github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2026-05-30 00:00:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): improve workflows & dependabot (#1928)

Browse Source 
* chore(workflow): draft-release - sync recent changes
* chore(workflow): draft-release - pin actions
* chore(workflow): draft-release - use 'npm ci'
* chore(workflow): draft-release - disable package-manager-cache
* chore(workflow): draft-release - ensure cache is '' for clarity
* chore(workflow): draft-release - update actions/checkout configs
* chore(workflow): pin actions in all workflows
* chore(workflow): update actions/checkout configs
* chore(dependabot): added configs
* chore(workflow): use npm cit
This commit is contained in:
エリス
2026-05-19 19:18:26 +09:00
committed by GitHub
parent f490531d5a
commit 08c4fd1ebf
4 changed files with 58 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/dependabot.yml
+32
View File
@@ -0,0 +1,32 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
cooldown:
default-days: 4
schedule:
interval: "daily" # Every weekday, Monday to Friday
- package-ecosystem: "npm"
directory: "/"
cooldown:
default-days: 4
schedule:
interval: "weekly" # By default on a Monday
.github/workflows/ci.yml
+9 -7
View File
@@ -41,12 +41,15 @@ jobs:
os: [ubuntu-latest, windows-latest, macos-15]
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 1
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
- uses: actions/setup-java@v5
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
distribution: 'temurin'
java-version: '17'
@@ -61,7 +64,7 @@ jobs:
# It contains mixed content from the npm package "cordova-js" and "./cordova-js-src".
# The report might not be resolvable because of the external package.
# If the report is related to this repository, it would be detected when scanning "./cordova-js-src".
- uses: github/codeql-action/init@v4
- uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
with:
languages: javascript, java-kotlin
queries: security-and-quality
@@ -74,12 +77,11 @@ jobs:
- name: npm install and test
run: |
npm i
npm t
npm cit
env:
CI: true
- uses: github/codeql-action/analyze@v4
- uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
# v4.6.0
- uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238
.github/workflows/draft-release.yml
+12 -7
View File
@@ -31,10 +31,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-node@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 1
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 24
package-manager-cache: false
cache: ''
- name: Setup environment variables
run: |
@@ -68,14 +73,14 @@ jobs:
- name: Verify Target Release Version
run: |
PACKAGE_VERSION=$(jq -r '.version' package.json)
if [ $PACKAGE_VERSION != "$TARGET_RELEASE_VERSION" ]; then
if [ "$PACKAGE_VERSION" != "$TARGET_RELEASE_VERSION" ]; then
echo "Mismatch version detected between tag version ($TARGET_RELEASE_VERSION) and package version ($PACKAGE_VERSION)"
exit 1
fi
if [ -f "plugin.xml" ]; then
PLUGIN_VERSION=$(yq -p=xml -o=json '.plugin.+@version' plugin.xml)
if [ $PLUGIN_VERSION != "$TARGET_RELEASE_VERSION" ]; then
PLUGIN_VERSION=$(yq -p=xml -o=json '.plugin.+@version' plugin.xml | jq -r .)
if [ "$PLUGIN_VERSION" != "$TARGET_RELEASE_VERSION" ]; then
echo "Mismatch version detected between tag version ($TARGET_RELEASE_VERSION) and plugin version ($PLUGIN_VERSION)"
exit 1
fi
@@ -83,7 +88,7 @@ jobs:
- name: Generate "tgz" npm convenience package
run: |-
npm install
npm ci
NPM_PKG_NAME=$(npm pack --json | jq -r '.[0].filename')
mv ./.asf-release/$NPM_PKG_NAME ./.asf-release/${NPM_PACKAGE_NAME}.tgz
env:
@@ -142,7 +147,7 @@ jobs:
CORDOVA_GPG_SECRET_KEY: ${{ secrets.CORDOVA_GPG_SECRET_KEY }}
- name: Upload to Apache Trusted Release (ATR)
uses: apache/tooling-actions/upload-to-atr@b7e972c11790ee16eca101900af1b3c7fd1b106e
uses: apache/tooling-actions/upload-to-atr@f5f4c0e7ddfbde6b1f8288cef36324c6def68051
with:
project: ${{ env.REPO_NAME }}
version: ${{ env.TARGET_RELEASE_VERSION }}
.github/workflows/release-audit.yml
+5 -2
View File
@@ -34,13 +34,16 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout project
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 1
# Check license headers (v2.0.0)
- uses: erisu/apache-rat-action@46fb01ce7d8f76bdcd7ab10e7af46e1ea95ca01c
# Setup environment with node
- uses: actions/setup-node@v6
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 24