From c2c0227162611b72d4d13f5499d7c8a41a95b077 Mon Sep 17 00:00:00 2001 From: Christian Oliff <1212885+coliff@users.noreply.github.com> Date: Tue, 19 Apr 2022 09:28:24 +0900 Subject: [PATCH] GitHub Actions Update - Add Dependency Review - Add CodeQL Analysis - Update Node versions to supported versions - Change update frequency to monthly --- .github/dependabot.yml | 4 +-- .github/workflows/build.yml | 2 +- .github/workflows/codeql-analysis.yml | 38 +++++++++++++++++++++++++ .github/workflows/dependency-review.yml | 14 +++++++++ .github/workflows/npmpublish.yml | 4 +-- .github/workflows/test.yml | 2 +- 6 files changed, 58 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c5af001..e91cae9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,9 +3,9 @@ updates: - package-ecosystem: npm directory: "/" schedule: - interval: weekly + interval: monthly versioning-strategy: increase - package-ecosystem: github-actions directory: "/" schedule: - interval: weekly + interval: monthly diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 50f1be8..be07922 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: node-version: ${{ matrix.node-version }} - run: npm install - run: npm run build - - name: commit + - name: commit uses: stefanzweifel/git-auto-commit-action@v4 with: commit_message: "[Bot] Update dist" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..ec9b31c --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,38 @@ +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '39 1 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..f2605b7 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,14 @@ +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v1 diff --git a/.github/workflows/npmpublish.yml b/.github/workflows/npmpublish.yml index 32ecb76..e2b9b72 100644 --- a/.github/workflows/npmpublish.yml +++ b/.github/workflows/npmpublish.yml @@ -11,7 +11,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: 12 + node-version: 16 - run: npm ci - run: npm run build publish-npm: @@ -21,7 +21,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: 12 + node-version: 16 registry-url: https://registry.npmjs.org/ - run: npm ci - run: npm publish diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 153e426..69a2cd9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - node-version: [12.x, 14.x] + node-version: [14.x, 16.x] steps: - name: Get npm cache directory id: npm-cache