diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f61946b..e2dcaff 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,9 @@ version: 2 updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly - package-ecosystem: npm directory: "/" schedule: diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 2179ad6..1c56785 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -13,22 +13,24 @@ jobs: os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - node-version: ${{ matrix.node }} - - id: yarn-cache - run: echo "::set-output name=dir::$(yarn cache dir)" - - uses: actions/cache@v2 + persist-credentials: false + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - path: ${{ steps.yarn-cache.outputs.dir }} - key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }} - restore-keys: | - ${{ matrix.os }}-yarn- + node-version: ${{ matrix.node }} + cache: yarn + - run: yarn --frozen-lockfile + - run: yarn build + - run: yarn lint + - run: yarn coverage + - run: yarn test:ignored-in-coverage + - run: yarn test:mainnet continue-on-error: true diff --git a/.github/workflows/add-action-project.yml b/.github/workflows/add-action-project.yml index ce969e7..c162c16 100644 --- a/.github/workflows/add-action-project.yml +++ b/.github/workflows/add-action-project.yml @@ -10,7 +10,7 @@ jobs: name: Add issue to project runs-on: ubuntu-latest steps: - - uses: actions/add-to-project@v0.3.0 + - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 with: project-url: https://github.com/orgs/cowprotocol/projects/8 github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index 1c36c2b..cf53fb0 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -12,7 +12,7 @@ jobs: steps: - name: "CLA Assistant" if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@v2.6.1 + uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b902bda..28747bf 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,13 +7,18 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '14.x' registry-url: 'https://registry.npmjs.org' scope: '@cowprotocol' + - run: yarn --frozen-lockfile + - run: bash src/workflows/publish.sh env: NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}