Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 13 additions & 6 deletions .github/workflows/calibreapp-image-actions.yml
Original file line number Diff line number Diff line change
@@ -1,24 +1,31 @@
name: Compress Images

on:
# DO NOT CHANGE, must stay pull_request. pull_request_target would hand fork PRs a write token
pull_request:
paths:
- '**.jpg'
- '**.jpeg'
- '**.png'
- '**.webp'
- "**.jpg"
- "**.jpeg"
- "**.png"
- "**.webp"

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
build:
# Only run on Pull Requests within the same repository, and not from forks.
# Only run on Pull Requests within the same repository, and not from forks
if: github.event.pull_request.head.repo.full_name == github.repository
name: calibreapp/image-actions
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
# allow calibreapp/image-actions to update PRs
# Allow calibreapp/image-actions to commit optimized images and update PRs
contents: write
pull-requests: write
steps:
- name: Clone repository
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,14 @@ env:
permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 15

steps:
- name: Clone repository
Expand Down Expand Up @@ -44,6 +49,7 @@ jobs:

deploy:
runs-on: ubuntu-latest
timeout-minutes: 15
needs: test
if: github.repository == 'twbs/blog' && github.ref == 'refs/heads/main'
permissions:
Expand Down
25 changes: 19 additions & 6 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,30 @@ on:
- cron: "0 0 * * 0"
workflow_dispatch:

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
analyze:
name: Analyze
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language:
- actions
- javascript-typescript

steps:
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
Expand All @@ -29,13 +44,11 @@ jobs:
- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: "javascript"
languages: "${{ matrix.language }}"
build-mode: none
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
category: "/language:javascript"
category: "/language:${{ matrix.language }}"