Actions improvement #43

demosjarco · 2023-05-23T05:58:08Z

Allow each matrix run to continue if a different version fails
Added the node versions since original file writing
Use step-security's action to secure and monitor actions (recommended to be used on every action on a ubuntu runner)
Updated actions inside tool to latest major versions
Have the node version check for latest minor/patch version & use caching to speed up process

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1.0.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v1.0.3...v3.1.4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v1...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 1 to 3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v1...v3) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

This should be done for security and consistency reasons

This reverts commit f983488.

fent · 2023-05-24T01:31:38Z

.github/dependabot.yml

@@ -0,0 +1,20 @@
+# To get started with Dependabot version updates, you'll need to specify which


fent · 2023-05-24T01:33:32Z

.github/workflows/nodejs.yml


    - name: npm install, build, and test
      run: |
        npm install
        npm run build --if-present
        npm test

-    - uses: codecov/codecov-action@v1.0.3
+    - uses: codecov/codecov-action@v3.1.4


let's go straight to v3

fent · 2023-05-24T01:42:55Z

.github/workflows/nodejs.yml

      matrix:
-        node-version: [10.x, 12.x, 14.x]
+        node-version: [10.x, 12.x, 14.x, 16.x, 18.x, 20.x]


it's fine to only include the last 3 since those are the ones that currently have lts

fent · 2023-05-24T04:15:49Z

.github/workflows/nodejs.yml

        os: [ubuntu-latest]

    steps:
-    - uses: actions/checkout@v1
+    - uses: step-security/harden-runner@v2


this is cool!

demosjarco and others added 11 commits May 22, 2023 22:42

Create dependabot.yml

045918d

Added support for newer node versions

14a2ae1

Allow running through every version of node

c1bd7cf

Always get latest node minor/patch

12c8660

Cache npm

7b93566

Secure and monitor workflows

bcddf8e

Use ci in automation

f983488

This should be done for security and consistency reasons

Revert "Use ci in automation"

ce982f4

This reverts commit f983488.

fent requested changes May 24, 2023

View reviewed changes

demosjarco closed this Oct 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Actions improvement #43

Actions improvement #43

demosjarco commented May 23, 2023

fent May 24, 2023

fent May 24, 2023

fent May 24, 2023

fent May 24, 2023

		@@ -0,0 +1,20 @@
		# To get started with Dependabot version updates, you'll need to specify which

Actions improvement #43

Actions improvement #43

Conversation

demosjarco commented May 23, 2023

fent May 24, 2023

Choose a reason for hiding this comment

fent May 24, 2023

Choose a reason for hiding this comment

fent May 24, 2023

Choose a reason for hiding this comment

fent May 24, 2023

Choose a reason for hiding this comment