Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add workflow for Security Code Scanner #5333

Merged
merged 5 commits into from
Feb 5, 2025
Merged

Add workflow for Security Code Scanner #5333

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a67e375
Create security-code-scanner.yml
gonzaloriestra Jan 31, 2025
611c672
Run bin/pin-github-actions.js
gonzaloriestra Jan 31, 2025
b6da711
Reference the action from the security-code-scanner repo instead of c…
gonzaloriestra Feb 3, 2025
b418f39
Merge branch 'main' into security-code-scanner-workflow
gonzaloriestra Feb 3, 2025
4f2848f
Run bin/pin-github-actions.js
gonzaloriestra Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/changelog-reminder.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths: ['packages/*/src/**']
types: [ opened, synchronize, reopened, ready_for_review ]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes were made by pin-github-actions.js

paths: [ 'packages/*/src/**' ]
name: Changelog Reminder
jobs:
remind:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest']
node: ['18.20.3']
os: [ 'ubuntu-latest' ]
node: [ '18.20.3' ]
steps:
- uses: actions/checkout@v3
name: Checkout [main]
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cla.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
)
|| (github.event.pull_request && !github.event.pull_request.merged)
steps:
- uses: Shopify/shopify-cla-action@c6bc827f3c22da647ed72a556b0b30b8641786eb # pin@v1
- uses: Shopify/shopify-cla-action@9938f4b43524d1cfa7471ce9a803edf226697284 # pin@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
cla-token: ${{ secrets.CLA_TOKEN }}
6 changes: 3 additions & 3 deletions .github/workflows/pages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ name: Build and Deploy GitHub Pages Site

on:
push:
branches: ["main"]
branches: [ "main" ]
paths:
- packages/cli-kit/package.json
- "docs/**"

workflow_dispatch:

# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
Expand Down Expand Up @@ -44,7 +44,7 @@ jobs:
uses: actions/jekyll-build-pages@v1
with:
source: ./docs
destination: ./docs/_site
destination: ./docs/_site
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/security-code-scanner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: 'Shopify Security Code Scanner'

on: [push]

jobs:
Security-Code-Scanner:
uses: shopify/security-code-scanner/.github/workflows/main.yml@main
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
44 changes: 22 additions & 22 deletions .github/workflows/shopify-cli.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ on:
pull_request:
merge_group:


concurrency:
group: shopify-cli-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
Expand All @@ -59,8 +60,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest', 'windows-latest', 'macos-latest']
node: ['18.20.3', '20.14.0', '22.2.0']
os: [ 'ubuntu-latest', 'windows-latest', 'macos-latest' ]
node: [ '18.20.3', '20.14.0', '22.2.0' ]
steps:
- uses: actions/checkout@v3
name: Checkout [${{ github.ref_name }}]
Expand Down Expand Up @@ -112,9 +113,9 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest']
node: ['18.20.3']
target: ['build', 'type-check']
os: [ 'ubuntu-latest' ]
node: [ '18.20.3' ]
target: [ 'build', 'type-check' ]
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -135,8 +136,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest']
node: ['18.20.3']
os: [ 'ubuntu-latest' ]
node: [ '18.20.3' ]
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -163,8 +164,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest']
node: ['18.20.3']
os: [ 'ubuntu-latest' ]
node: [ '18.20.3' ]
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -187,8 +188,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest']
node: ['18.20.3']
os: [ 'ubuntu-latest' ]
node: [ '18.20.3' ]
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -200,7 +201,7 @@ jobs:
with:
node-version: ${{ matrix.node }}
- name: Post the knip results
uses: codex-/knip-reporter@1ccefdf649b847793412fbfba286dc0b05defc1e # pin@v2
uses: codex-/knip-reporter@f717532b6707d95de06b9bb2eb8ece46393f018f # pin@v2
with:
verbose: true

Expand All @@ -211,8 +212,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['macos-latest'] # Codegen uses a find command that needs to work on CI and macOS; using the same env keeps this simple
node: ['18.20.3']
os: [ 'macos-latest' ] # Codegen uses a find command that needs to work on CI and macOS; using the same env keeps this simple
node: [ '18.20.3' ]
steps:
- uses: actions/checkout@v3
with:
Expand Down Expand Up @@ -271,8 +272,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest', 'windows-latest', 'macos-latest']
node: ['18.20.3', '20.14.0', '22.2.0']
os: [ 'ubuntu-latest', 'windows-latest', 'macos-latest' ]
node: [ '18.20.3', '20.14.0', '22.2.0' ]
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -293,8 +294,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest', 'macos-latest', 'windows-latest']
node: ['18.20.3']
os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
node: [ '18.20.3' ]
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -317,8 +318,8 @@ jobs:
timeout-minutes: 30
strategy:
matrix:
os: ['ubuntu-latest']
node: ['18.20.3']
os: [ 'ubuntu-latest' ]
node: [ '18.20.3' ]
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -340,7 +341,6 @@ jobs:
with:
base-branch-name: '${{ github.base_ref }}'


manually-triggered:
name: '[Manual] Test with Node ${{ inputs.node-version }} in ${{ inputs.os }}'
runs-on: ${{ inputs.os }}
Expand All @@ -363,6 +363,6 @@ jobs:
run: pnpm test:features --output-style=stream
- name: Setup tmate session
if: ${{ failure() && inputs.debug-enabled }}
uses: mxschmitt/action-tmate@1005f9c9db5f1b055a495e72c6e589764984baf6 # pin@v3
uses: mxschmitt/action-tmate@e5c7151931ca95bad1c6f4190c730ecf8c7dde48 # pin@v3
with:
limit-access-to-actor: true
Loading