diff --git a/.github/workflows/add_to_octokit_project.yml b/.github/workflows/add_to_octokit_project.yml index e1c53315..936e1f4f 100644 --- a/.github/workflows/add_to_octokit_project.yml +++ b/.github/workflows/add_to_octokit_project.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: true steps: - - uses: actions/add-to-project@v0.6.0 + - uses: actions/add-to-project@v1.0.1 with: project-url: https://github.com/orgs/octokit/projects/10 github-token: ${{ secrets.OCTOKITBOT_PROJECT_ACTION_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1b75c6d9..b314a0db 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d7462a35..3d978b03 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,12 +6,19 @@ - beta - "*.x" name: Release +# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance +permissions: + contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance + jobs: build: name: release runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - uses: actions/setup-node@v4 with: node-version: lts/* diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 04117b13..2ed7b827 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: - 18 - 20 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - name: Test with Node.js ${{ matrix.node_version }} uses: actions/setup-node@v4 with: @@ -38,7 +38,7 @@ jobs: steps: - run: exit 1 if: ${{ needs.test_matrix.result != 'success' }} - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - run: npm ci - run: npm run lint if: ${{ always() }} diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index f1360f4f..0f4e3b39 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -7,7 +7,7 @@ jobs: update_docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - uses: actions/setup-node@v4 with: node-version: 18 diff --git a/.github/workflows/update-prettier.yml b/.github/workflows/update-prettier.yml index a8ebe532..f6fb6af8 100644 --- a/.github/workflows/update-prettier.yml +++ b/.github/workflows/update-prettier.yml @@ -7,7 +7,7 @@ jobs: update_prettier: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - uses: actions/setup-node@v4 with: cache: npm diff --git a/package.json b/package.json index 04ed3b66..b4667f6e 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,8 @@ "name": "@octokit/rest", "version": "0.0.0-development", "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "type": "module", "description": "GitHub REST API client for Node.js",