From 32b7d0be15cd830fb5fb7775e3b4100dcf1c4612 Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Wed, 23 Nov 2022 10:08:01 +0100 Subject: [PATCH 01/10] Populate workflows folder with reusable workflows --- .github/workflows/check-dist.yml | 68 +++++++++++++++++++++ .github/workflows/codeql-analysis.yml | 56 ++++++++++++++++++ .github/workflows/licensed.yml | 35 +++++++++++ .github/workflows/workflow.yml | 85 +++++++++++++++++++++++++++ 4 files changed, 244 insertions(+) create mode 100644 .github/workflows/check-dist.yml create mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/licensed.yml create mode 100644 .github/workflows/workflow.yml diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml new file mode 100644 index 0000000..47a3d27 --- /dev/null +++ b/.github/workflows/check-dist.yml @@ -0,0 +1,68 @@ +# This workflow helps us to be sure that generated innards of `dist` directory actually match what we expect them to be. +# The `dist` is a special directory in Actions. +# When you reference an action with `uses:` in a workflow, javascript files from `dist` will run. +# In Actions, we generate the dist through a build process from other source files. + +name: Check dist + +on: + workflow_call: + inputs: + dist-path: + description: "Optional input to set a path to the dist folder. If it's not set defaults to './dist'" + required: false + type: string + default: "./dist" + build-command: + description: "Optional input to configure build command in case the default one doesn't suit. If it's not set defaults to 'npm run build'" + required: false + type: string + default: "npm run build" + node-version: + description: "Optional input to set version of node.js. The input syntax corresponds to the setup-node's one." + required: false + type: string + default: "16.x" + node-caching: + description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed" + required: false + type: string + default: "npm" + + +jobs: + check-dist: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Node.js ${{inputs.node-version}} + uses: actions/setup-node@v3 + with: + node-version: ${{inputs.node-version}} + cache: ${{inputs.node-caching}} + + - name: Install dependencies + run: npm ci --ignore-scripts + + - name: Rebuild the dist directory + run: ${{inputs.build-command}} + + - name: Compare the expected and actual dist directories + run: | + if [ "$(git diff --ignore-space-at-eol ${{inputs.folder-path}} | wc -l)" -gt "0" ]; then + echo "Detected uncommitted changes after the build. See the status below:" + git diff + exit 1 + fi + id: diff + + # If inners of the dist directory were different than expected, upload the expected version as an artifact + - name: Upload artifact + if: ${{failure() && steps.diff.conclusion == 'failure'}} + uses: actions/upload-artifact@v3 + with: + name: dist + path: ${{inputs.dist-path}} \ No newline at end of file diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..ec0edef --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,56 @@ +# This workflow helps us to analize repository code for vulnerabilities, bugs, and other errors using CodeQL. +# For that we're using CodeQL Action: https://github.com/github/codeql-action +# Learn more about CodeQL at https://codeql.github.com/ + +name: CodeQL + +on: + workflow_call: + inputs: + languages: + description: "Optional input to set languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript', 'typescript', 'python', 'ruby'. To use multiple languages use the same syntax as used in the default value." + required: false + type: string + default: "['javascript']" + build-command: + description: "Optional input to specify manual build command. Multiline syntax is supported" + required: false + type: string + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ${{fromJson(inputs.languages)}} + + steps: + - name: Checkout + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step. + - name: Autobuild + if: ${{!inputs.build-command}} + uses: github/codeql-action/autobuild@v2 + + - name: Manual build + if: ${{inputs.build-command}} + run: | + ${{inputs.build-command}} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml new file mode 100644 index 0000000..df70d56 --- /dev/null +++ b/.github/workflows/licensed.yml @@ -0,0 +1,35 @@ +# This workflow helps us to check statuses of cached dependencies which we use in the action with help of the Licensed tool. +# Learn more about Licensed at https://github.com/github/licensed + +name: Licensed + +on: + workflow_call: + inputs: + licensed-url: + description: "Optional input to set the url of the required version of the Licenced tool" + required: