Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 3299817c49 | |||
| 51471631b5 | |||
| 3d73cee0ea |
@@ -0,0 +1,14 @@
|
||||
# To get started with Dependabot version updates, you'll need to specify which
|
||||
# package ecosystems to update and where the package manifests are located.
|
||||
# Please see the documentation for all configuration options:
|
||||
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
# Enable version updates for GitHub Actions
|
||||
- package-ecosystem: 'github-actions'
|
||||
# Workflow files stored in the default location of `.github/workflows`
|
||||
# You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.
|
||||
directory: '/'
|
||||
schedule:
|
||||
interval: 'weekly'
|
||||
@@ -62,7 +62,9 @@ jobs:
|
||||
|
||||
- name: Test
|
||||
run: npm test
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Audit packages
|
||||
run: npm audit --audit-level=high
|
||||
if: ${{inputs.enable-audit}}
|
||||
if: ${{inputs.enable-audit}}
|
||||
|
||||
@@ -74,15 +74,7 @@ basic-validation-call:
|
||||
with:
|
||||
enable-audit: false
|
||||
```
|
||||
## Recommended permissions
|
||||
|
||||
When using the `reusable-workflows` in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
|
||||
|
||||
```yaml
|
||||
permissions:
|
||||
contents: read # access to read repository's content
|
||||
actions: read # access to reading actions
|
||||
```
|
||||
## License
|
||||
|
||||
The scripts and documentation in this project are released under the [MIT License](LICENSE.txt)
|
||||
|
||||
Reference in New Issue
Block a user