diff --git a/.github/actions/codeql-analysis/action.yml b/.github/actions/codeql-analysis/action.yml deleted file mode 100644 index 735cba94..00000000 --- a/.github/actions/codeql-analysis/action.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: 'CodeQL Analysis' -description: 'Perform code scanning for vulnerabilities' -inputs: - languages: - description: 'CodeQL Languages' - required: true -runs: - using: "composite" - steps: - - name: 'Checkout repository' - uses: actions/checkout@v3 - - name: 'Initialize CodeQL' - uses: github/codeql-action/init@v2 - with: - languages: ${{ inputs.languages }} - - name: 'Autobuild' - uses: github/codeql-action/autobuild@v2 - - name: 'Perform CodeQL Analysis' - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/create-pre-release.yml b/.github/workflows/create-pre-release.yml index e8754bf8..aa5d85e0 100644 --- a/.github/workflows/create-pre-release.yml +++ b/.github/workflows/create-pre-release.yml @@ -31,6 +31,10 @@ env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} +permissions: + contents: write + packages: write + jobs: build: if: ${{ github.actor != 'dependabot'}} @@ -46,15 +50,15 @@ jobs: cache: 'npm' - run: npm install - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 - name: Log in to the Container registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build Docker Image Locally - uses: docker/build-push-action@master + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . file: ./Dockerfile @@ -73,7 +77,7 @@ jobs: - run: echo "${{ github.ref }}" - name: Tag a final release id: prerelease - uses: actionsdesk/semver@0.6.0-rc.10 + uses: actionsdesk/semver@82aa4310e4e21c59cd0020007a4278e733e81dcb with: bump: ${{ inputs.bump }} prerelease: ${{ inputs.prerelease }} @@ -81,7 +85,7 @@ jobs: commitish: ${{ github.ref }} - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@master + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . file: ./Dockerfile diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 55421620..689fbd5f 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -9,6 +9,10 @@ env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} +permissions: + contents: write + packages: write + jobs: build: if: ${{ github.actor != 'dependabot'}} @@ -24,15 +28,15 @@ jobs: cache: "npm" - run: npm install - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 - name: Log in to the Container registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build Docker Image Locally - uses: docker/build-push-action@master + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . file: ./Dockerfile @@ -50,12 +54,12 @@ jobs: curl http://localhost:3000 - name: Tag a final release id: finalrelease - uses: actionsdesk/semver@0.6.0-rc.10 + uses: actionsdesk/semver@82aa4310e4e21c59cd0020007a4278e733e81dcb with: bump: final - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@master + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . file: ./Dockerfile diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index 9b4137e3..4a92db41 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -29,12 +29,12 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 - - uses: azure/login@v2 + - uses: azure/login@a65d910e8af852a8061c627c456678983e180302 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - uses: azure/aks-set-context@v4 + - uses: azure/aks-set-context@feeca6405be94202afcb1c395616ff29b1811b9f with: resource-group: ${{env.AZURE_RESOURCE_GROUP}} cluster-name: ${{env.AZURE_AKS_CLUSTER}} @@ -42,14 +42,14 @@ jobs: - run: | kubectl get deployment - name: app-env - uses: azure/k8s-create-secret@v5 + uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 with: namespace: 'default' secret-type: 'generic' arguments: --from-literal=APP_ID=${{ secrets.APP_ID }} --from-literal=PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} --from-literal=WEBHOOK_SECRET=${{ secrets.WEBHOOK_SECRET }} secret-name: app-env - name: Set imagePullSecret - uses: azure/k8s-create-secret@v5 + uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 with: namespace: ${{env.AZURE_AKS_NAMESPACE}} container-registry-url: ${{env.IMAGE_REGISTRY_URL}} diff --git a/.github/workflows/node-ci.yml b/.github/workflows/node-ci.yml index d599430e..5db222f6 100644 --- a/.github/workflows/node-ci.yml +++ b/.github/workflows/node-ci.yml @@ -2,6 +2,9 @@ name: Node.js CI on: pull_request: +permissions: + contents: read + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/rc-release.yml b/.github/workflows/rc-release.yml index e00e8716..27732045 100644 --- a/.github/workflows/rc-release.yml +++ b/.github/workflows/rc-release.yml @@ -35,7 +35,7 @@ jobs: - name: Tag a rc release if: ${{ !github.event.pull_request.head.repo.fork }} id: rcrelease - uses: actionsdesk/semver@0.6.0-rc.10 + uses: actionsdesk/semver@82aa4310e4e21c59cd0020007a4278e733e81dcb with: prerelease: withBuildNumber prelabel: rc @@ -60,7 +60,7 @@ jobs: - run: echo ${{ github.actor }} - name: Log in to the Container registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -68,15 +68,15 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 with: images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 - name: Build and push Docker image - uses: docker/build-push-action@master + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . push: true diff --git a/package-lock.json b/package-lock.json index 0e268c59..c72e1712 100644 --- a/package-lock.json +++ b/package-lock.json @@ -34,7 +34,7 @@ "jest-when": "^3.5.2", "lockfile-lint": "^4.12.1", "nock": "^13.5.4", - "nodemon": "^2.0.22", + "nodemon": "^3.1.9", "npm-run-all": "^4.1.5", "smee-client": "^1.2.2", "standard": "^17.1.0" @@ -3696,10 +3696,11 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -4898,9 +4899,10 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -4921,7 +4923,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -4936,6 +4938,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express-handlebars": { @@ -8375,12 +8381,13 @@ } }, "node_modules/micromatch": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", - "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", "dev": true, + "license": "MIT", "dependencies": { - "braces": "^3.0.2", + "braces": "^3.0.3", "picomatch": "^2.3.1" }, "engines": { @@ -8596,18 +8603,19 @@ "dev": true }, "node_modules/nodemon": { - "version": "2.0.22", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.22.tgz", - "integrity": "sha512-B8YqaKMmyuCO7BowF1Z1/mkPqLk6cs/l63Ojtd6otKjMx47Dq1utxfRxcavH1I7VSaL8n5BUaoutadnsX3AAVQ==", + "version": "3.1.9", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.9.tgz", + "integrity": "sha512-hdr1oIb2p6ZSxu3PB2JWWYS7ZQ0qvaZsc3hK8DR8f02kRzc8rjYmxAIvdz+aYC+8F2IjNaB7HMcSDg8nQpJxyg==", "dev": true, + "license": "MIT", "dependencies": { "chokidar": "^3.5.2", - "debug": "^3.2.7", + "debug": "^4", "ignore-by-default": "^1.0.1", "minimatch": "^3.1.2", "pstree.remy": "^1.1.8", - "semver": "^5.7.1", - "simple-update-notifier": "^1.0.7", + "semver": "^7.5.3", + "simple-update-notifier": "^2.0.0", "supports-color": "^5.5.0", "touch": "^3.1.0", "undefsafe": "^2.0.5" @@ -8616,31 +8624,13 @@ "nodemon": "bin/nodemon.js" }, "engines": { - "node": ">=8.10.0" + "node": ">=10" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/nodemon" } }, - "node_modules/nodemon/node_modules/debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", - "dev": true, - "dependencies": { - "ms": "^2.1.1" - } - }, - "node_modules/nodemon/node_modules/semver": { - "version": "5.7.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", - "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, "node_modules/nopt": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/nopt/-/nopt-1.0.10.tgz", @@ -8712,10 +8702,11 @@ } }, "node_modules/npm-run-all/node_modules/cross-spawn": { - "version": "6.0.5", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz", - "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==", + "version": "6.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz", + "integrity": "sha512-VqCUuhcd1iB+dsv8gxPttb5iZh/D0iubSP21g36KXdEuf6I5JiioesUVjpCdHV9MZRUfVFlvwtIUyPfxo5trtw==", "dev": true, + "license": "MIT", "dependencies": { "nice-try": "^1.0.4", "path-key": "^2.0.1", @@ -9423,9 +9414,10 @@ "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==" + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "license": "MIT" }, "node_modules/path-type": { "version": "4.0.0", @@ -10804,24 +10796,16 @@ "dev": true }, "node_modules/simple-update-notifier": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.1.0.tgz", - "integrity": "sha512-VpsrsJSUcJEseSbMHkrsrAVSdvVS5I96Qo1QAQ4FxQ9wXFcB+pjj7FB7/us9+GcgfW4ziHtYMc1J0PLczb55mg==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz", + "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==", "dev": true, + "license": "MIT", "dependencies": { - "semver": "~7.0.0" + "semver": "^7.5.3" }, "engines": { - "node": ">=8.10.0" - } - }, - "node_modules/simple-update-notifier/node_modules/semver": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz", - "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==", - "dev": true, - "bin": { - "semver": "bin/semver.js" + "node": ">=10" } }, "node_modules/sisteransi": { diff --git a/package.json b/package.json index 8ef6a71f..99ab1f81 100644 --- a/package.json +++ b/package.json @@ -36,11 +36,10 @@ "probot": "^12.3.3" }, "devDependencies": { - "@eslint/eslintrc": "^2.0.2", + "@eslint/eslintrc": "^3.1.0", "@travi/any": "^3.1.2", "check-engine": "^1.10.1", "eslint": "^8.46.0", - "@eslint/eslintrc": "^3.1.0", "eslint-config-standard": "^17.1.0", "eslint-plugin-import": "^2.29.1", "eslint-plugin-node": "^11.1.0", @@ -51,7 +50,7 @@ "jest-when": "^3.5.2", "lockfile-lint": "^4.12.1", "nock": "^13.5.4", - "nodemon": "^2.0.22", + "nodemon": "^3.1.9", "npm-run-all": "^4.1.5", "smee-client": "^1.2.2", "standard": "^17.1.0"