6 Commits

Author SHA1 Message Date
dependabot[bot] 1e97bade5c Bump actions/upload-artifact from 4 to 5 (#25)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 12:35:30 -06:00
dependabot[bot] 6e6fbc184b Bump actions/setup-node from 4 to 6 (#24)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 12:27:38 -06:00
Salman Chishti 2826fb8353 Upgrade to use node24 (#19) 2025-09-02 21:44:11 -05:00
dependabot[bot] 3114dc8cb4 Bump actions/checkout from 4 to 5 (#21)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-20 21:56:04 -05:00
HarithaVattikuti 95d9656793 Create dependabot.yml (#14) 2025-01-21 08:38:16 -06:00
HarithaVattikuti 4688dd73c5 Add permission section (#15) 2025-01-16 08:46:27 -06:00
6 changed files with 22 additions and 16 deletions
+4 -6
View File
@@ -24,7 +24,7 @@ on:
description: "Optional input to set the version of Node.js used to build the project. The input syntax corresponds to the setup-node's one"
required: false
type: string
default: "20.x"
default: "24.x"
node-caching:
description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed"
required: false
@@ -40,10 +40,10 @@ jobs:
operating-systems: ${{fromJson(inputs.operating-systems)}}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Setup Node.js ${{inputs.node-version}}
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
node-version: ${{inputs.node-version}}
cache: ${{inputs.node-caching}}
@@ -62,9 +62,7 @@ jobs:
- name: Test
run: npm test
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Audit packages
run: npm audit --audit-level=high
if: ${{inputs.enable-audit}}
if: ${{inputs.enable-audit}}
+4 -4
View File
@@ -16,7 +16,7 @@ on:
description: "Optional input to set the version of Node.js used to build a project. The input syntax corresponds to the setup-node's one"
required: false
type: string
default: "20.x"
default: "24.x"
node-caching:
description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed"
required: false
@@ -29,10 +29,10 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Setup Node.js ${{inputs.node-version}}
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
node-version: ${{inputs.node-version}}
cache: ${{inputs.node-caching}}
@@ -55,7 +55,7 @@ jobs:
# If inners of the dist directory were different than expected, upload the expected version as an artifact
- name: Upload artifact
if: ${{failure() && steps.diff.conclusion == 'failure'}}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v5
with:
name: dist
path: ${{inputs.dist-path}}
+1 -1
View File
@@ -37,7 +37,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Install dependencies
run: npm ci --ignore-scripts
+4 -4
View File
@@ -32,13 +32,13 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: Checkout ${{github.repository}} repository
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
ref: "${{inputs.base-pr-branch}}"
path: "target"
- name: Checkout actions/reusable-workflows repository
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
repository: "actions/reusable-workflows"
ref: "main"
@@ -84,9 +84,9 @@ jobs:
- name: Install Node.js
if: ${{ steps.successful-update.outputs.STATUS == 'true' }}
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
node-version: 20
node-version: 24
- name: Install dependencies
if: ${{ steps.successful-update.outputs.STATUS == 'true' }}
+8
View File
@@ -74,7 +74,15 @@ basic-validation-call:
with:
enable-audit: false
```
## Recommended permissions
When using the `reusable-workflows` in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
```yaml
permissions:
contents: read # access to read repository's content
actions: read # access to reading actions
```
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE.txt)