diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index 4c7030bd7a..1a38478518 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -26,10 +26,11 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: ๐ŸŽจ Check for non-RTL/non-a11y CSS classes run: vp run lint:css diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 1cbf9719b8..cc1f3734c7 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -27,16 +27,17 @@ jobs: ref: ${{ github.event.pull_request.head.sha || github.sha }} persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true - - - name: ๐ŸŸง Install pnpm globally - run: vp install -g pnpm + sfw: true - name: ๐Ÿงช Run Chromatic Visual and Accessibility Tests uses: chromaui/action@8a2b82547aef5a3efc8ec3c7905f4ab09a76ed0b # v16.1.0 + with: + buildCommand: vp run build-storybook + outputDir: storybook-static env: CHROMATIC_BRANCH: ${{ github.event.pull_request.head.ref || github.ref_name }} CHROMATIC_SHA: ${{ github.event.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 37bd15e85f..0307c007ed 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,13 +30,13 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* - run-install: false - - - name: ๐Ÿ“ฆ Install dependencies (root only, no scripts) - run: vp install --filter . --ignore-scripts + sfw: true + # root only, no scripts + run-install: | + - args: ['--filter', '.', '--ignore-scripts'] - name: ๐Ÿ”  Lint project run: vp run lint @@ -50,10 +50,11 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: ๐Ÿ’ช Type check run: vp run test:types @@ -67,10 +68,11 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: ๐Ÿงช Unit tests run: vp test --project unit --coverage --reporter=default --reporter=junit --outputFile=test-report.junit.xml @@ -105,10 +107,11 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: ๐ŸŒ Install browser run: vp exec playwright install chromium-headless-shell @@ -151,10 +154,11 @@ jobs: - name: ๐Ÿ‘‘ Fix Git ownership run: git config --global --add safe.directory /__w/npmx.dev/npmx.dev - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: ๐Ÿ—๏ธ Build project run: vp run build:test @@ -188,10 +192,11 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: ๐Ÿ—๏ธ Build project run: vp run build:test @@ -211,10 +216,11 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: ๐Ÿงน Check for unused code run: vp run knip @@ -228,13 +234,13 @@ jobs: with: persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* - run-install: false - - - name: ๐Ÿ“ฆ Install dependencies (root only, no scripts) - run: vp install --filter . --ignore-scripts + sfw: true + # root only, no scripts + run-install: | + - args: ['--filter', '.', '--ignore-scripts'] - name: ๐ŸŒ Check for missing or dynamic i18n keys run: vp run i18n:report diff --git a/.github/workflows/deploy-canary.yml b/.github/workflows/deploy-canary.yml index 89b1e7f614..f4be78830b 100644 --- a/.github/workflows/deploy-canary.yml +++ b/.github/workflows/deploy-canary.yml @@ -22,12 +22,17 @@ jobs: persist-credentials: false fetch-depth: 2 - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* run-install: false - - run: vp install -g vercel + - uses: SocketDev/action@ba6de6cc0565af1f42295590380973573297e31f # v1.3.2 + with: + mode: firewall-free + firewall-version: v1.12.0 + + - run: sfw vp i -g vercel@54.12.2 - run: vercel deploy --target=canary env: VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }} diff --git a/.github/workflows/lunaria.yml b/.github/workflows/lunaria.yml index e4fc52f092..71abbb5355 100644 --- a/.github/workflows/lunaria.yml +++ b/.github/workflows/lunaria.yml @@ -29,10 +29,11 @@ jobs: fetch-depth: 0 persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* cache: true + sfw: true - name: Generate Lunaria Overview uses: lunariajs/action@4911ad0736d1e3b20af4cb70f5079aea2327ed8e # astro-docs diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index fdb614e08e..19a529d515 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -26,7 +26,7 @@ jobs: fetch-depth: 0 persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* run-install: false diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index e6d050daa0..16a1991880 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -28,7 +28,7 @@ jobs: fetch-depth: 0 persist-credentials: true - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* run-install: false @@ -66,7 +66,11 @@ jobs: - name: ๐Ÿ“ฆ Install dependencies if: steps.check.outputs.skip == 'false' - run: vp install --filter . --ignore-scripts + uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 + with: + sfw: true + run-install: | + - args: ['--filter', '.', '--ignore-scripts'] - name: ๐Ÿ“ Generate release notes if: steps.check.outputs.skip == 'false' @@ -101,14 +105,18 @@ jobs: ref: release persist-credentials: false - - uses: voidzero-dev/setup-vp@ca1c46663915d6c1042ae23bd39ab85718bfb0fa # v1.10.0 + - uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 with: node-version: lts/* registry-url: https://registry.npmjs.org run-install: false - name: ๐Ÿ“ฆ Install dependencies - run: vp install --filter npmx-connector... + uses: voidzero-dev/setup-vp@2dec1e33f4ab2c6d5bce1b0c4607961bb1a3f7a1 # v1.12.0 + with: + sfw: true + run-install: | + - args: ['--filter', 'npmx-connector...'] - name: ๐Ÿ”ข Set connector version env: diff --git a/.github/zizmor.yml b/.github/zizmor.yml index 273a9114d2..600359efcb 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -4,7 +4,7 @@ rules: stale-action-refs: ignore: # lunariajs/action has no tag refs; keep the branch commit hash-pinned. - - lunaria.yml:38 + - lunaria.yml:39 dangerous-triggers: ignore: - enforce-release-source.yml