From 188cfa37f15e3658ec94a30ead5d74555eb4ee82 Mon Sep 17 00:00:00 2001 From: "S. Amir Mohammad Najafi" Date: Sat, 4 Jan 2025 08:50:41 +0330 Subject: [PATCH] chore: enhance usage of workflow --- .github/workflows/build-lint-test.yaml | 3 ++- .github/workflows/codeql.yaml | 9 ++------- .github/workflows/dependency-review.yaml | 1 + .github/workflows/publish-npm.yml | 9 +++++---- .github/workflows/release.yaml | 12 +++++++----- .github/workflows/sync-labels.yaml | 5 +++-- 6 files changed, 20 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-lint-test.yaml b/.github/workflows/build-lint-test.yaml index c1d8b01..c43e947 100644 --- a/.github/workflows/build-lint-test.yaml +++ b/.github/workflows/build-lint-test.yaml @@ -14,8 +14,9 @@ on: jobs: main: uses: the-nexim/actions/.github/workflows/build-lint-test.yaml@v1 + permissions: contents: read + with: node-version: lts/* - secrets: inherit diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index c106308..8ed6326 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -6,17 +6,12 @@ on: workflow_dispatch: schedule: - - cron: '0 7 * */2 *' - # │ │ │ │ │ - # │ │ │ │ └─── day of the week (0 - 6 or SUN-SAT) - # │ │ │ └────── month (1 - 12 or JAN-DEC) - # │ │ └───────── day of the month (1 - 31) - # │ └─────────── hour (0 - 23) - # └───────────── minute (0 - 59) + - cron: '0 7 * */2 *' # every 2 days at 7:00 UTC jobs: main: uses: the-nexim/actions/.github/workflows/codeql.yaml@v1 + permissions: actions: read contents: read diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 6a0d5e4..1c012fc 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -10,5 +10,6 @@ on: jobs: main: uses: the-nexim/actions/.github/workflows/dependency-review.yaml@v1 + permissions: contents: read diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml index f76736e..06b06a3 100644 --- a/.github/workflows/publish-npm.yml +++ b/.github/workflows/publish-npm.yml @@ -9,15 +9,16 @@ on: types: - created -env: - NODE_VERSION: lts/* - jobs: main: uses: the-nexim/actions/.github/workflows/publish-npm.yaml@v1 + permissions: contents: read id-token: write + with: node-version: lts/* - secrets: inherit + + secrets: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7980937..ef8b5d8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,15 +5,17 @@ name: Build & Lint & Test & Release on: workflow_dispatch: -env: - NODE_VERSION: lts/* - GPG_KEY_ID: ${{ vars.GPG_KEY_ID }} - jobs: main: uses: the-nexim/actions/.github/workflows/release.yaml@v1 + permissions: contents: write + with: node-version: lts/* - secrets: inherit + + secrets: + GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} + GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} diff --git a/.github/workflows/sync-labels.yaml b/.github/workflows/sync-labels.yaml index 9fbfc78..851de35 100644 --- a/.github/workflows/sync-labels.yaml +++ b/.github/workflows/sync-labels.yaml @@ -4,6 +4,7 @@ name: Sync labels on: workflow_dispatch: + push: branches: - next @@ -13,8 +14,8 @@ on: jobs: main: - uses: the-nexim/actions/.github/workflows/sync-label.yaml@next + uses: the-nexim/actions/.github/workflows/sync-label.yaml@v1 + permissions: contents: read issues: write - secrets: inherit