chore: Update dependabot.yml and codeql.yaml configurations

alimd · alimd · commit 999319bfd253 · 2024-10-15T13:38:24.000+03:30
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,14 +6,13 @@ updates:
     directory: /
     open-pull-requests-limit: 20
     commit-message:
-      prefix: deps
-      include: scope
+      prefix: 'deps'
     reviewers:
       - AliMD
     schedule:
       interval: weekly
-      time: '10:30'
-      day: thursday
+      time: '00:30'
+      day: 'thursday'
     labels:
       - ci
       - priority-low
@@ -28,14 +27,13 @@ updates:
     versioning-strategy: increase
     open-pull-requests-limit: 20
     commit-message:
-      prefix: deps
-      include: scope
+      prefix: 'deps'
     reviewers:
       - AliMD
     schedule:
       interval: weekly
-      time: '10:30'
-      day: thursday
+      time: '00:30'
+      day: 'thursday'
     labels:
       - dependencies
       - ci
@@ -56,16 +54,3 @@ updates:
         patterns:
           - '@alwatr/*'
           - 'fract'
-
-  - package-ecosystem: docker
-    directory: /packages/alwatr
-    reviewers:
-      - AliMD
-    schedule:
-      interval: weekly
-      time: '10:30'
-      day: thursday
-    labels:
-      - ci
-      - priority-low
-      - maintenance
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -5,14 +5,14 @@ name: CodeQL
 on:
   workflow_dispatch:
 
-  # schedule:
-  #   - cron: '0 7 * */2 *'
-  #            │ │ │  │  │
-  #            │ │ │  │  └─── day of the week (0 - 6 or SUN-SAT)
-  #            │ │ │  └────── month (1 - 12 or JAN-DEC)
-  #            │ │ └───────── day of the month (1 - 31)
-  #            │ └─────────── hour (0 - 23)
-  #            └───────────── minute (0 - 59)
+  schedule:
+    - cron: '0 7 * */2 *'
+    #        │ │ │  │  │
+    #        │ │ │  │  └─── day of the week (0 - 6 or SUN-SAT)
+    #        │ │ │  └────── month (1 - 12 or JAN-DEC)
+    #        │ │ └───────── day of the month (1 - 31)
+    #        │ └─────────── hour (0 - 23)
+    #        └───────────── minute (0 - 59)
 
 jobs:
   analyze-code-ql:
@@ -35,14 +35,14 @@ jobs:
         uses: actions/checkout@v4.2.1
 
       - name: 🏗 Initialize CodeQL
-        uses: github/codeql-action/init@v3.26.13
+        uses: github/codeql-action/init@v3.26.12
         with:
           languages: ${{ matrix.language }}
           # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # queries: security-extended,security-and-quality
 
       - name: 🏗 Auto build
-        uses: github/codeql-action/autobuild@v3.26.13
+        uses: github/codeql-action/autobuild@v3.26.12
 
       - name: 🚀 Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.26.13
+        uses: github/codeql-action/analyze@v3.26.12
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -5,8 +5,7 @@ name: Dependency Review
 on:
   workflow_dispatch:
 
-  # disable on private repository
-  # pull_request:
+  pull_request:
 
 jobs:
   dependency-review:
diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
@@ -0,0 +1,63 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+name: Publish NPM
+
+on:
+  workflow_dispatch:
+
+  release:
+    types:
+      - created
+
+env:
+  NODE_VERSION: lts/*
+
+jobs:
+  publish-npm:
+    if: github.repository_owner == 'Alwatr'
+
+    name: Publish NPM
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: ⤵️ Checkout repository
+        uses: actions/checkout@v4.2.1
+
+      - name: 🏗 Setup nodejs
+        uses: actions/setup-node@v4.0.4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: 🏗 Setup nodejs corepack
+        run: corepack enable
+
+      - name: 🏗 Get yarn config
+        id: yarn_config
+        run: echo "cache_folder=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
+
+      - name: 🏗 Cache Layer
+        uses: actions/cache@v4.1.1
+        # id: yarn_cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
+        with:
+          path: ${{ steps.yarn_config.outputs.cache_folder }}
+          key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+
+      - name: 🏗 Install dependencies
+        run: yarn install --immutable
+
+      - name: 🏗 Build Typescript
+        run: yarn build
+
+      # - name: 🚀 Extra Packages Build
+      #   run: yarn build:r
+
+      - name: 🚀 Publish
+        run: yarn run publish --yes
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
