diff --git a/.github/scripts/report-inactive-collaborators.mjs b/.github/scripts/report-inactive-collaborators.mjs deleted file mode 100644 index a1b306dba9786..0000000000000 --- a/.github/scripts/report-inactive-collaborators.mjs +++ /dev/null @@ -1,131 +0,0 @@ -import { readFile } from 'node:fs/promises'; - -const CONFIG = { - GOVERNANCE_FILE: 'GOVERNANCE.md', - CURRENT_MEMBERS_HEADER: '#### Current Members', - INACTIVE_MONTHS: 12, - ISSUE_TITLE: 'Inactive Collaborator Report', - ISSUE_LABELS: ['meta', 'inactive-collaborator-report'], -}; - -// Get date N months ago in YYYY-MM-DD format -const getDateMonthsAgo = (months = CONFIG.INACTIVE_MONTHS) => { - const date = new Date(); - date.setMonth(date.getMonth() - months); - return date.toISOString().split('T')[0]; -}; - -// Check if there's already an open issue -async function hasOpenIssue(github, context) { - const { owner, repo } = context.repo; - const { data: issues } = await github.rest.issues.listForRepo({ - owner, - repo, - state: 'open', - labels: CONFIG.ISSUE_LABELS[1], - per_page: 1, - }); - - return issues.length > 0; -} - -// Parse collaborator usernames from governance file -async function parseCollaborators() { - const content = await readFile(CONFIG.GOVERNANCE_FILE, 'utf8'); - const lines = content.split('\n'); - const collaborators = []; - - const startIndex = - lines.findIndex(l => l.startsWith(CONFIG.CURRENT_MEMBERS_HEADER)) + 1; - if (startIndex <= 0) return collaborators; - - for (let i = startIndex; i < lines.length; i++) { - const line = lines[i]; - if (line.startsWith('#')) break; - - const match = line.match(/^\s*-\s*\[([^\]]+)\]/); - if (match) collaborators.push(match[1]); - } - - return collaborators; -} - -// Check if users have been active since cutoff date -async function getInactiveUsers(github, usernames, repo, cutoffDate) { - const inactiveUsers = []; - - for (const username of usernames) { - // Check commits - const { data: commits } = await github.rest.search.commits({ - q: `author:${username} repo:${repo} committer-date:>=${cutoffDate}`, - per_page: 1, - }); - - // Check issues and PRs - const { data: issues } = await github.rest.search.issuesAndPullRequests({ - q: `involves:${username} repo:${repo} updated:>=${cutoffDate}`, - per_page: 1, - }); - - // User is inactive if they have no commits AND no issues/PRs - if (commits.total_count === 0 && issues.total_count === 0) { - inactiveUsers.push(username); - } - } - - return inactiveUsers; -} - -// Generate report for inactive members -function formatReport(inactiveMembers, cutoffDate) { - if (!inactiveMembers.length) return null; - - const today = getDateMonthsAgo(0); - return `# Inactive Collaborators Report - -Last updated: ${today} -Checking for inactivity since: ${cutoffDate} - -## Inactive Collaborators (${inactiveMembers.length}) - -| Login | -| ----- | -${inactiveMembers.map(m => `| @${m} |`).join('\n')} - -## What happens next? - -@nodejs/nodejs-website should review this list and contact inactive collaborators to confirm their continued interest in participating in the project.`; -} - -async function createIssue(github, context, report) { - if (!report) return; - - const { owner, repo } = context.repo; - await github.rest.issues.create({ - owner, - repo, - title: CONFIG.ISSUE_TITLE, - body: report, - labels: CONFIG.ISSUE_LABELS, - }); -} - -export default async function (github, context) { - // Check for existing open issue first - exit early if one exists - if (await hasOpenIssue(github, context)) { - return; - } - - const cutoffDate = getDateMonthsAgo(); - const collaborators = await parseCollaborators(); - - const inactiveMembers = await getInactiveUsers( - github, - collaborators, - `${context.repo.owner}/${context.repo.repo}`, - cutoffDate - ); - const report = formatReport(inactiveMembers, cutoffDate); - - await createIssue(github, context, report); -} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a0efcf15db46b..8d9b9fbdad286 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,10 +39,12 @@ jobs: os: [ubuntu-latest, windows-latest] steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: - egress-policy: audit + pnpm: true + use-version-file: true + # We only want to install required production packages + install-flags: --prod - name: Use GNU tar instead BSD tar # This ensures that we use GNU `tar` which is more efficient for extracting caches's @@ -50,29 +52,12 @@ jobs: shell: cmd run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%" - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/apps/site/.next/cache key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }} restore-keys: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}- - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - # We only want to install required production packages - run: pnpm install --prod --frozen-lockfile - - name: Build Next.js # We want a ISR build on CI to ensure that regular