From 67ce05ab18e4b92935d09025329065e5d79564e3 Mon Sep 17 00:00:00 2001 From: Okinea Dev Date: Tue, 15 Apr 2025 20:44:45 +0200 Subject: [PATCH 1/4] ci: add emojis to workflow names and improve their security --- .github/workflows/cr-comment.yml | 2 +- .github/workflows/cr.yml | 34 ++++++++++++++++------ .github/workflows/lock-threads.yml | 2 +- .github/workflows/release-tag.yml | 13 +++++++-- .github/workflows/stale.yml | 7 ++++- .github/workflows/test.yml | 16 +++++----- .github/contributing.md => CONTRIBUTING.md | 0 README.md | 2 +- 8 files changed, 53 insertions(+), 23 deletions(-) rename .github/contributing.md => CONTRIBUTING.md (100%) diff --git a/.github/workflows/cr-comment.yml b/.github/workflows/cr-comment.yml index 203b7e11a252..625035d1396b 100644 --- a/.github/workflows/cr-comment.yml +++ b/.github/workflows/cr-comment.yml @@ -1,4 +1,4 @@ -name: Add continuous release label +name: ๐Ÿ”– Add continuous release label on: issue_comment: diff --git a/.github/workflows/cr.yml b/.github/workflows/cr.yml index b8b833ef2f72..674a855236be 100644 --- a/.github/workflows/cr.yml +++ b/.github/workflows/cr.yml @@ -1,8 +1,12 @@ -name: CR +name: ๐Ÿ”„ CR env: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1' +permissions: + contents: read + packages: write + on: pull_request: branches: [main] @@ -24,8 +28,6 @@ on: tags-ignore: - '*' -permissions: {} - concurrency: group: ${{ github.workflow }}-${{ github.event.number }} cancel-in-progress: true @@ -36,12 +38,26 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v3 - - uses: actions/setup-node@v4 + - name: ๐Ÿ“ฅ Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: ๐Ÿ“ฆ Setup pnpm + uses: pnpm/action-setup@v3 + + - name: ๐Ÿ› ๏ธ Setup Node.js + uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm - - run: pnpm install - - run: pnpm build - - run: npx pkg-pr-new publish --compact --no-template --pnpm + cache-dependency-path: pnpm-lock.yaml + + - name: ๐Ÿ“ฆ Install dependencies + run: pnpm install --frozen-lockfile + + - name: ๐Ÿ› ๏ธ Build + run: pnpm build + + - name: ๐Ÿš€ Publish Package + run: npx pkg-pr-new publish --compact --no-template --pnpm diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml index c76a2acbbe50..c4494e89c048 100644 --- a/.github/workflows/lock-threads.yml +++ b/.github/workflows/lock-threads.yml @@ -1,4 +1,4 @@ -name: Lock Threads +name: ๐Ÿ”’ Lock Threads on: schedule: diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 84a034870610..8013a204e416 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -1,4 +1,9 @@ -name: Release +name: ๐Ÿš€ Release + +permissions: + contents: write + issues: write + pull-requests: write on: push: @@ -11,10 +16,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout + - name: ๐Ÿ“ฅ Checkout uses: actions/checkout@v4 + with: + persist-credentials: true - - name: Create Release for Tag + - name: ๐Ÿ”– Create Release for Tag id: release_tag uses: yyx990803/release-tag@master env: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f5826155df41..0c723d665f0b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,4 +1,9 @@ -name: Close stale issues and PRs +name: โ›” Close stale issues and PRs + +permissions: + issues: write + pull-requests: write + on: workflow_dispatch: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 51d3fffe8509..68782d19c463 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,4 +1,4 @@ -name: Test +name: ๐Ÿงช Test on: push: @@ -26,25 +26,27 @@ jobs: runs-on: ${{ matrix.os }} steps: - - name: Checkout + - name: ๐Ÿ“ฅ Checkout uses: actions/checkout@v4 + with: + persist-credentials: false - - name: Install pnpm + - name: ๐Ÿ“ฆ Install pnpm uses: pnpm/action-setup@v3 - - name: Set node version to ${{ matrix.node_version }} + - name: ๐Ÿ› ๏ธ Set node version to ${{ matrix.node_version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node_version }} cache: pnpm - - name: Install deps + - name: ๐Ÿ“ฆ Install dependencies run: pnpm install env: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 - - name: Install Playwright + - name: ๐ŸŽญ Install Playwright run: pnpm playwright install chromium - - name: Check + - name: โœ… Check run: pnpm check diff --git a/.github/contributing.md b/CONTRIBUTING.md similarity index 100% rename from .github/contributing.md rename to CONTRIBUTING.md diff --git a/README.md b/README.md index 134226a4966c..44e65e7c52c2 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Detailed changes for each release are documented in the [CHANGELOG](https://gith ## Contribution -Please make sure to read the [Contributing Guide](https://github.com/vuejs/vitepress/blob/main/.github/contributing.md) before making a pull request. +Please make sure to read the [Contributing Guide](https://github.com/vuejs/vitepress/blob/main/contributing.md) before making a pull request. ## License From 04128280a1d75bf30f75ac7f9dc90ba0f539f832 Mon Sep 17 00:00:00 2001 From: Okinea Dev Date: Wed, 16 Apr 2025 09:21:48 +0200 Subject: [PATCH 2/4] fix --- .github/workflows/cr.yml | 5 +---- .github/workflows/release-tag.yml | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cr.yml b/.github/workflows/cr.yml index 674a855236be..040b30c076f0 100644 --- a/.github/workflows/cr.yml +++ b/.github/workflows/cr.yml @@ -3,9 +3,7 @@ name: ๐Ÿ”„ CR env: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1' -permissions: - contents: read - packages: write +permissions: {} on: pull_request: @@ -51,7 +49,6 @@ jobs: with: node-version: 22 cache: pnpm - cache-dependency-path: pnpm-lock.yaml - name: ๐Ÿ“ฆ Install dependencies run: pnpm install --frozen-lockfile diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 8013a204e416..6d796ac454be 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -2,8 +2,6 @@ name: ๐Ÿš€ Release permissions: contents: write - issues: write - pull-requests: write on: push: @@ -28,5 +26,4 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref }} - body: | - Please refer to [CHANGELOG.md](https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md) for details. + body: Please refer to [CHANGELOG.md](https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md) for details. From 3f6e53f73064d7185dea0629d7b31e8560a7b6d7 Mon Sep 17 00:00:00 2001 From: Okinea Dev Date: Wed, 16 Apr 2025 13:27:34 +0200 Subject: [PATCH 3/4] remove permissions and checkout step in `release-tag.yml` --- .github/workflows/release-tag.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 6d796ac454be..65f1100f102f 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -1,7 +1,6 @@ name: ๐Ÿš€ Release -permissions: - contents: write +permissions: {} on: push: @@ -14,11 +13,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: ๐Ÿ“ฅ Checkout - uses: actions/checkout@v4 - with: - persist-credentials: true - - name: ๐Ÿ”– Create Release for Tag id: release_tag uses: yyx990803/release-tag@master From d6de51ecdc1fc7ca341663a9e409ff99043f7d21 Mon Sep 17 00:00:00 2001 From: Okinea Dev Date: Wed, 16 Apr 2025 13:29:19 +0200 Subject: [PATCH 4/4] move `contributing.md` back --- CONTRIBUTING.md => .github/contributing.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename CONTRIBUTING.md => .github/contributing.md (100%) diff --git a/CONTRIBUTING.md b/.github/contributing.md similarity index 100% rename from CONTRIBUTING.md rename to .github/contributing.md