From 7d0997525bc7219a41f1068033cf9d4c53242416 Mon Sep 17 00:00:00 2001 From: Jiya Gupta Date: Mon, 18 Nov 2024 11:48:38 +0530 Subject: [PATCH 1/7] gha-update:stale --- .github/workflows/stale.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 24667f8e06..3430d52ec8 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.' @@ -40,4 +40,4 @@ jobs: exempt-all-milestones: true exempt-pr-labels: 'wip' exempt-issue-labels: 'wip' - operations-per-run: 30 + operations-per-run: 50 From eea401f9b30262cf38f048bfceff8edb4cc68114 Mon Sep 17 00:00:00 2001 From: Jiya Gupta Date: Mon, 18 Nov 2024 11:56:40 +0530 Subject: [PATCH 2/7] gha-update:codecov-action --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 950d063fac..e45a73527b 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -53,7 +53,7 @@ jobs: run: npm install - run: npm run test -- --watchAll=false --coverage - name: Present and upload coverage to Codecov as ${{env.CODECOV_UNIQUE_NAME}} - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} verbose: true From e427def157fd31a1b7f393f7eb68cab2f4125af8 Mon Sep 17 00:00:00 2001 From: Jiya Gupta Date: Mon, 18 Nov 2024 12:09:16 +0530 Subject: [PATCH 3/7] gha-update:changed-files --- .github/workflows/pull-request.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 7eb62357c1..a3a8d92d9f 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -42,7 +42,7 @@ jobs: - name: Get changed TypeScript files id: changed-files - uses: tj-actions/changed-files@v40 + uses: tj-actions/changed-files@v45 - name: Check formatting if: steps.changed-files.outputs.only_changed != 'true' run: npm run format:check @@ -58,7 +58,7 @@ jobs: - name: Check for linting errors in modified files if: steps.changed-files.outputs.only_changed != 'true' env: - CHANGED_FILES: ${{ steps.changed_files.outputs.all_changed_files }} + CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} run: npx eslint ${CHANGED_FILES} && python .github/workflows/eslint_disable_check.py - name: Check for TSDoc comments @@ -92,7 +92,7 @@ jobs: - name: Get Changed Unauthorized files id: changed-unauth-files - uses: tj-actions/changed-files@v40 + uses: tj-actions/changed-files@v45 with: files: | .github/** @@ -144,7 +144,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v40 + uses: tj-actions/changed-files@v45 - name: Echo number of changed files env: @@ -197,7 +197,7 @@ jobs: - name: Get changed TypeScript files id: changed-files - uses: tj-actions/changed-files@v40 + uses: tj-actions/changed-files@v45 - name: Run tests if: steps.changed-files.outputs.only_changed != 'true' @@ -205,7 +205,7 @@ jobs: - name: TypeScript compilation for changed files run: | - for file in ${{ steps.changed-files.outputs.all_files }}; do + for file in ${{ steps.changed-files.outputs.all_changed_files }}; do if [[ "$file" == *.ts || "$file" == *.tsx ]]; then npx tsc --noEmit "$file" fi @@ -220,7 +220,7 @@ jobs: name: '${{env.CODECOV_UNIQUE_NAME}}' - name: Test acceptable level of code coverage - uses: VeryGoodOpenSource/very_good_coverage@v2 + uses: VeryGoodOpenSource/very_good_coverage@v3 with: path: './coverage/lcov.info' min_coverage: 95.0 From 6858a8df95642a99072512b5f66b02a06cd9a898 Mon Sep 17 00:00:00 2001 From: Jiya Gupta Date: Mon, 18 Nov 2024 20:48:53 +0530 Subject: [PATCH 4/7] actions-comment-pull-request --- .github/workflows/pull-request-target.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request-target.yml b/.github/workflows/pull-request-target.yml index 2560a0dac9..591e410d44 100644 --- a/.github/workflows/pull-request-target.yml +++ b/.github/workflows/pull-request-target.yml @@ -19,9 +19,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Add the PR Review Policy - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@v3 with: - comment_tag: pr_review_policy + comment-tag: pr_review_policy message: | ## Our Pull Request Approval Process From 360d5d58a116e3901c60de2be28d84a8e8ecbf3a Mon Sep 17 00:00:00 2001 From: Jiya Gupta Date: Mon, 18 Nov 2024 20:49:29 +0530 Subject: [PATCH 5/7] github-script --- .github/workflows/issue.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index 420d50adbe..05c703117e 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -26,7 +26,7 @@ jobs: - uses: Renato66/auto-label@v3 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/github-script@v6 + - uses: actions/github-script@v7 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 15b5647e3f0819a80795c2cb53184b9714601a99 Mon Sep 17 00:00:00 2001 From: Jiya Gupta Date: Mon, 18 Nov 2024 20:55:50 +0530 Subject: [PATCH 6/7] gha-update:codeql-codescan --- .github/workflows/codeql-codescan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-codescan.yml b/.github/workflows/codeql-codescan.yml index 6fa463001f..e018647d32 100644 --- a/.github/workflows/codeql-codescan.yml +++ b/.github/workflows/codeql-codescan.yml @@ -32,13 +32,13 @@ jobs: uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} debug: true - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 4c71e19c4ff7abd3f9073b28ee7becbb5e5a686e Mon Sep 17 00:00:00 2001 From: Jiya Gupta Date: Tue, 19 Nov 2024 00:13:27 +0530 Subject: [PATCH 7/7] Sensitive files protection --- .github/workflows/pull-request.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index a3a8d92d9f..8836d93c89 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -95,6 +95,7 @@ jobs: uses: tj-actions/changed-files@v45 with: files: | + .env* .github/** env.example .node-version @@ -123,6 +124,12 @@ jobs: ISSUE_GUIDELINES.md PR_GUIDELINES.md README.md + *.pem + *.key + *.cert + *.password + *.secret + *.credentials - name: List all changed unauthorized files if: steps.changed-unauth-files.outputs.any_changed == 'true' || steps.changed-unauth-files.outputs.any_deleted == 'true'