false + type: string + default: "https://github.com/github/licensed/releases/download/3.9.0/licensed-3.9.0-linux-x64.tar.gz" + +jobs: + validate-cached-dependency-records: + runs-on: ubuntu-latest + name: Check licenses + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - name: Install dependencies + run: npm ci --ignore-scripts + + - name: Install licensed tool + run: | + cd $RUNNER_TEMP + curl -Lfs -o licensed.tar.gz ${{inputs.licensed-url}} + sudo tar -xzf licensed.tar.gz + sudo mv licensed /usr/local/bin/licensed + + - name: Check cached dependency records + run: licensed status \ No newline at end of file diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml new file mode 100644 index 0000000..5ad6227 --- /dev/null +++ b/.github/workflows/workflow.yml @@ -0,0 +1,85 @@ +# This workflow helps us to be sure that the code of the action we're going to deploy: +# 1. Is well-formated +# 2. Is linted +# 3. Successfully builds +# 4. Passes unit-tests +# Additionally node packages used by the action can be audited. +name: CI + +on: + workflow_call: + inputs: + operating-systems: + description: "Optional input to set list of operating systems whick the workflow uses. Defaults to ['ubuntu-latest', 'windows-latest', 'macos-latest'] if not set" + required: false + type: string + default: "['ubuntu-latest', 'windows-latest', 'macos-latest']" + build-command: + description: "Optional input to configure build command in case the default one doesn't suit. Set to an empty string if build isn't needed. Multiline syntax is supported" + required: false + type: string + default: "npm run build" + enable-prettier: + description: "Optional input to enable prettiering process" + required: false + type: boolean + default: true + enable-linter: + description: "Optional input to enable linting process" + required: false + type: boolean + default: true + enable-audit: + description: "Optional input to enable npm package audit process" + required: false + type: boolean + default: true + node-version: + description: "Optional input to set version of node.js. The input syntax corresponds to the setup-node's one." + required: false + type: string + default: "16.x" + node-caching: + description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed" + required: false + type: string + default: "npm" + +jobs: + build: + runs-on: ${{matrix.operating-systems}} + strategy: + fail-fast: false + matrix: + operating-systems: ${{fromJson(inputs.operating-systems)}} + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Node.js ${{inputs.node-version}} + uses: actions/setup-node@v3 + with: + node-version: ${{inputs.node-version}} + cache: ${{inputs.node-caching}} + + - name: Install dependencies + run: npm ci --ignore-scripts + + - name: Run prettier + if: ${{inputs.enable-prettier}} + run: npm run format-check + + - name: Run linter + if: ${{inputs.enable-linter}} + run: npm run lint + + - name: Build + if: ${{inputs.build-command}} + run: ${{inputs.build-command}} + + - name: Test + run: npm run test + + - name: Audit packages + run: npm audit --audit-level=high + if: ${{inputs.enable-audit}} \ No newline at end of file From 6e4d0e1344866d6e2e8ee5379326b5b9fbf797c1 Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Fri, 25 Nov 2022 12:28:50 +0100 Subject: [PATCH 02/10] Update reusable workflows, fix review points --- .../{workflow.yml => basic-validation.yml} | 32 +++++++++---------- .github/workflows/check-dist.yml | 13 ++++---- .github/workflows/licensed.yml | 2 +- 3 files changed, 23 insertions(+), 24 deletions(-) rename .github/workflows/{workflow.yml => basic-validation.yml} (71%) diff --git a/.github/workflows/workflow.yml b/.github/workflows/basic-validation.yml similarity index 71% rename from .github/workflows/workflow.yml rename to .github/workflows/basic-validation.yml index 5ad6227..cd985d0 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/basic-validation.yml @@ -1,10 +1,10 @@ -# This workflow helps us to be sure that the code of the action we're going to deploy: +# This workflow helps to be sure that the code of the action we're going to deploy: # 1. Is well-formated # 2. Is linted # 3. Successfully builds # 4. Passes unit-tests # Additionally node packages used by the action can be audited. -name: CI +name: Basic validation on: workflow_call: @@ -19,23 +19,23 @@ on: required: false type: string default: "npm run build" - enable-prettier: - description: "Optional input to enable prettiering process" + prettier-command: + description: "Optional input to set prettier command. Set to an empty string if prettier isn't needed" required: false - type: boolean - default: true - enable-linter: - description: "Optional input to enable linting process" + type: string + default: "npm run format-check" + linter-command: + description: "Optional input to set linter command. Set to an empty string if linting isn't needed" required: false - type: boolean - default: true + type: string + default: "npm run lint" enable-audit: description: "Optional input to enable npm package audit process" required: false type: boolean default: true node-version: - description: "Optional input to set version of node.js. The input syntax corresponds to the setup-node's one." + description: "Optional input to set version of Node.js used to build a project. The input syntax corresponds to the setup-node's one" required: false type: string default: "16.x" @@ -66,19 +66,19 @@ jobs: run: npm ci --ignore-scripts - name: Run prettier - if: ${{inputs.enable-prettier}} - run: npm run format-check + if: ${{inputs.prettier-command}} + run: ${{inputs.prettier-command}} - name: Run linter - if: ${{inputs.enable-linter}} - run: npm run lint + if: ${{inputs.linter-command}} + run: ${{inputs.linter-command}} - name: Build if: ${{inputs.build-command}} run: ${{inputs.build-command}} - name: Test - run: npm run test + run: npm test - name: Audit packages run: npm audit --audit-level=high diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 47a3d27..d46a596 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -1,7 +1,6 @@ -# This workflow helps us to be sure that generated innards of `dist` directory actually match what we expect them to be. -# The `dist` is a special directory in Actions. -# When you reference an action with `uses:` in a workflow, javascript files from `dist` will run. -# In Actions, we generate the dist through a build process from other source files. +# This workflow helps to be sure that generated innards of `dist` directory actually match what we expect them to be. +# The `dist` is a special directory in Actions which contains distributable JS files. +# In Actions, the `dist` is generated through a build process from other source files. name: Check dist @@ -9,17 +8,17 @@ on: workflow_call: inputs: dist-path: - description: "Optional input to set a path to the dist folder. If it's not set defaults to './dist'" + description: "Optional input to set a path to the dist folder. If it's not set, defaults to './dist'" required: false type: string default: "./dist" build-command: - description: "Optional input to configure build command in case the default one doesn't suit. If it's not set defaults to 'npm run build'" + description: "Optional input to configure build command in case the default one doesn't suit. If it's not set, defaults to 'npm run build'" required: false type: string default: "npm run build" node-version: - description: "Optional input to set version of node.js. The input syntax corresponds to the setup-node's one." + description: "Optional input to set version of Node.js used to build a project. The input syntax corresponds to the setup-node's one" required: false type: string default: "16.x" diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index df70d56..31fc2bd 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -1,4 +1,4 @@ -# This workflow helps us to check statuses of cached dependencies which we use in the action with help of the Licensed tool. +# This workflow helps to check statuses of cached dependencies used in the action with help of the Licensed tool. # Learn more about Licensed at https://github.com/github/licensed name: Licensed From 56969017e641198cfa90407e5222d04bca0d437a Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Fri, 25 Nov 2022 12:33:51 +0100 Subject: [PATCH 03/10] Update workflows, fix review points --- .github/workflows/basic-validation.yml | 2 +- .github/workflows/codeql-analysis.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/basic-validation.yml b/.github/workflows/basic-validation.yml index cd985d0..02746aa 100644 --- a/.github/workflows/basic-validation.yml +++ b/.github/workflows/basic-validation.yml @@ -20,7 +20,7 @@ on: type: string default: "npm run build" prettier-command: - description: "Optional input to set prettier command. Set to an empty string if prettier isn't needed" + description: "Optional input to set prettier command. Set to an empty string if prettiering isn't needed" required: false type: string default: "npm run format-check" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ec0edef..b19c21b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,5 +1,5 @@ -# This workflow helps us to analize repository code for vulnerabilities, bugs, and