -6,11 +6,14 @@ on:
pull_request:
branches: [main]
permissions:
contents: read
jobs:
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/install-dependencies
- run: npm run style:check
- run: npm test

8
.github/workflows/codeql-analysis.yml vendored
View File

@@ -38,11 +38,11 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3
# Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,4 +69,4 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3

17
.github/workflows/integration.yml vendored
View File

@@ -6,12 +6,15 @@ on:
pull_request:
branches: [main]
permissions:
contents: read
jobs:
test-return:
name: 'Integration test: return'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- id: output-set
uses: ./
with:
@@ -31,7 +34,7 @@ jobs:
name: 'Integration test: relative-path require'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- id: relative-require
uses: ./
with:
@@ -49,7 +52,7 @@ jobs:
name: 'Integration test: npm package require'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/install-dependencies
- id: npm-require
uses: ./
@@ -69,7 +72,7 @@ jobs:
name: 'Integration test: GraphQL previews option'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/install-dependencies
- id: previews-default
name: Default previews not set
@@ -122,7 +125,7 @@ jobs:
name: 'Integration test: user-agent option'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/install-dependencies
- id: user-agent-default
name: Default user-agent not set
@@ -179,7 +182,7 @@ jobs:
name: "Integration test: debug option (runner.debug mode ${{ matrix.environment && 'enabled' || 'disabled' }})"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/install-dependencies
- id: debug-default
name: Default debug not set
@@ -253,7 +256,7 @@ jobs:
name: 'Integration test: base-url option'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/install-dependencies
- id: base-url-default

5
.github/workflows/licensed.yml vendored
View File

@@ -8,12 +8,15 @@ on:
branches:
- main
permissions:
contents: read
jobs:
test:
runs-on: ubuntu-latest
name: Check licenses
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0 # prefer to use a full fetch for licensed workflows
# https://github.com/jonabc/setup-licensed/releases/tag/v1.1.1

2
.github/workflows/publish-immutable-actions.yml vendored
View File

@@ -17,4 +17,4 @@ jobs:
uses: actions/checkout@v4
- name: Publish
id: publish
uses: actions/publish-immutable-action@0.0.3
uses: actions/publish-immutable-action@0.0.4

12
.github/workflows/pull-request-test.yml vendored
View File

@@ -5,11 +5,15 @@ on:
branches: [main]
types: [opened, synchronize]
permissions:
contents: read
pull-requests: write
jobs:
pull-request-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./
with:
script: |
@@ -20,9 +24,9 @@ jobs:
issue_number: context.payload.number,
})
// Find any comment already made by the bot.
const botComment = comments.find(comment => comment.user.id === 41898282)
const commentBody = "Hello from actions/github-script! (${{ github.sha }})"
// Find any comment already made by the bot.
const botComment = comments.find(comment => comment.user.id === 41898282)
const commentBody = "Hello from actions/github-script! (${{ github.sha }})"
if (context.payload.pull_request.head.repo.full_name !== 'actions/github-script') {
console.log('Not attempting to write comment on PR from fork');

31
.github/workflows/stale.yml vendored
View File

@@ -1,31 +0,0 @@
name: Stale Issues & PRs
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
mark_stale:
name: Mark issues and PRs as stale
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
exempt-issue-labels: Not Stale
exempt-pr-labels: Not Stale
stale-issue-message: >
This issue is stale because it has been open for 60 days with no
activity. Remove the "Stale" label or comment on the issue, or it
will be closed in 7 days.
stale-pr-message: >
This pull request is stale because it has been open for 60 days
with no activity. Remove the "Stale" label or comment on the pull
request, or it will be closed in 7 days.
close-issue-message: >
This issue has been marked as stale and closed due to no activity
on it.
close-pr-message: >
This pull request has been marked as stale and closed due to no
activity on it.

10
README.md
View File

@@ -305,7 +305,7 @@ jobs:
echo-input:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/github-script@v7
with:
script: |
@@ -343,7 +343,7 @@ jobs:
echo-input:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/github-script@v7
env:
SHA: '${{env.parentSHA}}'
@@ -381,8 +381,8 @@ jobs:
echo-input:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20.x'
- run: npm ci
@@ -417,7 +417,7 @@ jobs:
print-stuff:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/github-script@v7
with:
script: |