From ac5695c072485aded09c352aae9627951843e7e9 Mon Sep 17 00:00:00 2001 From: Paul Schmiedmayer Date: Fri, 17 May 2024 14:40:06 -0700 Subject: [PATCH] Update Permissions & Environments (#16) # Update Permissions & Environments ## :gear: Release Notes - Update Permissions & Environments ### Code of Conduct & Contributing Guidelines By submitting creating this pull request, you agree to follow our [Code of Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md): - [x] I agree to follow the [Code of Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md). --- .github/workflows/build-and-test.yml | 4 ++ .github/workflows/codeql.yml | 38 +++++++++++++++++++ .github/workflows/main.yml | 2 + .../workflows/monthly-markdown-link-check.yml | 18 +++++++++ 4 files changed, 62 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/monthly-markdown-link-check.yml diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 540879b..b9be6be 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -8,6 +8,10 @@ name: Build and Test +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: workflow_dispatch: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..b65f48a --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,38 @@ +# +# This source file is part of the Stanford Biodesign Digital Health Next.js Template open-source project +# +# SPDX-FileCopyrightText: 2023 Stanford University and the project authors (see CONTRIBUTORS.md) +# +# SPDX-License-Identifier: MIT +# + +name: CodeQL + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: '0 8 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: 'ubuntu-latest' + permissions: + security-events: write + packages: read + actions: read + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: javascript-typescript + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3f93be6..5561123 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,6 +19,7 @@ jobs: name: Build and Test uses: ./.github/workflows/build-and-test.yml permissions: + contents: read checks: write nextjsgithubpages: name: Deploy Next.js site to GitHub Pages @@ -33,6 +34,7 @@ jobs: uses: StanfordBDHG/.github/.github/workflows/docker-build-and-push.yml@v2 with: imageName: stanfordbdhg/nextjstemplate + environment: package permissions: contents: read packages: write diff --git a/.github/workflows/monthly-markdown-link-check.yml b/.github/workflows/monthly-markdown-link-check.yml new file mode 100644 index 0000000..f2379e9 --- /dev/null +++ b/.github/workflows/monthly-markdown-link-check.yml @@ -0,0 +1,18 @@ +# +# This source file is part of the Stanford Biodesign Digital Health Next.js Template open-source project +# +# SPDX-FileCopyrightText: 2023 Stanford University and the project authors (see CONTRIBUTORS.md) +# +# SPDX-License-Identifier: MIT +# + +name: Monthly Markdown Link Check + +on: + schedule: + - cron: "0 8 1 * *" + +jobs: + markdown_link_check: + name: Markdown Link Check + uses: StanfordBDHG/.github/.github/workflows/markdown-link-check.yml@v2