diff --git a/.github/workflows/alpha-release.yml b/.github/workflows/alpha-release.yml index 6fd0a85a..544711f8 100644 --- a/.github/workflows/alpha-release.yml +++ b/.github/workflows/alpha-release.yml @@ -1,5 +1,5 @@ name: Release Alpha -run-name: Release Alpha ${{ github.actor }} ${{ github.event_name }} +run-name: Release Alpha ${{ inputs.version }} ${{ github.actor }} ${{ github.event_name }} on: workflow_dispatch: @@ -9,6 +9,9 @@ on: required: false default: 'main' +permissions: + contents: read + jobs: create-alpha-tag: runs-on: ubuntu-latest @@ -42,9 +45,9 @@ jobs: fi git tag "$TAG" - git push origin "$TAG" echo "Created tag from branch=$(git rev-parse --abbrev-ref HEAD), commit=$(git rev-parse HEAD), tag=$(git describe --tags --exact-match)" + git push origin "$TAG" echo "tag=$TAG" >> $GITHUB_OUTPUT call-release: diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index b7cc072a..3133f7ba 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -8,6 +8,9 @@ on: - cron: '0 9 * * 3' workflow_dispatch: +permissions: + contents: read + jobs: get-configs: uses: ./.github/workflows/configs.yml diff --git a/.github/workflows/beta-release.yml b/.github/workflows/beta-release.yml index e2aeea34..484a9015 100644 --- a/.github/workflows/beta-release.yml +++ b/.github/workflows/beta-release.yml @@ -4,6 +4,9 @@ run-name: Release Beta ${{ inputs.version }} ${{ github.actor }} ${{ github.even on: workflow_dispatch: +permissions: + contents: read + jobs: create-beta-tag: runs-on: ubuntu-latest @@ -30,9 +33,9 @@ jobs: TAG="v${PKG_VERSION}-beta" git tag "$TAG" - git push origin "$TAG" echo "Created tag from branch=$(git rev-parse --abbrev-ref HEAD), commit=$(git rev-parse HEAD), tag=$(git describe --tags --exact-match)" + git push origin "$TAG" echo "tag=$TAG" >> $GITHUB_OUTPUT call-release: diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 18efdfe9..be8cc145 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -28,6 +28,9 @@ on: required: true type: string +permissions: + contents: read + jobs: get-configs: uses: ./.github/workflows/configs.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 99b2b1b5..158f26a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,9 @@ on: push: branches: [ main ] +permissions: + contents: read + jobs: build-and-test: uses: ./.github/workflows/build-and-test.yml diff --git a/.github/workflows/configs.yml b/.github/workflows/configs.yml index 8c3bece8..f2705f0e 100644 --- a/.github/workflows/configs.yml +++ b/.github/workflows/configs.yml @@ -13,6 +13,9 @@ on: description: "Application name" value: ${{ jobs.get-app-name.outputs.app-name }} +permissions: + contents: read + jobs: get-versions: runs-on: ubuntu-latest diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 9a312b0c..024482a9 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -5,6 +5,9 @@ on: types: [opened, edited, reopened, synchronize] branches: [ main ] +permissions: + contents: read + jobs: get-configs: uses: ./.github/workflows/configs.yml diff --git a/.github/workflows/prod-release.yml b/.github/workflows/prod-release.yml index e3b72b6f..f4bc25e4 100644 --- a/.github/workflows/prod-release.yml +++ b/.github/workflows/prod-release.yml @@ -9,6 +9,9 @@ on: required: true type: string +permissions: + contents: read + jobs: promote-beta-to-prod: runs-on: ubuntu-latest @@ -46,9 +49,9 @@ jobs: # Create and push production tag git tag "$PROD_TAG" - git push origin "$PROD_TAG" - echo "Created tag from branch=$(git rev-parse --abbrev-ref HEAD), commit=$(git rev-parse HEAD), tag=$(git describe --tags --exact-match)" + + git push origin "$PROD_TAG" echo "tag=$PROD_TAG" >> $GITHUB_OUTPUT call-release: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fd206925..0074a692 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,6 +16,9 @@ on: required: true type: string +permissions: + contents: read + jobs: get-configs: uses: ./.github/workflows/configs.yml diff --git a/tools/benchmark.ts b/tools/benchmark.ts index 8c3462e2..87026c79 100644 --- a/tools/benchmark.ts +++ b/tools/benchmark.ts @@ -1,5 +1,13 @@ #!/usr/bin/env node --expose-gc +import { TelemetryService } from '../src/telemetry/TelemetryService'; +import { LoggerFactory } from '../src/telemetry/LoggerFactory'; + +LoggerFactory.initialize('silent'); +TelemetryService.initialize(undefined, { + telemetryEnabled: false, +}); + import { ContextManager } from '../src/context/ContextManager'; import { SyntaxTreeManager } from '../src/context/syntaxtree/SyntaxTreeManager'; import { readFileSync, writeFileSync, readdirSync, existsSync, mkdirSync } from 'fs'; @@ -9,8 +17,6 @@ import yargs from 'yargs'; import { hideBin } from 'yargs/helpers'; import { discoverTemplateFiles, generatePositions, TestPosition } from './utils'; import { DocumentType } from '../src/document/Document'; -import { TelemetryService } from '../src/telemetry/TelemetryService'; -import { LoggerFactory } from '../src/telemetry/LoggerFactory'; /** * This script benchmarks the performance of context resolution for CloudFormation templates, @@ -854,11 +860,6 @@ function main(): void { process.exit(1); } - LoggerFactory.initialize('silent'); - TelemetryService.initialize(undefined, { - telemetryEnabled: false, - }); - console.log(`📋 Found ${templateFiles.length} template files (sorted by size):`); for (const { name, documentType, size } of templateFiles) { const sizeKB = (size / 1024).toFixed(2);