mirror of
https://github.com/actions/github-script.git
synced 2025-12-08 16:16:21 +00:00
Define permissions in workflows and update actions
This commit is contained in:
Josh Gross
@@ -3,7 +3,7 @@ description: 'Set up node and install dependencies'
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
- uses: actions/setup-node@v3
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '20.x'
|
||||
cache: npm
|
||||
|
||||
5
.github/workflows/check-dist.yml
vendored
5
.github/workflows/check-dist.yml
vendored
@@ -13,12 +13,15 @@ on:
|
||||
pull_request:
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
check-dist:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
|
||||
|
||||
5
.github/workflows/ci.yml
vendored
5
.github/workflows/ci.yml
vendored
@@ -6,11 +6,14 @@ on:
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
ci:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
- run: npm run style:check
|
||||
- run: npm test
|
||||
|
||||
8
.github/workflows/codeql-analysis.yml
vendored
8
.github/workflows/codeql-analysis.yml
vendored
@@ -38,11 +38,11 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
uses: github/codeql-action/init@v3
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
@@ -56,7 +56,7 @@ jobs:
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v2
|
||||
uses: github/codeql-action/autobuild@v3
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
|
||||
@@ -69,4 +69,4 @@ jobs:
|
||||
# ./location_of_script_within_repo/buildscript.sh
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
uses: github/codeql-action/analyze@v3
|
||||
|
||||
17
.github/workflows/integration.yml
vendored
17
.github/workflows/integration.yml
vendored
@@ -6,12 +6,15 @@ on:
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
test-return:
|
||||
name: 'Integration test: return'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- id: output-set
|
||||
uses: ./
|
||||
with:
|
||||
@@ -31,7 +34,7 @@ jobs:
|
||||
name: 'Integration test: relative-path require'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- id: relative-require
|
||||
uses: ./
|
||||
with:
|
||||
@@ -49,7 +52,7 @@ jobs:
|
||||
name: 'Integration test: npm package require'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
- id: npm-require
|
||||
uses: ./
|
||||
@@ -69,7 +72,7 @@ jobs:
|
||||
name: 'Integration test: GraphQL previews option'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
- id: previews-default
|
||||
name: Default previews not set
|
||||
@@ -122,7 +125,7 @@ jobs:
|
||||
name: 'Integration test: user-agent option'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
- id: user-agent-default
|
||||
name: Default user-agent not set
|
||||
@@ -179,7 +182,7 @@ jobs:
|
||||
name: "Integration test: debug option (runner.debug mode ${{ matrix.environment && 'enabled' || 'disabled' }})"
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
- id: debug-default
|
||||
name: Default debug not set
|
||||
@@ -253,7 +256,7 @@ jobs:
|
||||
name: 'Integration test: base-url option'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
|
||||
- id: base-url-default
|
||||
|
||||
5
.github/workflows/licensed.yml
vendored
5
.github/workflows/licensed.yml
vendored
@@ -8,12 +8,15 @@ on:
|
||||
branches:
|
||||
- main
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
name: Check licenses
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0 # prefer to use a full fetch for licensed workflows
|
||||
# https://github.com/jonabc/setup-licensed/releases/tag/v1.1.1
|
||||
|
||||
@@ -17,4 +17,4 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
- name: Publish
|
||||
id: publish
|
||||
uses: actions/publish-immutable-action@0.0.3
|
||||
uses: actions/publish-immutable-action@0.0.4
|
||||
|
||||
12
.github/workflows/pull-request-test.yml
vendored
12
.github/workflows/pull-request-test.yml
vendored
@@ -5,11 +5,15 @@ on:
|
||||
branches: [main]
|
||||
types: [opened, synchronize]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
pull-request-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: ./
|
||||
with:
|
||||
script: |
|
||||
@@ -20,9 +24,9 @@ jobs:
|
||||
issue_number: context.payload.number,
|
||||
})
|
||||
|
||||
// Find any comment already made by the bot.
|
||||
const botComment = comments.find(comment => comment.user.id === 41898282)
|
||||
const commentBody = "Hello from actions/github-script! (${{ github.sha }})"
|
||||
// Find any comment already made by the bot.
|
||||
const botComment = comments.find(comment => comment.user.id === 41898282)
|
||||
const commentBody = "Hello from actions/github-script! (${{ github.sha }})"
|
||||
|
||||
if (context.payload.pull_request.head.repo.full_name !== 'actions/github-script') {
|
||||
console.log('Not attempting to write comment on PR from fork');
|
||||
|
||||
31
.github/workflows/stale.yml
vendored
31
.github/workflows/stale.yml
vendored
@@ -1,31 +0,0 @@
|
||||
name: Stale Issues & PRs
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
mark_stale:
|
||||
name: Mark issues and PRs as stale
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/stale@v3
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
exempt-issue-labels: Not Stale
|
||||
exempt-pr-labels: Not Stale
|
||||
stale-issue-message: >
|
||||
This issue is stale because it has been open for 60 days with no
|
||||
activity. Remove the "Stale" label or comment on the issue, or it
|
||||
will be closed in 7 days.
|
||||
stale-pr-message: >
|
||||
This pull request is stale because it has been open for 60 days
|
||||
with no activity. Remove the "Stale" label or comment on the pull
|
||||
request, or it will be closed in 7 days.
|
||||
close-issue-message: >
|
||||
This issue has been marked as stale and closed due to no activity
|
||||
on it.
|
||||
close-pr-message: >
|
||||
This pull request has been marked as stale and closed due to no
|
||||
activity on it.
|
||||
10
README.md
10
README.md
@@ -305,7 +305,7 @@ jobs:
|
||||
echo-input:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/github-script@v7
|
||||
with:
|
||||
script: |
|
||||
@@ -343,7 +343,7 @@ jobs:
|
||||
echo-input:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/github-script@v7
|
||||
env:
|
||||
SHA: '${{env.parentSHA}}'
|
||||
@@ -381,8 +381,8 @@ jobs:
|
||||
echo-input:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/setup-node@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '20.x'
|
||||
- run: npm ci
|
||||
@@ -417,7 +417,7 @@ jobs:
|
||||
print-stuff:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/github-script@v7
|
||||
with:
|
||||
script: |
|
||||
|
||||
Reference in New Issue
Block a user