diff --git a/.github/workflows/alpha.release.yml b/.github/workflows/alpha.release.yml index 709c2da4..44c69b6e 100644 --- a/.github/workflows/alpha.release.yml +++ b/.github/workflows/alpha.release.yml @@ -25,7 +25,10 @@ jobs: alpha-release: name: Alpha Release runs-on: ubuntu-latest - permissions: write-all + permissions: + contents: write + packages: write + id-token: write strategy: matrix: @@ -33,7 +36,7 @@ jobs: steps: - name: ⬇️ Checkout Repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -44,6 +47,8 @@ jobs: - name: 🔧 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: 9.15.9 - name: 🔧 Setup NPM run: | @@ -52,7 +57,7 @@ jobs: npm whoami - name: 🔧 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -60,6 +65,17 @@ jobs: - name: 🧩 Install Dependencies run: pnpm pnpm.install.workaround + - name: 🔄 Validate Package Directory + run: | + if [[ ! "${{ github.event.inputs.package_dir }}" =~ ^packages/[a-zA-Z0-9_-]+$ ]]; then + echo "Invalid package directory: ${{ github.event.inputs.package_dir }}" + exit 1 + fi + if [[ ! -d "${{ github.event.inputs.package_dir }}" ]]; then + echo "Package directory does not exist: ${{ github.event.inputs.package_dir }}" + exit 1 + fi + - name: 🔄 Navigate to Package Directory run: | cd ${{ github.event.inputs.package_dir }} diff --git a/.github/workflows/deploy-visual-reporter.yml b/.github/workflows/deploy-visual-reporter.yml index c3af53b2..77fe3507 100644 --- a/.github/workflows/deploy-visual-reporter.yml +++ b/.github/workflows/deploy-visual-reporter.yml @@ -26,8 +26,12 @@ jobs: steps: - name: ⬇️ Checkout Repository uses: actions/checkout@v4 + - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: 9.15.9 + - name: 🟢 Setup Node.js ${{ matrix.node-version }} uses: actions/setup-node@v3 with: @@ -35,6 +39,7 @@ jobs: cache: pnpm - name: 🧩 Install Dependencies run: pnpm pnpm.install.workaround + - name: 🏗️ Build working-directory: packages/visual-reporter run: | @@ -42,12 +47,15 @@ jobs: pnpm script:prepare.report env: GITHUB_PAGES: "/visual-testing/" + - name: ⚙️ Setup Pages uses: actions/configure-pages@v5 + - name: 📤 Upload artifact uses: actions/upload-pages-artifact@v3 with: path: "packages/visual-reporter/build/client" + - name: 🚀 Deploy to GitHub Pages id: deployment uses: actions/deploy-pages@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3e34e10a..10778fc4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,10 @@ jobs: release: name: Release runs-on: ubuntu-latest - permissions: write-all + permissions: + contents: write + packages: write + id-token: write strategy: matrix: @@ -21,7 +24,7 @@ jobs: steps: - name: ⬇️ Checkout Repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: 🔧 Setup Git run: | @@ -30,6 +33,8 @@ jobs: - name: 🔧 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: 9.15.9 - name: 🔧 Setup NPM run: | @@ -38,7 +43,7 @@ jobs: npm whoami - name: 🔧 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4ab92824..3372b8ba 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -5,7 +5,13 @@ on: branches: - main pull_request: - pull_request_target: + +permissions: + contents: read + pull-requests: read + +env: + PNPM_VERSION: 9.15.9+sha256.cf86a7ad764406395d4286a6d09d730711720acc6d93e9dce9ac7ac4dc4a28a7 jobs: dependency-check: @@ -40,18 +46,15 @@ jobs: steps: - name: ⬇️ Checkout Repository - uses: actions/checkout@v3 - - - name: ⬇️ Checkout PR Repository - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} + uses: actions/checkout@v4 - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - name: 🟢 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -78,20 +81,15 @@ jobs: steps: - name: ⬇️ Checkout Repository - if: ${{ github.event_name != 'pull_request_target' }} - uses: actions/checkout@v3 - - - name: ⬇️ Checkout PR Repository - if: ${{ github.event_name == 'pull_request_target' }} - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} + uses: actions/checkout@v4 - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - name: 🟢 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -141,20 +139,15 @@ jobs: steps: - name: ⬇️ Checkout Repository - if: ${{ github.event_name != 'pull_request_target' }} - uses: actions/checkout@v3 - - - name: ⬇️ Checkout PR Repository - if: ${{ github.event_name == 'pull_request_target' }} - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} + uses: actions/checkout@v4 - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - name: 🟢 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -204,20 +197,15 @@ jobs: steps: - name: ⬇️ Checkout Repository - if: ${{ github.event_name != 'pull_request_target' }} - uses: actions/checkout@v3 - - - name: ⬇️ Checkout PR Repository - if: ${{ github.event_name == 'pull_request_target' }} - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} + uses: actions/checkout@v4 - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - name: 🟢 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -267,20 +255,15 @@ jobs: steps: - name: ⬇️ Checkout Repository - if: ${{ github.event_name != 'pull_request_target' }} - uses: actions/checkout@v3 - - - name: ⬇️ Checkout PR Repository - if: ${{ github.event_name == 'pull_request_target' }} - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} + uses: actions/checkout@v4 - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - name: 🟢 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -330,20 +313,15 @@ jobs: steps: - name: ⬇️ Checkout Repository - if: ${{ github.event_name != 'pull_request_target' }} - uses: actions/checkout@v3 - - - name: ⬇️ Checkout PR Repository - if: ${{ github.event_name == 'pull_request_target' }} - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} + uses: actions/checkout@v4 - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - name: 🟢 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -393,20 +371,15 @@ jobs: steps: - name: ⬇️ Checkout Repository - if: ${{ github.event_name != 'pull_request_target' }} - uses: actions/checkout@v3 - - - name: ⬇️ Checkout PR Repository - if: ${{ github.event_name == 'pull_request_target' }} - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} + uses: actions/checkout@v4 - name: 📦 Setup pnpm uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - name: 🟢 Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: pnpm diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 33830c29..f8ae259a 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -3,8 +3,7 @@ # Ref: https://github.com/dependabot/fetch-metadata name: Auto-merge -# `pull_request_target` means this uses code in the base branch, not the PR. -on: pull_request_target +on: pull_request # Dependabot PRs' tokens have read permissions by default and thus we must enable write permissions. permissions: @@ -20,7 +19,7 @@ jobs: # Fetch PR metadata - name: Fetch PR metadata id: metadata - uses: dependabot/fetch-metadata@v1.6.0 + uses: dependabot/fetch-metadata@v2.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }}