diff --git a/.github/workflows/archive_website.yml b/.github/workflows/archive_website.yml index 3ee5f37..1f08468 100644 --- a/.github/workflows/archive_website.yml +++ b/.github/workflows/archive_website.yml @@ -14,11 +14,9 @@ concurrency: jobs: archive: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 - permissions: - issues: write - pull-requests: write + permissions: write-all steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4.1.7 diff --git a/.github/workflows/megalinter.yml b/.github/workflows/megalinter.yml index d66156a..871c949 100644 --- a/.github/workflows/megalinter.yml +++ b/.github/workflows/megalinter.yml @@ -26,14 +26,14 @@ concurrency: jobs: build: name: MegaLinter - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: write-all steps: # Git Checkout - name: Checkout Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4 with: - token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }} fetch-depth: 0 - name: "Import GPG key" @@ -51,7 +51,7 @@ jobs: uses: oxsecurity/megalinter/flavors/javascript@d8c95fc6f2237031fb9e9322b0f97100168afa6e # pin@v8.2.0 env: VALIDATE_ALL_CODEBASE: false - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }} # Upload MegaLinter artifacts - name: Archive production artifacts diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml index 96bb216..07ca865 100644 --- a/.github/workflows/pa11y.yml +++ b/.github/workflows/pa11y.yml @@ -14,7 +14,7 @@ concurrency: jobs: pa11y: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: issues: write @@ -97,7 +97,7 @@ jobs: if: ${{ contains(steps.pa11y_output.outputs.content, 'Accessibility issues detected') }} uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # pin@v2.5.0 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }} message: "
Pa11y testing results ```${{ steps.pa11y_output.outputs.content }}```
" comment_tag: pa11y diff --git a/.github/workflows/preview_button.yml b/.github/workflows/preview_button.yml index 4fa90d0..750b61f 100644 --- a/.github/workflows/preview_button.yml +++ b/.github/workflows/preview_button.yml @@ -14,11 +14,9 @@ concurrency: jobs: button: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 - permissions: - issues: write - pull-requests: write + permissions: write-all steps: - name: Setup custom variables @@ -47,7 +45,7 @@ jobs: - name: Comment on pull request. uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # pin@v2.5.0 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }} message: | ## Preview This Branch diff --git a/.github/workflows/protect_main_branch.yml b/.github/workflows/protect_main_branch.yml index 0c4f398..210d346 100644 --- a/.github/workflows/protect_main_branch.yml +++ b/.github/workflows/protect_main_branch.yml @@ -15,7 +15,7 @@ concurrency: jobs: protect-main-branch: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Check branch run: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d266cb7..38d24b8 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -13,7 +13,7 @@ on: # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: "43 7 * * 3" + - cron: "45 7 * * 3" push: branches: - "staging" @@ -24,15 +24,8 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read + runs-on: ubuntu-22.04 + permissions: write-all steps: - name: "Checkout code" @@ -58,7 +51,7 @@ jobs: # For private repositories: # - `publish_results` will always be set to `false`, regardless # of the value entered here. - publish_results: true + publish_results: false # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index df72bd5..00c094d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,5 +1,5 @@ --- -name: Build and Test +name: Run Tests # yamllint disable-line rule:truthy on: @@ -12,9 +12,10 @@ concurrency: cancel-in-progress: true jobs: - build: - runs-on: ubuntu-latest + test: + name: "Run tests" permissions: write-all + runs-on: ubuntu-22.04 steps: - name: Checkout repository @@ -35,10 +36,10 @@ jobs: - name: Build site run: npm run build - - name: Run tests - run: npm run test - - name: report code coverage uses: ArtiomTr/jest-coverage-report-action@262a7bb0b20c4d1d6b6b026af0f008f78da72788 # pin@v2.3.1 with: + skip-step: install + annotations: none coverage-file: ./report.json + github-token: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}