other errors using CodeQL. -# For that we're using CodeQL Action: https://github.com/github/codeql-action +# This workflow helps to analize repository code for vulnerabilities, bugs, and other errors using CodeQL. +# For that CodeQL Action is used: https://github.com/github/codeql-action # Learn more about CodeQL at https://codeql.github.com/ name: CodeQL From 10ebc94cac3357c79d0c257ab3d02e8a0e9e41ed Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Tue, 29 Nov 2022 15:51:17 +0100 Subject: [PATCH 04/10] Fix review points --- .github/workflows/basic-validation.yml | 24 +++--------------------- .github/workflows/check-dist.yml | 7 +------ .github/workflows/codeql-analysis.yml | 19 ++++++++++--------- .github/workflows/licensed.yml | 8 +------- 4 files changed, 15 insertions(+), 43 deletions(-) diff --git a/.github/workflows/basic-validation.yml b/.github/workflows/basic-validation.yml index 02746aa..506a7d8 100644 --- a/.github/workflows/basic-validation.yml +++ b/.github/workflows/basic-validation.yml @@ -14,21 +14,6 @@ on: required: false type: string default: "['ubuntu-latest', 'windows-latest', 'macos-latest']" - build-command: - description: "Optional input to configure build command in case the default one doesn't suit. Set to an empty string if build isn't needed. Multiline syntax is supported" - required: false - type: string - default: "npm run build" - prettier-command: - description: "Optional input to set prettier command. Set to an empty string if prettiering isn't needed" - required: false - type: string - default: "npm run format-check" - linter-command: - description: "Optional input to set linter command. Set to an empty string if linting isn't needed" - required: false - type: string - default: "npm run lint" enable-audit: description: "Optional input to enable npm package audit process" required: false @@ -66,16 +51,13 @@ jobs: run: npm ci --ignore-scripts - name: Run prettier - if: ${{inputs.prettier-command}} - run: ${{inputs.prettier-command}} + run: npm run format-check - name: Run linter - if: ${{inputs.linter-command}} - run: ${{inputs.linter-command}} + run: npm run lint - name: Build - if: ${{inputs.build-command}} - run: ${{inputs.build-command}} + run: npm run build - name: Test run: npm test diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index d46a596..6f95b64 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -12,11 +12,6 @@ on: required: false type: string default: "./dist" - build-command: - description: "Optional input to configure build command in case the default one doesn't suit. If it's not set, defaults to 'npm run build'" - required: false - type: string - default: "npm run build" node-version: description: "Optional input to set version of Node.js used to build a project. The input syntax corresponds to the setup-node's one" required: false @@ -47,7 +42,7 @@ jobs: run: npm ci --ignore-scripts - name: Rebuild the dist directory - run: ${{inputs.build-command}} + run: npm run build - name: Compare the expected and actual dist directories run: | diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b19c21b..e36234c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -7,11 +7,10 @@ name: CodeQL on: workflow_call: inputs: - languages: - description: "Optional input to set languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript', 'typescript', 'python', 'ruby'. To use multiple languages use the same syntax as used in the default value." + codeql-cfg-path: + description: "Optional input to set path to the CodeQL config file" required: false type: string - default: "['javascript']" build-command: description: "Optional input to specify manual build command. Multiline syntax is supported" required: false @@ -26,20 +25,22 @@ jobs: contents: read security-events: write - strategy: - fail-fast: false - matrix: - language: ${{fromJson(inputs.languages)}} - steps: - name: Checkout uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL + if: ${{!inputs.codeql-cfg-path}} + uses: github/codeql-action/init@v2 + + - name: Initialize CodeQL with config file + if: ${{inputs.codeql-cfg-path}} uses: github/codeql-action/init@v2 with: - languages: ${{ matrix.language }} + config-file: ${{inputs.codeql-cfg-path}} + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step. diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index 31fc2bd..67f0aec 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -5,12 +5,6 @@ name: Licensed on: workflow_call: - inputs: - licensed-url: - description: "Optional input to set the url of the required version of the Licenced tool" - required: false - type: string - default: "https://github.com/github/licensed/releases/download/3.9.0/licensed-3.9.0-linux-x64.tar.gz" jobs: validate-cached-dependency-records: @@ -27,7 +21,7 @@ jobs: - name: Install licensed tool run: | cd $RUNNER_TEMP - curl -Lfs -o licensed.tar.gz ${{inputs.licensed-url}} + curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.9.0/licensed-3.9.0-linux-x64.tar.gz sudo tar -xzf licensed.tar.gz sudo mv licensed /usr/local/bin/licensed From 1ecc921b174cb8ab1a9fdcf74549e0fec20094ce Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Tue, 29 Nov 2022 15:55:13 +0100 Subject: [PATCH 05/10] Fix identation --- .github/workflows/check-dist.yml | 1 - .github/workflows/codeql-analysis.yml | 4 +--- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 6f95b64..703a653 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -22,7 +22,6 @@ on: required: false type: string default: "npm" - jobs: check-dist: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e36234c..60d2543 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -8,7 +8,7 @@ on: workflow_call: inputs: codeql-cfg-path: - description: "Optional input to set path to the CodeQL config file" + description: "Optional input to set path to a CodeQL config file" required: false type: string build-command: @@ -39,8 +39,6 @@ jobs: uses: github/codeql-action/init@v2 with: config-file: ${{inputs.codeql-cfg-path}} - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step. From 44fdc52e089476f4f0ca1cc1aad95f124fe4290d Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Tue, 29 Nov 2022 15:56:31 +0100 Subject: [PATCH 06/10] Fix identation --- .github/workflows/basic-validation.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/basic-validation.yml b/.github/workflows/basic-validation.yml index 506a7d8..9cdd5ae 100644 --- a/.github/workflows/basic-validation.yml +++ b/.github/workflows/basic-validation.yml @@ -4,6 +4,7 @@ # 3. Successfully builds # 4. Passes unit-tests # Additionally node packages used by the action can be audited. + name: Basic validation on: From bc096e66e74e2dfa92a178046f47381c47010905 Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Wed, 30 Nov 2022 10:01:43 +0100 Subject: [PATCH 07/10] Fix review points --- .github/workflows/licensed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index 67f0aec..a7e8c95 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -20,7 +20,7 @@ jobs: - name: Install licensed tool run: | - cd $RUNNER_TEMP + cd "$RUNNER_TEMP" curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.9.0/licensed-3.9.0-linux-x64.tar.gz sudo tar -xzf licensed.tar.gz sudo mv licensed /usr/local/bin/licensed From 04faf9a5368ee7396f5771edda625bf76ca8498f Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Thu, 1 Dec 2022 11:32:27 +0100 Subject: [PATCH 08/10] Update codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 60d2543..a991d0e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -7,6 +7,11 @@ name: CodeQL on: workflow_call: inputs: + languages: + description: "Optional input to set languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript', 'typescript', 'python', 'ruby'. To use multiple languages use the same syntax as used in the default value." + required: false + type: string + default: "['javascript']" codeql-cfg-path: description: "Optional input to set path to a CodeQL config file" required: false @@ -25,20 +30,21 @@ jobs: contents: read security-events: write + strategy: + fail-fast: false + matrix: + language: ${{fromJson(inputs.languages)}} + steps: - name: Checkout uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - if: ${{!inputs.codeql-cfg-path}} - uses: github/codeql-action/init@v2 - - name: Initialize CodeQL with config file - if: ${{inputs.codeql-cfg-path}} uses: github/codeql-action/init@v2 with: config-file: ${{inputs.codeql-cfg-path}} + languages: ${{matrix.language}} # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step. From 5d72250c528895cb9c456bd93681ca771dc6c486 Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Thu, 1 Dec 2022 12:20:23 +0100 Subject: [PATCH 09/10] Update codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a991d0e..be2a46a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,11 +40,11 @@ jobs: uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL with config file + - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: - config-file: ${{inputs.codeql-cfg-path}} languages: ${{matrix.language}} + config-file: ${{inputs.codeql-cfg-path}} # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step. From 6e8c858c03baa8f1fbab0937b75d8bd2364c8aad Mon Sep 17 00:00:00 2001 From: IvanZosimov Date: Fri, 2 Dec 2022 13:59:03 +0100 Subject: [PATCH 10/10] Fix wordings --- .github/workflows/basic-validation.yml | 6 +++--- .github/workflows/check-dist.yml | 8 ++++---- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/licensed.yml | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/basic-validation.yml b/.github/workflows/basic-validation.yml index 9cdd5ae..c58d612 100644 --- a/.github/workflows/basic-validation.yml +++ b/.github/workflows/basic-validation.yml @@ -1,4 +1,4 @@ -# This workflow helps to be sure that the code of the action we're going to deploy: +# This workflow helps ensure that the code of the action we're going to deploy: # 1. Is well-formated # 2. Is linted # 3. Successfully builds @@ -11,7 +11,7 @@ on: workflow_call: inputs: operating-systems: - description: "Optional input to set list of operating systems whick the workflow uses. Defaults to ['ubuntu-latest', 'windows-latest', 'macos-latest'] if not set" + description: "Optional input to set a list of operating systems which the workflow uses. Defaults to ['ubuntu-latest', 'windows-latest', 'macos-latest'] if not set" required: false type: string default: "['ubuntu-latest', 'windows-latest', 'macos-latest']" @@ -21,7 +21,7 @@ on: type: boolean default: true node-version: - description: "Optional input to set version of Node.js used to build a project. The input syntax corresponds to the setup-node's one" + description: "Optional input to set the version of Node.js used to build the project. The input syntax corresponds to the setup-node's one" required: false type: string default: "16.x" diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 703a653..d2ce159 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -1,5 +1,5 @@ -# This workflow helps to be sure that generated innards of `dist` directory actually match what we expect them to be. -# The `dist` is a special directory in Actions which contains distributable JS files. +# This workflow helps ensure that generated innards of `dist` directory match what we expect them to be. +# The `dist` is a particular directory in Actions that contains distributable JS files. # In Actions, the `dist` is generated through a build process from other source files. name: Check dist @@ -8,12 +8,12 @@ on: workflow_call: inputs: dist-path: - description: "Optional input to set a path to the dist folder. If it's not set, defaults to './dist'" + description: "Optional input to set a path to the dist folder. If it's not set, it defaults to './dist'" required: false type: string default: "./dist" node-version: - description: "Optional input to set version of Node.js used to build a project. The input syntax corresponds to the setup-node's one" + description: "Optional input to set the version of Node.js used to build a project. The input syntax corresponds to the setup-node's one" required: false type: string default: "16.x" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index be2a46a..923dadb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,4 +1,4 @@ -# This workflow helps to analize repository code for vulnerabilities, bugs, and other errors using CodeQL. +# This workflow helps to analyze repository code for vulnerabilities, bugs, and other errors using CodeQL. # For that CodeQL Action is used: https://github.com/github/codeql-action # Learn more about CodeQL at https://codeql.github.com/ @@ -8,7 +8,7 @@ on: workflow_call: inputs: languages: - description: "Optional input to set languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript', 'typescript', 'python', 'ruby'. To use multiple languages use the same syntax as used in the default value." + description: "Optional input to set languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript', 'typescript', 'python', 'ruby'. To set multiple languages, use the same syntax as you can see in the default value." required: false type: string default: "['javascript']" @@ -17,7 +17,7 @@ on: required: false type: string build-command: - description: "Optional input to specify manual build command. Multiline syntax is supported" + description: "Optional input to specify manual build command. The multiline syntax is supported" required: false type: string diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index a7e8c95..6f182d4 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -1,4 +1,4 @@ -# This workflow helps to check statuses of cached dependencies used in the action with help of the Licensed tool. +# This workflow helps to check the statuses of cached dependencies used in action with the help of the Licensed tool. # Learn more about Licensed at https://github.com/github/licensed name: Licensed