Next.js builds work as expected. run: node_modules/.bin/turbo build ${{ env.TURBO_ARGS }} diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 46fc4f70b723f..8c2cabbe0194c 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -53,32 +53,10 @@ jobs: url: ${{ steps.chromatic-deploy.outputs.storybookUrl }} steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - # Provides the Pull Request commit SHA or the GitHub merge group ref - ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }} - # The Chromatic (@chromaui/action) Action requires a full history of the current branch in order to be able to compare - # previous changes and previous commits and determine which Storybooks should be tested against and what should be built - fetch-depth: 0 - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile + pnpm: true + use-version-file: true - name: Start Visual Regression Tests (Chromatic) # This assigns the Environment Deployment for Storybook diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8c6a19218518d..b621110362a95 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,14 +1,3 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# name: 'CodeQL' on: @@ -26,53 +15,8 @@ permissions: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + uses: nodejs/web-team/.github/workflows/codeql.yml@2c2897a93eb99b4cdca270729100bc0887c758d9 permissions: actions: read contents: read security-events: write - - strategy: - fail-fast: false - matrix: - language: ['javascript', 'typescript'] - # CodeQL supports [ $supported-codeql-languages ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 - with: - category: '/language:${{matrix.language}}' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 108576735552b..fec0e8e604847 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,11 +1,3 @@ -# Dependency Review Action -# -# This Action will scan dependency manifest files that change as part of a Pull Request, -# surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. -# -# Source repository: https://github.com/actions/dependency-review-action name: Review Dependencies on: @@ -23,15 +15,4 @@ permissions: jobs: dependency-review: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Review Dependencies - uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0 + uses: nodejs/web-team/.github/workflows/dependency-review.yml@2c2897a93eb99b4cdca270729100bc0887c758d9 diff --git a/.github/workflows/find-inactive-collaborators.yml b/.github/workflows/find-inactive-collaborators.yml deleted file mode 100644 index 38aa7b7ea86ce..0000000000000 --- a/.github/workflows/find-inactive-collaborators.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Find inactive collaborators - -on: - schedule: - - cron: '0 0 1 * *' # Runs at 00:00 UTC on the 1st day of every month - - workflow_dispatch: - -permissions: - contents: read - issues: write - -jobs: - find: - if: github.repository == 'nodejs/nodejs.org' - runs-on: ubuntu-latest - - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Report inactive collaborators - id: inactive - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - with: - script: | - const { default: report } = await import("${{github.workspace}}/.github/scripts/report-inactive-collaborators.mjs"); - report(github, context); diff --git a/.github/workflows/lint-and-tests.yml b/.github/workflows/lint-and-tests.yml index 8ce2a9cfdba8c..5711bb0d6515e 100644 --- a/.github/workflows/lint-and-tests.yml +++ b/.github/workflows/lint-and-tests.yml @@ -42,13 +42,10 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + pnpm: true + use-version-file: true - name: Restore Lint Cache uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 @@ -68,19 +65,6 @@ jobs: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}- cache-lint- - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Run quality checks with `turbo` # We run the ESLint and Prettier commands on all Workflow triggers of the `Lint` job, besides if # the Pull Request comes from a Crowdin Branch, as we don't want to run ESLint and Prettier on Crowdin PRs @@ -115,26 +99,10 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile + pnpm: true + use-version-file: true - name: Run Unit Tests # We want to run Unit Tests in every circumstance, including Crowdin PRs and Dependabot PRs to ensure diff --git a/.github/workflows/notify-on-push.yml b/.github/workflows/notify-on-push.yml index 9fd8ad4647cfa..e0c0138a8c9ef 100644 --- a/.github/workflows/notify-on-push.yml +++ b/.github/workflows/notify-on-push.yml @@ -11,20 +11,8 @@ jobs: notify_on_push: name: Notify on any direct push to `main` if: > - github.repository == 'nodejs/nodejs.org' && + github.repository == 'nodejs/nodejs.org' && github.actor != 'github-merge-queue[bot]' runs-on: ubuntu-latest steps: - - name: Slack Notification - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # 2.3.3 - env: - SLACK_COLOR: '#DE512A' - SLACK_ICON: