chore: improve and update ci cd (#107)

* chore: improve and update ci cd * chore: updating lock
bbc · Mar 11, 2024 · fe7e708 · fe7e708
1 parent 96dcb3b
commit fe7e708
Show file tree

Hide file tree

Showing 10 changed files with 8,322 additions and 2,230 deletions.
diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
       - name: "CLA Check"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.2.1
+        uses: contributor-assistant/github-action@v2.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
@@ -17,18 +17,18 @@ jobs:
         node-version: [18.x]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
 
       - name: Install Node Modules
         run: npm ci
 
       - name: Report Coverage
-        uses: paambaati/codeclimate-action@v3.2.0
+        uses: paambaati/codeclimate-action@v5.0.0
         env:
           CC_TEST_REPORTER_ID: b7dd7a17709f29e70a936a1a9482a9d7c0da56915aec94382436d4e8f9bcb78e
         with:

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,14 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml
@@ -0,0 +1,29 @@
+name: "Lock Threads"
+
+on:
+  schedule:
+    - cron: "0 * * * *" # Once a day, at midnight UTC
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: lock
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          issue-inactive-days: "30" # Lock issues after 30 days of being closed
+          pr-inactive-days: "5" # Lock closed PRs after 5 days. This ensures that issues that stem from a PR are opened as issues, rather than comments on the recently merged PR.
+          add-issue-labels: "outdated"
+          exclude-issue-created-before: "2023-01-01"
+          issue-comment: >
+            This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.
+          pr-comment: >
+            This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,26 @@
+name: Publish Package to npmjs
+on:
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm ci
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npx semantic-release
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v6
+      - uses: actions/stale@v8
         with:
           stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
           stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
@@ -16,4 +16,9 @@ jobs:
           days-before-issue-stale: 30
           days-before-pr-stale: 45
           days-before-issue-close: 5
-          days-before-pr-close: 10
+          days-before-pr-close: 10
+          operations-per-run: 90
+          exempt-issue-labels: keep
+          exempt-pr-labels: keep
+          exempt-all-assignees: true
+          exempt-all-milestones: true
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -17,10 +17,10 @@ jobs:
         node-version: [18.x, 20.x]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}