diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index 8d62494f5..051a76a7c 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -1,28 +1,21 @@ --- name: Github Pages on: workflow_dispatch +permissions: {} jobs: build-and-deploy: runs-on: ubuntu-latest + permissions: + actions: read + contents: write steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Build site run: yarn build env: diff --git a/.github/workflows/index.yml b/.github/workflows/index.yml index 46d4ea8cb..381892bad 100644 --- a/.github/workflows/index.yml +++ b/.github/workflows/index.yml @@ -16,24 +16,13 @@ jobs: build-and-index: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Build site run: yarn build diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1bd9bb9d8..845c8678f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -55,24 +55,13 @@ jobs: needs: [set-state, pre-build] runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Gatsby Cache uses: actions/cache@v3.3.2 with: diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml index 726cf48de..06551e322 100644 --- a/.github/workflows/stage.yml +++ b/.github/workflows/stage.yml @@ -66,24 +66,13 @@ needs: [set-state, pre-build] runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node v16 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Gatsby Cache uses: actions/cache@v3.3.2 with: diff --git a/.github/workflows/test-pull-request.yml b/.github/workflows/test-pull-request.yml index 09c8592d7..4b5d2f382 100644 --- a/.github/workflows/test-pull-request.yml +++ b/.github/workflows/test-pull-request.yml @@ -15,6 +15,11 @@ # Start the job on a pull request to the main branch # ###################################################### on: pull_request + + ################################################# + # Disable all permissions on the workflow level # + ################################################# + permissions: {} ############### # Set the Job # @@ -29,7 +34,6 @@ ############################################ permissions: contents: read - packages: read statuses: write ################## @@ -56,34 +60,41 @@ # Use full version number to avoid cases when a next # released version is buggy # About slim image: https://github.com/github/super-linter#slim-image - uses: super-linter/super-linter/slim@v6.7.0 + uses: super-linter/super-linter/slim@v7.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DEFAULT_BRANCH: main - test_and_build: + + test: runs-on: ubuntu-latest needs: lint + permissions: + contents: read + statuses: write steps: - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Setup Node - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main with: node-version-file: '.nvmrc' - cache: 'yarn' cache-dependency-path: 'yarn.lock' - - name: Enable Corepack for Yarn - run: corepack enable - - - name: Install Dependencies - run: yarn install - env: - YARN_ENABLE_IMMUTABLE_INSTALLS: false - - name: Check links run: yarn test + + build: + runs-on: ubuntu-latest + needs: test + permissions: + contents: read + statuses: write + steps: + - uses: actions/checkout@v4 + - name: Use Setup Node and Install Dependencies Action + uses: commerce-docs/devsite-install-action@main + with: + node-version-file: '.nvmrc' + cache-dependency-path: 'yarn.lock' - name: Build site run: yarn build