Compare commits
13 Commits
v2.1.0
..
743a101a56
| Author | SHA1 | Date | |
|---|---|---|---|
 renovate-bot
|
743a101a56 | ||
 JonKazama-Hellion
|
a5958d47a4 | ||
|
renovate-bot
|
99c61cf7e3 | ||
|
JonKazama-Hellion
|
32f4c92f1b | ||
|
renovate-bot
|
4c7a33a6fa | ||
|
JonKazama-Hellion
|
9eb0bc1c3e | ||
|
renovate-bot
|
0fb0eec7df | ||
|
JonKazama-Hellion
|
0d4708bf11 | ||
|
renovate-bot
|
f2b070e201 | ||
|
JonKazama-Hellion
|
8176f91d4c | ||
|
JonKazama-Hellion
|
d68bb35e7a | ||
|
renovate-bot
|
10c70f8bf9 | ||
|
JonKazama-Hellion
|
28b9061756 |
@@ -0,0 +1,13 @@
|
||||
name: Security
|
||||
on:
|
||||
push:
|
||||
branches: [main, master]
|
||||
pull_request:
|
||||
schedule:
|
||||
- cron: '0 6 * * 1'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
scan:
|
||||
uses: JonKazama-Hellion/security-workflows/.gitea/workflows/security-scan.yml@main
|
||||
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Projektstruktur prüfen
|
||||
run: |
|
||||
|
||||
@@ -15,7 +15,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Extract version from tag
|
||||
id: version
|
||||
@@ -53,7 +53,7 @@ jobs:
|
||||
cat checksums-sha256.txt
|
||||
|
||||
- name: Create GitHub Release
|
||||
uses: softprops/action-gh-release@v2
|
||||
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
|
||||
with:
|
||||
name: "Hellion NewTab ${{ steps.version.outputs.tag }}"
|
||||
body: |
|
||||
|
||||
@@ -20,15 +20,15 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v3
|
||||
uses: github/codeql-action/init@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3
|
||||
with:
|
||||
languages: javascript
|
||||
|
||||
- name: Run CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v3
|
||||
uses: github/codeql-action/analyze@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3
|
||||
|
||||
dependency-review:
|
||||
name: Dependency Review
|
||||
@@ -36,7 +36,7 @@ jobs:
|
||||
if: github.event_name == 'pull_request'
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Dependency Review
|
||||
uses: actions/dependency-review-action@v4
|
||||
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
|
||||
|
||||
@@ -0,0 +1,55 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended",
|
||||
":dependencyDashboard",
|
||||
":semanticCommits",
|
||||
":timezone(Europe/Berlin)",
|
||||
"schedule:weekly"
|
||||
],
|
||||
"labels": ["dependencies", "renovate"],
|
||||
"assignees": ["JonKazama-Hellion"],
|
||||
"prHourlyLimit": 10,
|
||||
"prConcurrentLimit": 20,
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"packageRules": [
|
||||
{
|
||||
"description": "Group all minor and patch updates per ecosystem in one PR",
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"groupName": "minor and patch updates ({{manager}})"
|
||||
},
|
||||
{
|
||||
"description": "Major updates always get their own PR with breaking-change label",
|
||||
"matchUpdateTypes": ["major"],
|
||||
"labels": ["dependencies", "major-update", "breaking-change"],
|
||||
"addLabels": ["needs-review"]
|
||||
},
|
||||
{
|
||||
"description": "TypeScript type definitions stay grouped with each other",
|
||||
"groupName": "type definitions",
|
||||
"matchPackageNames": [
|
||||
"@types/{/,}**"
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": "Dev dependencies in their own group",
|
||||
"matchDepTypes": ["devDependencies"],
|
||||
"groupName": "dev dependencies"
|
||||
},
|
||||
{
|
||||
"description": "Pin GitHub Action versions by SHA for supply-chain hygiene",
|
||||
"matchManagers": ["github-actions"],
|
||||
"pinDigests": true
|
||||
}
|
||||
],
|
||||
"vulnerabilityAlerts": {
|
||||
"labels": ["security", "vulnerability"],
|
||||
"schedule": ["at any time"]
|
||||
},
|
||||
"lockFileMaintenance": {
|
||||
"enabled": true,
|
||||
"schedule": ["before 6am on monday"],
|
||||
"commitMessageAction": "Refresh"
|
||||
},
|
||||
"osvVulnerabilityAlerts": true
|
||||
}
|
||||
Reference in New Issue
Block a user