diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..07ce72d --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,45 @@ +name: codeql + +on: + push: + branches: + - 'master' + - 'releases/v*' + pull_request: + +permissions: + actions: read + contents: read + security-events: write + +env: + NODE_VERSION: "24" + +jobs: + analyze: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v6 + - + name: Enable corepack + run: | + corepack enable + yarn --version + - + name: Set up Node + uses: actions/setup-node@v6 + with: + node-version: ${{ env.NODE_VERSION }} + - + name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: javascript-typescript + build-mode: none + - + name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 + with: + category: "/language:javascript-typescript" diff --git a/.github/workflows/pr-assign-author.yml b/.github/workflows/pr-assign-author.yml index f56fa03..571b370 100644 --- a/.github/workflows/pr-assign-author.yml +++ b/.github/workflows/pr-assign-author.yml @@ -11,7 +11,7 @@ on: jobs: run: - uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf + uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@20ef82212dc54bab5749f5e05576ca6d3c8a5773 # v1.1.0 permissions: contents: read pull-requests: write diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 10383ff..9cc2e8e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,13 +24,13 @@ jobs: uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: ${{ env.SETUP_BUILDX_VERSION }} driver: docker - name: Test - uses: docker/bake-action@v6 + uses: docker/bake-action@v7 with: source: . targets: test diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml index 744588f..fefe728 100644 --- a/.github/workflows/update-dist.yml +++ b/.github/workflows/update-dist.yml @@ -14,7 +14,7 @@ jobs: - name: GitHub auth token from GitHub App id: docker-read-app - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} @@ -28,7 +28,7 @@ jobs: token: ${{ steps.docker-read-app.outputs.token || github.token }} - name: Build - uses: docker/bake-action@v6 + uses: docker/bake-action@v7 with: source: . targets: build diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 134070c..377f7d6 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -19,15 +19,15 @@ jobs: prepare: runs-on: ubuntu-latest outputs: - targets: ${{ steps.generate.outputs.targets }} + matrix: ${{ steps.generate.outputs.matrix }} steps: - name: Checkout uses: actions/checkout@v6 - - name: List targets + name: Generate matrix id: generate - uses: docker/bake-action/subaction/list-targets@v6 + uses: docker/bake-action/subaction/matrix@v7 with: target: validate @@ -38,16 +38,16 @@ jobs: strategy: fail-fast: false matrix: - target: ${{ fromJson(needs.prepare.outputs.targets) }} + include: ${{ fromJson(needs.prepare.outputs.matrix) }} steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: ${{ env.SETUP_BUILDX_VERSION }} driver: docker - name: Validate - uses: docker/bake-action@v6 + uses: docker/bake-action@v7 with: targets: ${{ matrix.target }}