fix: just some horse keeping for pull_request_target

brad-jones · Apr 28, 2021 · dded705 · dded705
1 parent 39ff2c6
commit dded705
Show file tree

Hide file tree

Showing 12 changed files with 1,607 additions and 1,824 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+  # Pointless unless we switch back to using regular old npm
+  # https://github.com/dependabot/dependabot-core/issues/1736
+  #- package-ecosystem: "npm"
+  #  directory: "/"
+  #  schedule:
+  #    interval: "daily"
+  #  commit-message:
+  #    prefix: "build"
+  #    include: "scope"
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,4 +1,8 @@
-on: [push, pull_request]
+on:
+  pull_request_target:
+  push:
+    branches-ignore:
+      - "dependabot/**"
 
 env:
   CI: true
@@ -8,26 +12,65 @@ jobs:
     if: "! contains(github.event.head_commit.message, '[skip ci]')"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: ./cancel-redundant
         with:
           token: ${{ secrets.CANCEL_GITHUB_TOKEN }}
 
+  # TODO: Get some tests running here
+  # I guess we have already tested "cancel-redundant" above, I guess we just
+  # execute the other actions as well? Gotta be careful of the whole pull_request
+  # / pull_request_target vulnerabilities...
+  # test:
+  #   needs: init
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Get Git SHA
+  #       id: gitRef
+  #       run: |
+  #         if [ "${{ github.event_name }}" == 'pull_request_target' ]; then
+  #           echo "::set-output name=sha::${{ github.event.pull_request.head.sha }}"
+  #         else
+  #           echo "::set-output name=sha::${{ github.sha }}"
+  #         fi
+  #     - name: Checkout code
+  #       uses: actions/[email protected]
+  #       with:
+  #         ref: ${{ steps.gitRef.outputs.sha }}
+  #     - name: Read .node-version
+  #       run: echo ::set-output name=NODE_VERSION::$(cat .node-version | xargs)
+  #       id: nvm
+  #     - uses: actions/[email protected]
+  #       with:
+  #         node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
+  #     - uses: pnpm/[email protected]
+  #     - name: Restore node cache
+  #       uses: actions/[email protected]
+  #       with:
+  #         path: ~/.pnpm-store
+  #         key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml') }}
+  #         restore-keys: ${{ runner.os }}-node-
+
   release:
+    if: "! contains(github.event_name, 'pull_request')"
     needs: init
     runs-on: ubuntu-latest
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/[email protected]
+      - name: Read .node-version
+        run: echo ::set-output name=NODE_VERSION::$(cat .node-version | xargs)
+        id: nvm
+      - uses: actions/[email protected]
         with:
-          node-version: "14.x"
-      - run: npm add -g pnpm
-      - uses: actions/cache@v2
+          node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
+      - uses: pnpm/[email protected]
+      - name: Restore node cache
+        uses: actions/[email protected]
         with:
           path: ~/.pnpm-store
-          key: ${{ runner.os }}-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: ${{ runner.os }}-
+          key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: ${{ runner.os }}-node-
       - run: pnpm install
       - run: pnpx semantic-release
diff --git a/.node-version b/.node-version
@@ -1 +1 @@
-14.16.0
+14.16.1
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -26,13 +26,15 @@
 		"Builtins",
 		"commitlint",
 		"dartlang",
+		"dependabot",
 		"macos",
 		"octokit",
 		"onwarn",
 		"pnpm",
 		"pnpx",
 		"rpms",
 		"treeshake",
-		"tslib"
+		"tslib",
+		"xargs"
 	]
 }
diff --git a/cancel-redundant/dist/main.js b/cancel-redundant/dist/main.js
diff --git a/cancel-redundant/package.json b/cancel-redundant/package.json
@@ -2,20 +2,20 @@
 	"private": true,
 	"name": "cancel-redundant",
 	"dependencies": {
-		"@actions/core": "^1.2.6",
+		"@actions/core": "^1.2.7",
 		"@actions/github": "^4.0.0",
 		"encoding": "^0.1.13",
-		"tslib": "^2.1.0"
+		"tslib": "^2.2.0"
 	},
 	"devDependencies": {
-		"@rollup/plugin-commonjs": "^17.1.0",
+		"@rollup/plugin-commonjs": "^18.0.0",
 		"@rollup/plugin-json": "^4.1.0",
-		"@rollup/plugin-node-resolve": "^11.2.0",
-		"@rollup/plugin-typescript": "^8.2.0",
-		"@types/node": "^14.14.33",
+		"@rollup/plugin-node-resolve": "^11.2.1",
+		"@rollup/plugin-typescript": "^8.2.1",
+		"@types/node": "^15.0.1",
 		"rollup-plugin-terser": "^7.0.2",
-		"rollup": "^2.41.0",
-		"typescript": "^4.2.3"
+		"rollup": "^2.45.2",
+		"typescript": "^4.2.4"
 	},
 	"scripts": {
 		"build": "tsc --target ES6 --moduleResolution node rollup.config.ts && rollup --config"

diff --git a/package.json b/package.json
@@ -1,21 +1,21 @@
 {
 	"private": true,
 	"engines": {
-		"node": "^14.16.0",
-		"pnpm": "^5.18.5"
+		"node": "^14.16.1",
+		"pnpm": "^6.2.2"
 	},
 	"dependencies": {
-		"@commitlint/cli": "^12.0.1",
-		"@commitlint/config-conventional": "^12.0.1",
+		"@commitlint/cli": "^12.1.1",
+		"@commitlint/config-conventional": "^12.1.1",
 		"@semantic-release/changelog": "^5.0.1",
 		"@semantic-release/commit-analyzer": "^8.0.1",
 		"@semantic-release/exec": "^5.0.0",
 		"@semantic-release/git": "^9.0.0",
 		"@semantic-release/release-notes-generator": "^9.0.2",
-		"@types/node": "^14.14.33",
+		"@types/node": "^15.0.1",
 		"husky": "^4.3.8",
 		"lint-staged": "^10.5.4",
 		"prettier": "^2.2.1",
-		"semantic-release": "^17.4.1"
+		"semantic-release": "^17.4.2"
 	}
 }