Define permissions in workflows and update actions
#531
Conversation
joshmgross
temporarily deployed
to
debug-integration-test
GitHub Actions
Inactive
|
Hello from actions/github-script! (e4e4c24) |
| @@ -3,7 +3,7 @@ description: 'Set up node and install dependencies' | |||
| runs: | |||
| using: 'composite' | |||
| steps: | |||
| - uses: actions/setup-node@v3 | |||
| - uses: actions/setup-node@v4 | |||
There was a problem hiding this comment.
I noticed Dependabot missed this one. I can't recall if there was an issue with nested actions before, but did you want a PR to add the extra job?
There was a problem hiding this comment.
Is that something we can configure with Dependabot or a feature gap?
There was a problem hiding this comment.
I think I tried it before with a different directory value, but I don't remember if there was an issue https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#enabling-dependabot-version-updates-for-actions.
I'll send something over, but don't hold this up on my part. I think you'll see it in the Insights>Dependancies tab after if it "works"
| @@ -17,4 +17,4 @@ jobs: | |||
| uses: actions/checkout@v4 | |||
| - name: Publish | |||
| id: publish | |||
| uses: actions/[email protected].3 | |||
| uses: actions/[email protected].4 | |||
There was a problem hiding this comment.
There is a typo in the current string that Dependabot fixed in its PR
| uses: actions/publish-immutable-action@0.0.4 | |
| uses: actions/publish-immutable-action@v0.0.4 |
There was a problem hiding this comment.
This is actually a feature of immutable actions, it will be available more broadly soon - github/roadmap#592
With semantic versioning of actions, the v is optional.
There was a problem hiding this comment.
Interesting, just noticed because VSCode also complains about the missing v, since it tries to resolve a tag that doesn't exist (without the v)
There was a problem hiding this comment.
Good catch! I'll pass that along to the team
I noticed that Dependabot triggered workflows were failing due to permissions not being defined (Dependabot defaults to read only permissions if none are defined) - #523
This PR defines
permissionsfor every workflow, updates action references, and removes the unused stale workflow which I disabled a long time ago.