https://github.com/nodejs.png?size=48 - SLACK_TITLE: ${{ github.actor }} directly pushed to ${{ github.ref }} - SLACK_MESSAGE: | - A commit was directly pushed to by - - Before: - After: - SLACK_USERNAME: nodejs-bot - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + - uses: nodejs/web-team/actions/notify-on-push@2c2897a93eb99b4cdca270729100bc0887c758d9 diff --git a/.github/workflows/playwright-cloudflare-open-next.yml b/.github/workflows/playwright-cloudflare-open-next.yml index da1fe8727626c..0bd57f451f39a 100644 --- a/.github/workflows/playwright-cloudflare-open-next.yml +++ b/.github/workflows/playwright-cloudflare-open-next.yml @@ -28,29 +28,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: + pnpm: true + use-version-file: true fetch-depth: 2 - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Get Playwright version id: playwright-version working-directory: apps/site diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 2037071b38792..c7c0896c28eef 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -54,29 +54,12 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: + pnpm: true + use-version-file: true fetch-depth: 2 - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Get Playwright version id: playwright-version working-directory: apps/site diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index e299b31b9f63c..e49db9560e031 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -102,22 +102,10 @@ jobs: matrix: ${{ fromJson(needs.prepare-packages.outputs.matrix) }} fail-fast: false # Continue publishing other packages even if one fails steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Setup Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: - # Don't use caching here as we never install dependencies in this workflow - node-version-file: '.nvmrc' + pnpm: true + use-version-file: true registry-url: 'https://registry.npmjs.org' - name: Re-install npm @@ -128,9 +116,6 @@ jobs: - name: Publish working-directory: packages/${{ matrix.package }} run: | - # Install deps - pnpm install --frozen-lockfile - # Check if a custom publish script exists in package.json if jq -e '.scripts.release' package.json > /dev/null; then pnpm run release diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f42839e4f1d05..9a0e331817c0e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,7 +1,3 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third party and are governed by separate terms of service, privacy -# policy and support documentation. - name: OpenSSF Scorecard Review on: # For Branch-Protection check. Only the default branch is supported. See @@ -21,7 +17,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-latest + uses: nodejs/web-team/.github/workflows/scorecard.yml@2c2897a93eb99b4cdca270729100bc0887c758d9 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write @@ -29,36 +25,3 @@ jobs: id-token: write contents: read actions: read - - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - - - name: Run Scorecard Analysis - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 - with: - results_file: results.sarif - results_format: sarif - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: Upload Artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: Upload Scan Results - uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 - with: - sarif_file: results.sarif diff --git a/.github/workflows/sync-orama.yml b/.github/workflows/sync-orama.yml index e970472ad309c..7de100df4eee6 100644 --- a/.github/workflows/sync-orama.yml +++ b/.github/workflows/sync-orama.yml @@ -33,23 +33,10 @@ jobs: if: github.event_name != 'pull_request_target' || github.event.label.name == 'github_actions:pull-request' steps: - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: - ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }} - - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile + pnpm: true + use-version-file: true - name: Sync Orama Cloud working-directory: apps/site diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index 5cd9066070782..5f71db3cb830b 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -65,14 +65,10 @@ jobs: contents: write steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Git Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: nodejs/web-team/actions/setup-environment@2c2897a93eb99b4cdca270729100bc0887c758d9 with: + pnpm: true + use-version-file: true ref: ${{ env.BRANCH_NAME }} token: ${{ secrets.CROWDIN_GITHUB_BOT_TOKEN }} fetch-depth: 2 @@ -93,19 +89,6 @@ jobs: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}- cache-lint- - - name: Set up pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - # We want to ensure that the Node.js version running here respects our supported versions - node-version-file: '.nvmrc' - cache: 'pnpm' - - - name: Install packages - run: pnpm install --frozen-lockfile - - name: Patch version if the files changed working-directory: packages/i18n run: |