diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index b6ff0a0..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,18 +0,0 @@ -# Set update schedule for GitHub Actions -# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot - -# version: 2 -# updates: - -# - package-ecosystem: "github-actions" -# directory: "/" -# schedule: -# # Check for updates to GitHub Actions every weekday -# interval: "daily" - -# # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates -# # Maintain dependencies for npm -# - package-ecosystem: "npm" -# directory: "/" -# schedule: -# interval: "daily" diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 94f25ac..80ec8b7 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -9,7 +9,7 @@ jobs: name: build-test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 # https://docs.github.com/en/free-pro-team@latest/actions/guides/building-and-testing-nodejs # https://github.com/actions/setup-node/ - uses: actions/setup-node@v3 @@ -28,7 +28,7 @@ jobs: - run: sleep 6 - run: npm test - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -43,7 +43,7 @@ jobs: - name: Test Building Docker Image id: docker_build # https://github.com/docker/build-push-action - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: push: false tags: ghcr.io/carlsonp/kort:latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..0265ecf --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,41 @@ +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: "55 8 * * 6" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ javascript ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index fd2e190..cb1627b 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6d2a7ad..e562d78 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 # https://stackoverflow.com/questions/58177786/get-the-current-pushed-tag-in-github-actions - name: Find tag name run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV @@ -62,7 +62,7 @@ jobs: env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -77,7 +77,7 @@ jobs: - name: Build and push docker id: docker_build # https://github.com/docker/build-push-action - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: push: true tags: ghcr.io/carlsonp/kort:latest