5 Commits

Author SHA1 Message Date
dependabot[bot] c3a97fc26a Bump github/codeql-action from 3 to 4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-13 16:24:08 +00:00
Salman Chishti 2826fb8353 Upgrade to use node24 (#19) 2025-09-02 21:44:11 -05:00
dependabot[bot] 3114dc8cb4 Bump actions/checkout from 4 to 5 (#21)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-20 21:56:04 -05:00
HarithaVattikuti 95d9656793 Create dependabot.yml (#14) 2025-01-21 08:38:16 -06:00
HarithaVattikuti 4688dd73c5 Add permission section (#15) 2025-01-16 08:46:27 -06:00
7 changed files with 34 additions and 12 deletions
+14
View File
@@ -0,0 +1,14 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
# Enable version updates for GitHub Actions
- package-ecosystem: 'github-actions'
# Workflow files stored in the default location of `.github/workflows`
# You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.
directory: '/'
schedule:
interval: 'weekly'
+2 -2
View File
@@ -24,7 +24,7 @@ on:
description: "Optional input to set the version of Node.js used to build the project. The input syntax corresponds to the setup-node's one"
required: false
type: string
default: "20.x"
default: "24.x"
node-caching:
description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed"
required: false
@@ -40,7 +40,7 @@ jobs:
operating-systems: ${{fromJson(inputs.operating-systems)}}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Setup Node.js ${{inputs.node-version}}
uses: actions/setup-node@v4
+2 -2
View File
@@ -16,7 +16,7 @@ on:
description: "Optional input to set the version of Node.js used to build a project. The input syntax corresponds to the setup-node's one"
required: false
type: string
default: "20.x"
default: "24.x"
node-caching:
description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed"
required: false
@@ -29,7 +29,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Setup Node.js ${{inputs.node-version}}
uses: actions/setup-node@v4
+4 -4
View File
@@ -37,11 +37,11 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@v4
with:
languages: ${{matrix.language}}
config-file: ${{inputs.codeql-cfg-path}}
@@ -50,7 +50,7 @@ jobs:
# If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step.
- name: Autobuild
if: ${{!inputs.build-command}}
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@v4
- name: Manual build
if: ${{inputs.build-command}}
@@ -58,4 +58,4 @@ jobs:
${{inputs.build-command}}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@v4
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Install dependencies
run: npm ci --ignore-scripts
+3 -3
View File
@@ -32,13 +32,13 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: Checkout ${{github.repository}} repository
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
ref: "${{inputs.base-pr-branch}}"
path: "target"
- name: Checkout actions/reusable-workflows repository
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
repository: "actions/reusable-workflows"
ref: "main"
@@ -86,7 +86,7 @@ jobs:
if: ${{ steps.successful-update.outputs.STATUS == 'true' }}
uses: actions/setup-node@v4
with:
node-version: 20
node-version: 24
- name: Install dependencies
if: ${{ steps.successful-update.outputs.STATUS == 'true' }}
+8
View File
@@ -74,7 +74,15 @@ basic-validation-call:
with:
enable-audit: false
```
## Recommended permissions
When using the `reusable-workflows` in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
```yaml
permissions:
contents: read # access to read repository's content
actions: read # access to reading actions
```
## License
The scripts and documentation in this project are released under the [MIT License](LICENSE.txt)