refactor: use and upgrade gh actions (#419)

* refactor: use pnpm * chore: use node 20 * chore(ci): upgrade dependency-review gh wf * chore(ci): remove port reporting * chore(ci): use pnpm and upgrade node to 20 * chore(ci): upgrade checkout action and use pnpm * chore(ci): upgrade checkout * chore(ci): add dependabot config for gh actions * chore(ci): fix dependabot config * chore(ci): update permissions for dependency review workflow * chore(ci): upgrade CodeQL actions to v3 and add SARIF results upload step * chore(ci): remove SARIF results upload step from CodeQL analysis
dipakparmar · Oct 1, 2024 · 4153943 · 4153943
1 parent cc2d916
commit 4153943
Show file tree

Hide file tree

Showing 12 changed files with 13,617 additions and 11,631 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -7,7 +7,16 @@ updates:
     # Check the npm registry for updates every day (weekdays)
     schedule:
       interval: "weekly"
+    versioning-strategy: increase-if-necessary
     groups:
       docusaurus:
         patterns:
         - "@docusaurus/*"
+
+  # Enable version updates for GitHub Actions workflows
+  - package-ecosystem: "github-actions"
+    # Look for workflow files in the `.github/workflows` directory
+    directory: ".github/workflows"
+    # Check the GitHub Actions API for updates every day (weekdays)
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -43,7 +43,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -9,12 +9,17 @@ on: [pull_request]
 
 permissions:
   contents: read
+  pull-requests: write
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v1
+        uses: actions/dependency-review-action@v4
+        with:
+          show-openssf-scorecard: true
+          comment-summary-in-pr: true
+          fail-on-severity: 'high'
diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml
@@ -23,11 +23,14 @@ jobs:
       url: ${{ steps.deploy.outputs.url }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
       - name: Install Vercel CLI
-        run: npm install --global vercel@latest
+        run: pnpm add --global vercel@latest
       - name: Pull Vercel Environment Information
         run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }}
       - name: Build Project Artifacts

diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -23,11 +23,14 @@ jobs:
       url: ${{ steps.deploy.outputs.url }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
       - name: Install Vercel CLI
-        run: npm install --global vercel@latest
+        run: pnpm add --global vercel@latest
       - name: Pull Vercel Environment Information
         run: vercel pull --yes --environment=production --token=${{ secrets.VERCEL_TOKEN }}
       - name: Build Project Artifacts

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,17 +7,19 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Use Node.js 18.x
-        uses: actions/setup-node@v3
+      - name: Use Node.js
+        uses: actions/setup-node@v4
         with:
-          node-version: 18.x
+          node-version: 20.x
 
-      - name: Install deps and build
-        run: yarn
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
+          run_install: true
 
       - name: Setup Git
         run: |

diff --git a/.github/workflows/report-sdlc-to-port.yml b/.github/workflows/report-sdlc-to-port.yml
diff --git a/.gitignore b/.gitignore
@@ -18,5 +18,4 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
-pnpm-lock.yaml*
 .vercel
diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-18
+20
diff --git a/package.json b/package.json
@@ -76,6 +76,6 @@
     ]
   },
   "engines": {
-    "node": ">=18.0"
+    "node": ">=20.0"
   }
 }