From fc6564289cc8eb850e83d5eaaa523c5d2075b8d1 Mon Sep 17 00:00:00 2001 From: Christian Fehmer Date: Wed, 22 Jan 2025 15:36:00 +0100 Subject: [PATCH 1/3] ci: Limit permissions for the docker publish workflow (@fehmer) (#6199) --- .github/workflows/publish-docker-images.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml index 9c6bf3cb86fe..792b92561f99 100644 --- a/.github/workflows/publish-docker-images.yml +++ b/.github/workflows/publish-docker-images.yml @@ -1,5 +1,9 @@ name: Publish Docker image + +permissions: + contents: read + on: release: types: [published] From c469ddddffc8f32e3c80cb6d82b5c1dc76c3deff Mon Sep 17 00:00:00 2001 From: Christian Fehmer Date: Wed, 22 Jan 2025 16:19:32 +0100 Subject: [PATCH 2/3] ci: limit permissions for the update labels workflow (@fehmer) (#6200) --- .github/workflows/update-labels.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/update-labels.yml b/.github/workflows/update-labels.yml index 45d6b9ca2d89..13690071c6e8 100644 --- a/.github/workflows/update-labels.yml +++ b/.github/workflows/update-labels.yml @@ -1,5 +1,9 @@ name: Check labels to update +permissions: + actions: read + pull-requests: read + on: pull_request_target: types: From 90590a331df84511d8ad738614077820543e8b11 Mon Sep 17 00:00:00 2001 From: Miodec Date: Thu, 23 Jan 2025 21:15:50 +0100 Subject: [PATCH 3/3] ci: run prettier write on pr label change --- .github/workflows/pretty-fix.yml | 69 +++++++++++++++++--------------- 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/.github/workflows/pretty-fix.yml b/.github/workflows/pretty-fix.yml index 6669033ab3ef..a3e6bbfc4be7 100644 --- a/.github/workflows/pretty-fix.yml +++ b/.github/workflows/pretty-fix.yml @@ -1,48 +1,53 @@ name: Prettier Fix +env: + PNPM_VERSION: "9.6.0" + NODE_VERSION: "20.16.0" + +permissions: + contents: write + on: - workflow_dispatch: - inputs: - reason: - description: "Reason for manually triggering this workflow" - required: false - schedule: - - cron: "0 0 * * 0" + pull_request_target: + types: [labeled] jobs: - prettier-fix: - permissions: write-all + prettify: runs-on: ubuntu-latest + if: github.event.label.name == 'prettify' steps: - - uses: actions/checkout@v4 - - name: Set up date environment variables - run: | - echo "BRANCH_TITLE=pretty-fix-$(date +%s)" >> $GITHUB_ENV - echo "PR_TITLE=Prettier Fix - $(date)" >> $GITHUB_ENV + - name: Checkout code + uses: actions/checkout@v4 - name: Set up Node.js uses: actions/setup-node@v4 with: - node-version: "20.16.0" + node-version: ${{ env.NODE_VERSION }} - - name: Install dependencies - run: npm i prettier@2.5.1 --save-dev --save-exact + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: ${{ env.PNPM_VERSION }} - - name: Pretty Check - run: npm run pretty-fix + - name: Install prettier + run: pnpm add -g prettier@2.8.8 - - name: Create commits - id: commits - continue-on-error: true - run: | - git config user.name 'monkeytypegeorge' - git config user.email 'monkeytypegeorge@gmail.com' - git add . - git commit -m 'refactor: run prettier' + - name: Run Prettier fix + run: pnpm prettier --write . + + - name: Commit changes + uses: stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "prettier fix" - - name: Create pull request - uses: peter-evans/create-pull-request@v4 + - name: Remove label + uses: actions/github-script@v7 with: - branch: ${{ env.BRANCH_TITLE }} - title: ${{ env.PR_TITLE }} - body: ${{ env.PR_TITLE }} + script: | + const { context, github } = require('@actions/github'); + await github.rest.issues.removeLabel({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + name: 'prettify' + }); \ No newline at end of file