diff --git a/.github/workflows/deploy-package.yml b/.github/workflows/deploy-package.yml index 0a754c26d..f390fd898 100644 --- a/.github/workflows/deploy-package.yml +++ b/.github/workflows/deploy-package.yml @@ -26,6 +26,10 @@ concurrency: group: ${{ inputs.environment }} cancel-in-progress: true +permissions: + contents: write + packages: write + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/deploy-website.yml b/.github/workflows/deploy-website.yml index 13e627773..e8da795c6 100644 --- a/.github/workflows/deploy-website.yml +++ b/.github/workflows/deploy-website.yml @@ -8,6 +8,9 @@ concurrency: env: JEKYLL_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +permissions: + contents: read + jobs: deploy: name: Cloudflare Pages @@ -28,7 +31,7 @@ jobs: uses: actions/checkout@v4 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@v1.207.0 with: ruby-version: 3.3 @@ -40,7 +43,7 @@ jobs: run: echo "version=$(date +'%Y.%m.%d')-${{ github.run_number }}" >> $GITHUB_OUTPUT - name: Replace cache markers - uses: jacobtomlinson/gha-find-replace@v3 + uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 with: find: "YYYY.MM.DD" replace: "${{ steps.tag.outputs.version }}" @@ -60,7 +63,7 @@ jobs: - name: Publish to Cloudflare Pages id: deploy - uses: cloudflare/wrangler-action@v3 + uses: cloudflare/wrangler-action@v3.1.0 with: apiToken: ${{ secrets.CLOUDFLARE_API_KEY }} accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} diff --git a/.github/workflows/lint-pull-request.yml b/.github/workflows/lint-pull-request.yml index 4e9507808..dcd3de41b 100644 --- a/.github/workflows/lint-pull-request.yml +++ b/.github/workflows/lint-pull-request.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@v5.1.0 id: lint_pr_title env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -29,7 +29,7 @@ jobs: bot dependencies - - uses: marocchino/sticky-pull-request-comment@v2 + - uses: marocchino/sticky-pull-request-comment@v2.1.0 if: always() && (steps.lint_pr_title.outputs.error_message != null) with: header: pr-title-lint-error @@ -60,25 +60,25 @@ jobs: - `style: Format trading strategy classes` - `refactor: Restructure trading engine components` - `perf: Optimize trade order execution flow` - + #### Documentation & testing - `docs: Update API documentation` - `test: Add unit tests for sign-in flow` - + #### Infrastructure - `build: Update .NET SDK version to 8.0` - `ci: Add workflow for performance testing` - `chore: Update NuGet dependencies` - + #### Other - `revert: Remove faulty market data provider` - + See [Conventional Commits](https://www.conventionalcommits.org) for more details. # Delete a previous comment when the issue has been resolved - if: ${{ steps.lint_pr_title.outputs.error_message == null }} - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@v2.1.0 with: header: pr-title-lint-error delete: true diff --git a/.github/workflows/lock-issues-pr.yml b/.github/workflows/lock-issues-pr.yml index 000093ade..d8eefbc89 100644 --- a/.github/workflows/lock-issues-pr.yml +++ b/.github/workflows/lock-issues-pr.yml @@ -19,7 +19,7 @@ jobs: timeout-minutes: 10 steps: - - uses: dessant/lock-threads@v5 + - uses: dessant/lock-threads@v5.0.1 with: process-only: issues, prs issue-inactive-days: "90" diff --git a/.github/workflows/test-examples.yml b/.github/workflows/test-examples.yml index 981de358a..ebbe2e987 100644 --- a/.github/workflows/test-examples.yml +++ b/.github/workflows/test-examples.yml @@ -12,6 +12,9 @@ on: - docs/examples/** - ".github/workflows/test-examples.yml" +permissions: + contents: read + jobs: build: name: build diff --git a/.github/workflows/test-indicators.yml b/.github/workflows/test-indicators.yml index c44e5832c..a067fa57f 100644 --- a/.github/workflows/test-indicators.yml +++ b/.github/workflows/test-indicators.yml @@ -7,6 +7,11 @@ on: branches: ["*"] workflow_dispatch: +permissions: + contents: read # Required for checkout + actions: read # Required for workflow runs + checks: write # Required for test results + jobs: test: name: unit tests diff --git a/.github/workflows/test-performance.yml b/.github/workflows/test-performance.yml index ebbbfad62..14624b984 100644 --- a/.github/workflows/test-performance.yml +++ b/.github/workflows/test-performance.yml @@ -5,6 +5,9 @@ concurrency: on: workflow_dispatch +permissions: + contents: read + jobs: analyze: runs-on: ubuntu-22.04 diff --git a/.github/workflows/test-website-a11y.yml b/.github/workflows/test-website-a11y.yml index ad193a5d5..3bc17cb97 100644 --- a/.github/workflows/test-website-a11y.yml +++ b/.github/workflows/test-website-a11y.yml @@ -12,6 +12,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: test: runs-on: ubuntu-latest @@ -27,7 +30,7 @@ jobs: uses: actions/checkout@v4 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@v1.207.0 with: ruby-version: 3.3 @@ -37,7 +40,7 @@ jobs: npm install -g pa11y-ci - name: Use 'localhost' - uses: jacobtomlinson/gha-find-replace@v3 + uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 with: find: "https://dotnet.stockindicators.dev" replace: "http://127.0.0.1:4000" diff --git a/.github/workflows/test-website-links.yml b/.github/workflows/test-website-links.yml index 0c40dbd16..0b478b3cf 100644 --- a/.github/workflows/test-website-links.yml +++ b/.github/workflows/test-website-links.yml @@ -12,6 +12,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: test: runs-on: ubuntu-latest @@ -27,7 +30,7 @@ jobs: uses: actions/checkout@v4 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@v1.207.0 with: ruby-version: 3.3 @@ -37,14 +40,14 @@ jobs: gem install html-proofer - name: Replace "data-src" - uses: jacobtomlinson/gha-find-replace@v3 + uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 with: find: "data-src" replace: "src" regex: false - name: Use 'localhost' - uses: jacobtomlinson/gha-find-replace@v3 + uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 with: find: "https://dotnet.stockindicators.dev" replace: "http://127.0.0.1:4000"