diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 01002f2..d31d2b4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,14 +12,15 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 2 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: "25" registry-url: "https://registry.npmjs.org" + cache: "npm" - name: Check if version changed id: version-check diff --git a/.github/workflows/risk-check.yml b/.github/workflows/risk-check.yml index 1c6041c..bb74a3e 100644 --- a/.github/workflows/risk-check.yml +++ b/.github/workflows/risk-check.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Check authorization id: auth - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | const commenter = context.payload.comment.user.login; @@ -65,7 +65,7 @@ jobs: - name: Get PR details if: steps.auth.outputs.authorized == 'true' id: pr - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | try { @@ -84,7 +84,7 @@ jobs: - name: Set pending status if: steps.auth.outputs.authorized == 'true' && steps.pr.outputs.sha != '' - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | await github.rest.repos.createCommitStatus({ @@ -96,16 +96,17 @@ jobs: description: 'Running analysis...' }); - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: steps.auth.outputs.authorized == 'true' && steps.pr.outputs.sha != '' with: fetch-depth: 0 ref: ${{ steps.pr.outputs.sha }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 if: steps.auth.outputs.authorized == 'true' && steps.pr.outputs.sha != '' with: node-version: "20" + cache: "npm" - name: Install prscore if: steps.auth.outputs.authorized == 'true' && steps.pr.outputs.sha != '' @@ -126,7 +127,7 @@ jobs: - name: Update status if: always() && steps.auth.outputs.authorized == 'true' && steps.pr.outputs.sha != '' - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | const fs = require('fs'); diff --git a/.github/workflows/type-check.yml b/.github/workflows/type-check.yml new file mode 100644 index 0000000..3520361 --- /dev/null +++ b/.github/workflows/type-check.yml @@ -0,0 +1,20 @@ +name: Type Check + +on: push + +jobs: + type-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: "20" + cache: "npm" + + - name: Install dependencies + run: npm ci + + - name: Run TypeScript type check + run: npx tsc --noEmit