Update Github actions to reflect security best practices (#2375)
* Update Github actions to reflect security best practices * Upgrade @types/node
This commit is contained in:
Josh Mock
18
.github/workflows/auto-merge.yml
vendored
18
.github/workflows/auto-merge.yml
vendored
@ -1,18 +0,0 @@
|
||||
name: Automerge
|
||||
|
||||
on:
|
||||
pull_request_review:
|
||||
types:
|
||||
- submitted
|
||||
|
||||
jobs:
|
||||
automerge:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.review.state == 'approved'
|
||||
steps:
|
||||
- uses: reitermarkus/automerge@v2
|
||||
with:
|
||||
token: ${{ secrets.GH_TOKEN }}
|
||||
merge-method: squash
|
||||
pull-request-author-associations: OWNER
|
||||
review-author-associations: OWNER,CONTRIBUTOR
|
||||
18
.github/workflows/nodejs.yml
vendored
18
.github/workflows/nodejs.yml
vendored
@ -12,6 +12,8 @@ jobs:
|
||||
src-only: "${{ steps.changes.outputs.src-only }}"
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
- uses: dorny/paths-filter/@v3.0.2
|
||||
id: changes
|
||||
with:
|
||||
@ -35,6 +37,8 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Use Node.js ${{ matrix.node-version }}
|
||||
uses: actions/setup-node@v4
|
||||
@ -59,6 +63,8 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Use Node.js
|
||||
uses: actions/setup-node@v4
|
||||
@ -87,6 +93,8 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Use Bun
|
||||
uses: oven-sh/setup-bun@v2
|
||||
@ -102,13 +110,3 @@ jobs:
|
||||
- name: Unit test
|
||||
run: |
|
||||
bun run test:unit-bun
|
||||
|
||||
auto-approve:
|
||||
name: Auto-approve
|
||||
needs: [test, license]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
pull-requests: write
|
||||
if: github.actor == 'elasticmachine'
|
||||
steps:
|
||||
- uses: hmarr/auto-approve-action@v4
|
||||
|
||||
1
.github/workflows/npm-publish.yml
vendored
1
.github/workflows/npm-publish.yml
vendored
@ -14,6 +14,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
ref: ${{ github.event.inputs.branch }}
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
|
||||
10
.github/workflows/serverless-patch.yml
vendored
10
.github/workflows/serverless-patch.yml
vendored
@ -28,12 +28,14 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
repository: elastic/elasticsearch-js
|
||||
ref: main
|
||||
path: stack
|
||||
fetch-depth: 0
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
repository: elastic/elasticsearch-serverless-js
|
||||
ref: main
|
||||
path: serverless
|
||||
@ -44,8 +46,8 @@ jobs:
|
||||
with:
|
||||
token: ${{ secrets.GH_TOKEN }}
|
||||
path: serverless
|
||||
title: 'Apply patch from elastic/elasticsearch-js#${{ github.event.pull_request.number }}'
|
||||
commit-message: 'Apply patch from elastic/elasticsearch-js#${{ github.event.pull_request.number }}'
|
||||
title: "Apply patch from elastic/elasticsearch-js#${{ github.event.pull_request.number }}"
|
||||
commit-message: "Apply patch from elastic/elasticsearch-js#${{ github.event.pull_request.number }}"
|
||||
body-path: /tmp/pr_body
|
||||
draft: '${{ steps.apply-patch.outputs.PR_DRAFT }}'
|
||||
add-paths: ':!*.rej'
|
||||
draft: "${{ steps.apply-patch.outputs.PR_DRAFT }}"
|
||||
add-paths: ":!*.rej"
|
||||
|
||||
Reference in New Issue
Block a user