From a3e78bae4388b5f92bd2242b867f7b7598657919 Mon Sep 17 00:00:00 2001 From: Peter Harrison <16875803+palisadoes@users.noreply.github.com> Date: Thu, 26 Dec 2024 15:07:54 -0800 Subject: [PATCH] Initial Commit (#16) * Initial Commit * Initial Commit --- .../authorized-changes-detection.yml | 57 ++++++++++++------- .github/workflows/documentation.yml | 4 +- .github/workflows/stale.yml | 25 +++++--- 3 files changed, 58 insertions(+), 28 deletions(-) diff --git a/.github/workflows/authorized-changes-detection.yml b/.github/workflows/authorized-changes-detection.yml index fa81559..24a8600 100644 --- a/.github/workflows/authorized-changes-detection.yml +++ b/.github/workflows/authorized-changes-detection.yml @@ -3,7 +3,7 @@ # # NOTE! # -# Please read the README.md file in this directory that defines what should +# Please read the README.md file in this directory that defines what should # be placed in this file # ############################################################################## @@ -12,25 +12,44 @@ name: Checking workflow files on: pull_request: - paths: - - '.github/**' - - 'CNAME' - - 'static/CNAME' - - 'package.json' - - 'sidebars.js' - - 'sidebar-admin.js' - - 'sidebar-mobile-user.js' - - 'sidebar-web-user.js' - - 'docusaurus.config.js' - - 'babel.config.js' - - 'CODEOWNERS' - - 'LICENSE' + branches: + - "**" jobs: - Checking-for-unauthorized-file-changes: - name: Checking for unauthorized file changes + Check-Sensitive-Files: + if: ${{ github.actor != 'dependabot[bot]' && !contains(github.event.pull_request.labels.*.name, 'ignore-sensitive-files-pr') }} + name: Checks if sensitive files have been changed without authorization runs-on: ubuntu-latest - steps: - - name: Unauthorized file modification in PR - run: exit 1 + - name: Checkout code + uses: actions/checkout@v4 + + - name: Get Changed Unauthorized files + id: changed-unauth-files + uses: tj-actions/changed-files@v45 + with: + files: | + .github/** + CNAME + static/CNAME + package.json + sidebar*.js + docusaurus.config.js + babel.config.js + tsconfig.json + .gitignore + .coderabbit.yaml + CODEOWNERS + LICENSE + *.md + + - name: List all changed unauthorized files + if: steps.changed-unauth-files.outputs.any_changed == 'true' || steps.changed-unauth-files.outputs.any_deleted == 'true' + env: + CHANGED_UNAUTH_FILES: ${{ steps.changed-unauth-files.outputs.all_changed_files }} + run: | + for file in ${CHANGED_UNAUTH_FILES}; do + echo "$file is unauthorized to change/delete" + echo "To override this, apply the 'ignore-sensitive-files-pr' label" + done + exit 1 diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index b81b6b7..a6eb917 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -24,7 +24,7 @@ jobs: run: yarn install --frozen-lockfile - name: Test building the website run: yarn build - + deploy: if: github.event_name != 'pull_request' runs-on: ubuntu-latest @@ -36,7 +36,7 @@ jobs: cache: yarn - uses: webfactory/ssh-agent@v0.5.0 with: - ssh-private-key: ${{ secrets.GH_PAGES_DEPLOY }} + ssh-private-key: ${{ secrets.DEPLOY_GITHUB_PAGES }} - name: Deploy to GitHub Pages env: USE_SSH: true diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8b57b5d..3430d52 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,3 +1,14 @@ +############################################################################## +############################################################################## +# +# NOTE! +# +# Please read the README.md file in this directory that defines what should +# be placed in this file +# +############################################################################## +############################################################################## + name: Mark stale issues and pull requests on: @@ -14,12 +25,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: 'This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the main branch has fixed it and report again or close the issue.' - stale-pr-message: 'This pull request did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please verify it has no conflicts with the main branch and rebase if needed. Mention it now if you need help or give permission to other people to finish your work.' - close-issue-message: 'This issue did not get any activity in the past 180 days and thus has been closed. Please check if the newest release or main branch has it fixed. Please, create a new issue if the issue is not fixed.' + stale-issue-message: 'This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.' + stale-pr-message: 'This pull request did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please verify it has no conflicts with the develop branch and rebase if needed. Mention it now if you need help or give permission to other people to finish your work.' + close-issue-message: 'This issue did not get any activity in the past 180 days and thus has been closed. Please check if the newest release or develop branch has it fixed. Please, create a new issue if the issue is not fixed.' close-pr-message: 'This pull request did not get any activity in the past 180 days and thus has been closed.' stale-issue-label: 'no-issue-activity' stale-pr-label: 'no-pr-activity' @@ -27,6 +38,6 @@ jobs: days-before-close: 180 remove-stale-when-updated: true exempt-all-milestones: true - exempt-pr-labels: 'bug' - exempt-issue-labels: 'bug, wip' - operations-per-run: 30 + exempt-pr-labels: 'wip' + exempt-issue-labels: 'wip' + operations-per-run: 50