Skip to content

Commit 498bf41

Browse files
authored
Merge pull request #21 from cpanato/clean
apply ci best practices
2 parents f66f5f4 + 4c7fdcd commit 498bf41

4 files changed

Lines changed: 51 additions & 14 deletions

File tree

.github/workflows/build.yml

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name: Check npm build
22

33
on:
4-
workflow_dispatch:
4+
55
pull_request:
66
branches:
77
- main
@@ -11,17 +11,29 @@ on:
1111
- "package.json"
1212
- "package-lock.json"
1313

14+
permissions: {}
15+
1416
jobs:
1517
build:
1618
runs-on: ubuntu-latest
19+
1720
permissions:
1821
contents: read # Only need read access for checking
22+
1923
steps:
24+
- name: Harden the runner (Audit all outbound calls)
25+
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
26+
with:
27+
egress-policy: audit
28+
2029
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
30+
with:
31+
persist-credentials: true
2132

2233
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
2334
with:
2435
node-version: "20"
36+
check-latest: true
2537

2638
- name: Install dependencies
2739
run: npm ci

.github/workflows/example.yml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,24 @@ name: Malcontent Analysis
22

33
on:
44
pull_request:
5-
types: [opened, synchronize, reopened]
5+
branches:
6+
- main
67

7-
permissions:
8-
contents: read
9-
pull-requests: write
8+
permissions: {}
109

1110
jobs:
1211
malcontent:
1312
runs-on: ubuntu-latest
13+
14+
permissions:
15+
contents: read
16+
1417
steps:
18+
- name: Harden the runner (Audit all outbound calls)
19+
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
20+
with:
21+
egress-policy: audit
22+
1523
- name: Checkout repository
1624
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
1725
with:

.github/workflows/format-check.yml

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,5 @@
11
name: Format Check
22

3-
permissions:
4-
contents: read
5-
63
on:
74
pull_request:
85
branches:
@@ -13,18 +10,32 @@ on:
1310
- "package-lock.json"
1411
- ".prettierrc.json"
1512

13+
permissions: {}
14+
1615
jobs:
1716
format:
1817
runs-on: ubuntu-latest
18+
19+
permissions:
20+
contents: read
21+
1922
steps:
23+
- name: Harden the runner (Audit all outbound calls)
24+
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
25+
with:
26+
egress-policy: audit
27+
2028
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
29+
with:
30+
persist-credentials: true
2131

2232
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
2333
with:
2434
node-version: "20"
35+
check-latest: true
2536

2637
- name: Install dependencies
2738
run: npm ci
2839

2940
- name: Check formatting
30-
run: npm run format:check
41+
run: npm run format:check

.github/workflows/push-example.yml

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,23 @@ name: Malcontent Analysis on Push
22

33
on:
44
push:
5-
branches: [main, develop]
5+
branches:
6+
- main
67

7-
permissions:
8-
contents: read
8+
permissions: {}
99

1010
jobs:
1111
malcontent:
1212
runs-on: ubuntu-latest
13+
14+
permissions:
15+
contents: read
16+
1317
steps:
14-
- name: Checkout repository
15-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
18+
- name: Harden the runner (Audit all outbound calls)
19+
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
20+
with:
21+
egress-policy: audit
1622

1723
- name: Checkout code
1824
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

0 commit comments

Comments
 (0)