feat: enhance workflows by adding required secrets and expanding language support

2025-01-02 11:12:08 +03:30
parent 55d01ac20b
commit 1cc6cddc6f
4 changed files with 19 additions and 14 deletions
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -18,7 +18,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: ["TypeScript"]
+        language: ["TypeScript", "JavaScript"]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
--- a/.github/workflows/publish-npm.yml
+++ b/.github/workflows/publish-npm.yml
@@ -10,6 +10,10 @@ on:
        required: true
        default: "lts/*"
        type: string
+    secrets:
+      NPM_TOKEN:
+        required: true
+        description: "NPM token"

 env:
  NODE_VERSION: lts/*
@@ -52,9 +56,6 @@ jobs:
      - name: 📥 Install Dependencies
        run: yarn install --immutable

-      - name: 🗃️ Cache Wireit
-        uses: google/wireit@setup-github-actions-caching/v2
-
      - name: 🏗️ Build
        run: yarn build
        env:
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,15 +5,18 @@ name: Build & Lint & Test & Release
 on:
  workflow_call:
    inputs:
-      node-version:
+      NODE_VERSION:
        description: "Node.js version"
        required: true
        default: "lts/*"
        type: string
-
-env:
-  NODE_VERSION: lts/*
-  GPG_KEY_ID: ${{ vars.GPG_KEY_ID }}
+    secrets:
+      GPG_KEY_ID:
+        required: true
+        description: "GPG key ID"
+      BOT_TOKEN:
+        required: true
+        description: "Nexim Bot token"

 permissions:
  contents: write
@@ -33,7 +36,7 @@ jobs:
      - name: 🙂‍↔️ Import GPG key
        run: |
          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
-          echo -e "5\ny\n" | gpg --batch --yes --command-fd 0 --edit-key ${{ env.GPG_KEY_ID }} trust quit
+          echo -e "5\ny\n" | gpg --batch --yes --command-fd 0 --edit-key ${{ secrets.GPG_KEY_ID }} trust quit
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}

@@ -41,7 +44,7 @@ jobs:
        run: |
          git config --global user.name "Nexim Bot"
          git config --global user.email "bot@thenexim.com"
-          git config --global user.signingkey ${{ env.GPG_KEY_ID }}
+          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
          git config --global commit.gpgsign true

      - name: 🔧 Setup Node.js
@@ -67,9 +70,6 @@ jobs:
      - name: 📥 Install Dependencies
        run: yarn install --immutable

-      - name: 🗃️ Cache Wireit
-        uses: google/wireit@setup-github-actions-caching/v2
-
      - name: 🏗️ Build
        run: yarn build
        env:
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -4,6 +4,10 @@ name: Sync labels

 on:
  workflow_call:
+    secrets:
+      GITHUB_TOKEN:
+        description: "GitHub token"
+        required: true

 permissions:
  contents: read