Skip to content

Ws/security-fixes #1002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wswebcreation merged 9 commits into from
Sep 5, 2025
Merged

Ws/security-fixes #1002

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ebca419
fix: fix test.yml
wswebcreation Sep 5, 2025
48b6101
fix: update permissions
wswebcreation Sep 5, 2025
c603c93
fix: fix alpha.release.yml
wswebcreation Sep 5, 2025
ef926da
fix: fix update.yml
wswebcreation Sep 5, 2025
70f2703
chore: fix versions for pnpm
wswebcreation Sep 5, 2025
79c259d
chore: proper fix for version
wswebcreation Sep 5, 2025
12b63e3
chore: use env
wswebcreation Sep 5, 2025
70663ae
chore: remove extra check
wswebcreation Sep 5, 2025
46f3f7e
chore: fix exact version
wswebcreation Sep 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions .github/workflows/alpha.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,18 @@ jobs:
alpha-release:
name: Alpha Release
runs-on: ubuntu-latest
permissions: write-all
permissions:
contents: write
packages: write
id-token: write

strategy:
matrix:
node-version: [20.x]

steps:
- name: ⬇️ Checkout Repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0

Expand All @@ -44,6 +47,8 @@ jobs:

- name: 🔧 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9.15.9

- name: 🔧 Setup NPM
run: |
Expand All @@ -52,14 +57,25 @@ jobs:
npm whoami

- name: 🔧 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm

- name: 🧩 Install Dependencies
run: pnpm pnpm.install.workaround

- name: 🔄 Validate Package Directory
run: |
if [[ ! "${{ github.event.inputs.package_dir }}" =~ ^packages/[a-zA-Z0-9_-]+$ ]]; then
echo "Invalid package directory: ${{ github.event.inputs.package_dir }}"
exit 1
fi
if [[ ! -d "${{ github.event.inputs.package_dir }}" ]]; then
echo "Package directory does not exist: ${{ github.event.inputs.package_dir }}"
exit 1
fi

- name: 🔄 Navigate to Package Directory
run: |
cd ${{ github.event.inputs.package_dir }}
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/deploy-visual-reporter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,28 +26,36 @@ jobs:
steps:
- name: ⬇️ Checkout Repository
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9.15.9

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
- name: 🧩 Install Dependencies
run: pnpm pnpm.install.workaround

- name: 🏗️ Build
working-directory: packages/visual-reporter
run: |
pnpm build
pnpm script:prepare.report
env:
GITHUB_PAGES: "/visual-testing/"

- name: ⚙️ Setup Pages
uses: actions/configure-pages@v5

- name: 📤 Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: "packages/visual-reporter/build/client"

- name: 🚀 Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
11 changes: 8 additions & 3 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,18 @@ jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions: write-all
permissions:
contents: write
packages: write
id-token: write

strategy:
matrix:
node-version: [20.x]

steps:
- name: ⬇️ Checkout Repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: 🔧 Setup Git
run: |
Expand All @@ -30,6 +33,8 @@ jobs:

- name: 🔧 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9.15.9

- name: 🔧 Setup NPM
run: |
Expand All @@ -38,7 +43,7 @@ jobs:
npm whoami

- name: 🔧 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand Down
97 changes: 35 additions & 62 deletions .github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,13 @@ on:
branches:
- main
pull_request:
pull_request_target:

permissions:
contents: read
pull-requests: read

env:
PNPM_VERSION: 9.15.9+sha256.cf86a7ad764406395d4286a6d09d730711720acc6d93e9dce9ac7ac4dc4a28a7

jobs:
dependency-check:
Expand Down Expand Up @@ -40,18 +46,15 @@ jobs:

steps:
- name: ⬇️ Checkout Repository
uses: actions/checkout@v3

- name: ⬇️ Checkout PR Repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand All @@ -78,20 +81,15 @@ jobs:

steps:
- name: ⬇️ Checkout Repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v3

- name: ⬇️ Checkout PR Repository
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand Down Expand Up @@ -141,20 +139,15 @@ jobs:

steps:
- name: ⬇️ Checkout Repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v3

- name: ⬇️ Checkout PR Repository
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand Down Expand Up @@ -204,20 +197,15 @@ jobs:

steps:
- name: ⬇️ Checkout Repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v3

- name: ⬇️ Checkout PR Repository
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand Down Expand Up @@ -267,20 +255,15 @@ jobs:

steps:
- name: ⬇️ Checkout Repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v3

- name: ⬇️ Checkout PR Repository
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand Down Expand Up @@ -330,20 +313,15 @@ jobs:

steps:
- name: ⬇️ Checkout Repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v3

- name: ⬇️ Checkout PR Repository
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand Down Expand Up @@ -393,20 +371,15 @@ jobs:

steps:
- name: ⬇️ Checkout Repository
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v3

- name: ⬇️ Checkout PR Repository
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
uses: actions/checkout@v4

- name: 📦 Setup pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}

- name: 🟢 Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: pnpm
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/update.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@
# Ref: https://github.com/dependabot/fetch-metadata
name: Auto-merge

# `pull_request_target` means this uses code in the base branch, not the PR.
on: pull_request_target
on: pull_request

# Dependabot PRs' tokens have read permissions by default and thus we must enable write permissions.
permissions:
Expand All @@ -20,7 +19,7 @@ jobs:
# Fetch PR metadata
- name: Fetch PR metadata
id: metadata
uses: dependabot/fetch-metadata@v1.6.0
uses: dependabot/fetch-metadata@v2.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

Expand Down
Loading