From 1cc6cddc6fe9bca98a69e23388a6b425324fa8a6 Mon Sep 17 00:00:00 2001 From: arashagp Date: Thu, 2 Jan 2025 11:12:08 +0330 Subject: [PATCH] feat: enhance workflows by adding required secrets and expanding language support --- .github/workflows/codeql.yaml | 2 +- .github/workflows/publish-npm.yml | 7 ++++--- .github/workflows/release.yaml | 20 ++++++++++---------- .github/workflows/sync-labels.yml | 4 ++++ 4 files changed, 19 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index d7dba7c..df43f56 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -18,7 +18,7 @@ jobs: strategy: fail-fast: false matrix: - language: ["TypeScript"] + language: ["TypeScript", "JavaScript"] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml index d378463..c0e3850 100644 --- a/.github/workflows/publish-npm.yml +++ b/.github/workflows/publish-npm.yml @@ -10,6 +10,10 @@ on: required: true default: "lts/*" type: string + secrets: + NPM_TOKEN: + required: true + description: "NPM token" env: NODE_VERSION: lts/* @@ -52,9 +56,6 @@ jobs: - name: 📥 Install Dependencies run: yarn install --immutable - - name: 🗃️ Cache Wireit - uses: google/wireit@setup-github-actions-caching/v2 - - name: 🏗️ Build run: yarn build env: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 54f89d6..a8e5e64 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,15 +5,18 @@ name: Build & Lint & Test & Release on: workflow_call: inputs: - node-version: + NODE_VERSION: description: "Node.js version" required: true default: "lts/*" type: string - -env: - NODE_VERSION: lts/* - GPG_KEY_ID: ${{ vars.GPG_KEY_ID }} + secrets: + GPG_KEY_ID: + required: true + description: "GPG key ID" + BOT_TOKEN: + required: true + description: "Nexim Bot token" permissions: contents: write @@ -33,7 +36,7 @@ jobs: - name: 🙂‍↔️ Import GPG key run: | echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import - echo -e "5\ny\n" | gpg --batch --yes --command-fd 0 --edit-key ${{ env.GPG_KEY_ID }} trust quit + echo -e "5\ny\n" | gpg --batch --yes --command-fd 0 --edit-key ${{ secrets.GPG_KEY_ID }} trust quit env: GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} @@ -41,7 +44,7 @@ jobs: run: | git config --global user.name "Nexim Bot" git config --global user.email "bot@thenexim.com" - git config --global user.signingkey ${{ env.GPG_KEY_ID }} + git config --global user.signingkey ${{ secrets.GPG_KEY_ID }} git config --global commit.gpgsign true - name: 🔧 Setup Node.js @@ -67,9 +70,6 @@ jobs: - name: 📥 Install Dependencies run: yarn install --immutable - - name: 🗃️ Cache Wireit - uses: google/wireit@setup-github-actions-caching/v2 - - name: 🏗️ Build run: yarn build env: diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 837990d..e755d76 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -4,6 +4,10 @@ name: Sync labels on: workflow_call: + secrets: + GITHUB_TOKEN: + description: "GitHub token" + required: true permissions: contents: read