diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml index 6b104a3..43295c4 100644 --- a/.github/workflows/continuous-delivery.yml +++ b/.github/workflows/continuous-delivery.yml @@ -14,14 +14,14 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 - name: Node.js setup - uses: actions/setup-node@v4 + uses: actions/setup-node@v4.0.4 with: cache: npm cache-dependency-path: package-lock.json - node-version: 20.17.x + node-version: 20.17.0 registry-url: https://registry.npmjs.org - name: Dependencies installation diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 1c86f58..d529f57 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -13,15 +13,15 @@ jobs: strategy: matrix: - node-version: [ 18.20.x, 20.17.x ] + node-version: [ 18.20.4, 20.17.0 ] os: [ macos-latest, ubuntu-latest, windows-latest ] steps: - name: Repository checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 - name: Node.js setup ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@v4.0.4 with: cache: npm cache-dependency-path: package-lock.json diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 67570c1..85b9ce9 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -1,28 +1,79 @@ name: Security -on: push +on: + pull_request: + branches: [ main ] + push: + branches: [ main ] + schedule: + - cron: '25 16 * * 4' jobs: - security: - name: Snyk - runs-on: ubuntu-latest - + codeql: + name: CodeQL permissions: + packages: read security-events: write + runs-on: ubuntu-latest steps: - name: Repository checkout uses: actions/checkout@v4.1.7 - - continue-on-error: true + - name: Node.js setup + uses: actions/setup-node@v4.0.4 + with: + cache: npm + cache-dependency-path: package-lock.json + node-version: 18.20.4 + + - name: Dependencies installation + run: npm ci + + - name: Test + run: npm test + + - name: Initialization + uses: github/codeql-action/init@v3.26.9 + with: + languages: 'javascript-typescript' + + - name: Analysis + uses: github/codeql-action/analyze@v3.26.9 + + - name: Results upload + uses: github/codeql-action/upload-sarif@v3.26.9 + with: + category: codeql-analysis + + snyk: + name: Snyk + runs-on: ubuntu-latest + + steps: + - name: Repository checkout + uses: actions/checkout@v4.1.7 + + - name: Node.js setup + uses: actions/setup-node@v4.0.4 + with: + cache: npm + cache-dependency-path: package-lock.json + node-version: 18.20.4 + + - name: Dependencies installation + run: npm ci + + - name: Analysis + continue-on-error: true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Snyk vulnerabilities scan uses: snyk/actions/node@0.4.0 with: args: --sarif-file-output=snyk.sarif - - name: SARIF upload to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v3.26.8 + - name: Results upload + uses: github/codeql-action/upload-sarif@v3.26.9 with: + category: snyk-analysis sarif_file: snyk.sarif diff --git a/package-lock.json b/package-lock.json index 37ca41c..aa54a8f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@stassi/leaf", - "version": "0.0.26", + "version": "0.0.27", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@stassi/leaf", - "version": "0.0.26", + "version": "0.0.27", "cpu": [ "arm64", "x64" diff --git a/package.json b/package.json index 3756e82..af8fc40 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@stassi/leaf", - "version": "0.0.26", + "version": "0.0.27", "description": "Leaflet adapter.", "keywords": [ "cartography",