diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 77b915da..c115f6d9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,3 +7,9 @@ updates: # Check the npm registry for updates every day (weekdays) schedule: interval: 'daily' + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 84e6b780..0d4845af 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,25 +11,25 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - node-version: ["14", "16"] + node-version: ["16", "18"] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 - - uses: actions/setup-node@v2 + - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1 with: node-version: ${{ matrix.node-version }} - name: Install dependencies run: yarn install --ignore-engines - name: Check format and lint - if: matrix.node-version == 14 + if: matrix.node-version == 16 run: yarn run format-check && yarn run lint - name: Run tests run: yarn test - name: Build and package - if: matrix.node-version == 14 + if: matrix.node-version == 16 run: yarn run build diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 53f69a32..5c166516 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,10 +17,10 @@ jobs: uses: actions/checkout@v2 - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@896079047b4bb059ba6f150a5d87d47dde99e6e5 - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@896079047b4bb059ba6f150a5d87d47dde99e6e5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@896079047b4bb059ba6f150a5d87d47dde99e6e5 diff --git a/.github/workflows/dependabot-merge.yml b/.github/workflows/dependabot-merge.yml deleted file mode 100644 index bcd4ec55..00000000 --- a/.github/workflows/dependabot-merge.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: 'dependabot-auto-merge' -on: - pull_request_target: - -jobs: - build: - if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' - runs-on: ubuntu-latest - steps: - - - name: Auto merge dependabot - uses: ahmadnassri/action-dependabot-auto-merge@v2 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c7b9dac8..7a4e3cef 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,35 @@ +name: Release + +on: + push: + branches: + - main + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Get app installation token + uses: npalm/action-app-token@dd4bb16d91ced5659bc618705c96b822c5a42136 # v1.1.0 + id: token + with: + appId: ${{ secrets.APP_ID }} + appPrivateKeyBase64: ${{ secrets.APP_PRIVATE_KEY_BASE64 }} + appInstallationType: repo + appInstallationValue: ${{ github.repository }} + + # bootstrap-sha and release-as needs to be removed after first release + - name: Release + uses: google-github-actions/release-please-action@af1990728f970ad54c88e130c02a1521988127a2 # v3.7.0 + with: + release-type: terraform-module + token: ${{ steps.token.outputs.token }} + include-v-in-tag: false + signoff: "Niek Palm " + bootstrap-sha: 78bf422d362ea613ea5511dfa62d30bd00ffc025 + + + name: 'Release' on: workflow_dispatch: @@ -12,14 +44,14 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 persist-credentials: false - - uses: actions/setup-node@v2 + - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1 with: - node-version: 14.18.1 + node-version: 16 - name: Install dependencies run: yarn @@ -27,8 +59,8 @@ jobs: - name: Run checks run: yarn run test && yarn lint && yarn run build - - name: Get installation token - uses: npalm/action-app-token@v1.0.0 + - name: Get app installation token + uses: npalm/action-app-token@dd4bb16d91ced5659bc618705c96b822c5a42136 # v1.1.0 id: app-token with: appId: ${{ secrets.APP_ID }} diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index ad85530b..689f92de 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -11,19 +11,19 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 - name: Get info id: info run: | - echo ::set-output name=repo_name::$(echo $GITHUB_REPOSITORY| cut -d / -f 2) - echo ::set-output name=repo_owner::$(echo $GITHUB_REPOSITORY| cut -d / -f 1) + echo "repo_name=$(echo $GITHUB_REPOSITORY| cut -d / -f 2)" >> $GITHUB_OUTPUT + echo "repo_owner=$(echo $GITHUB_REPOSITORY| cut -d / -f 1)" >> $GITHUB_OUTPUT - - uses: actions/setup-node@v2 + - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1 with: - node-version: 14.18.1 + node-version: 16 - name: Install dependencies run: yarn install @@ -31,8 +31,8 @@ jobs: run: yarn run all - name: SonarCloud Scan - if: matrix.node-version == 14 - uses: sonarsource/sonarcloud-github-action@master + if: matrix.node-version == 16 + uses: sonarsource/sonarcloud-github-action@cb201f3b2d7a38231a8c042dfea4539c8bea180b # v1.8 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}