Update workflows

.github/workflows/archive_website.yml

@@ -14,11 +14,9 @@ concurrency:
 
 jobs:
   archive:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
-    permissions:
-      issues: write
-      pull-requests: write
+    permissions: write-all
 
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # [email protected]

.github/workflows/megalinter.yml

@@ -26,14 +26,14 @@ concurrency:
 jobs:
   build:
     name: MegaLinter
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions: write-all
     steps:
       # Git Checkout
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
         with:
-          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
           fetch-depth: 0
 
       - name: "Import GPG key"
@@ -51,7 +51,7 @@ jobs:
         uses: oxsecurity/megalinter/flavors/javascript@d8c95fc6f2237031fb9e9322b0f97100168afa6e # [email protected]
         env:
           VALIDATE_ALL_CODEBASE: false
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
 
       # Upload MegaLinter artifacts
       - name: Archive production artifacts

.github/workflows/pa11y.yml

@@ -14,7 +14,7 @@ concurrency:
 
 jobs:
   pa11y:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     permissions:
       issues: write
@@ -97,7 +97,7 @@ jobs:
         if: ${{ contains(steps.pa11y_output.outputs.content, 'Accessibility issues detected') }}
         uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # [email protected]
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
           message: "<details><summary>Pa11y testing results</summary> ```${{ steps.pa11y_output.outputs.content }}``` </details>"
           comment_tag: pa11y
 

.github/workflows/preview_button.yml

@@ -14,11 +14,9 @@ concurrency:
 
 jobs:
   button:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
-    permissions:
-      issues: write
-      pull-requests: write
+    permissions: write-all
 
     steps:
       - name: Setup custom variables
@@ -47,7 +45,7 @@ jobs:
       - name: Comment on pull request.
         uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # [email protected]
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
           message: |
             ## Preview This Branch
 

.github/workflows/protect_main_branch.yml

@@ -15,7 +15,7 @@ concurrency:
 
 jobs:
   protect-main-branch:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Check branch
         run: |

.github/workflows/scorecard.yml

@@ -13,7 +13,7 @@ on:
 
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
-    - cron: "43 7 * * 3"
+    - cron: "45 7 * * 3"
   push:
     branches:
       - "staging"
@@ -24,15 +24,8 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
-      id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
+    runs-on: ubuntu-22.04
+    permissions: write-all
 
     steps:
       - name: "Checkout code"
@@ -58,7 +51,7 @@ jobs:
           # For private repositories:
           #   - `publish_results` will always be set to `false`, regardless
           #     of the value entered here.
-          publish_results: true
+          publish_results: false
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.

.github/workflows/test.yml

@@ -1,5 +1,5 @@
 ---
-name: Build and Test
+name: Run Tests
 
 # yamllint disable-line rule:truthy
 on:
@@ -12,9 +12,10 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
+  test:
+    name: "Run tests"
     permissions: write-all
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout repository
@@ -35,10 +36,10 @@ jobs:
       - name: Build site
         run: npm run build
 
-      - name: Run tests
-        run: npm run test
-
       - name: report code coverage
         uses: ArtiomTr/jest-coverage-report-action@262a7bb0b20c4d1d6b6b026af0f008f78da72788 # [email protected]
         with:
+          skip-step: install
+          annotations: none
           coverage-file: ./report.json
+          github-token: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}