Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: CI Pipeline

permissions: {}

on:
push:
branches:
Expand All @@ -16,7 +18,7 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
# For same-repo PRs, check out the head branch explicitly so tests
# run against the exact branch commit (not the synthetic merge commit).
Expand All @@ -27,7 +29,7 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Setup Node.js
uses: actions/setup-node@v6
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: '20'

Expand Down Expand Up @@ -67,13 +69,13 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ secrets.GITHUB_TOKEN }}

- name: Setup Node.js
uses: actions/setup-node@v6
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: '20'

Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/claude.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: Claude Code

permissions: {}

on:
pull_request:
branches: [main]
Expand Down Expand Up @@ -31,4 +33,4 @@ jobs:
- name: Run Claude Code
uses: anthropics/claude-code-action@094bd24d575e7b30ac1576024817bf1a97c81262 # v1
with:
anthropic_api_key: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
12 changes: 8 additions & 4 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
name: 'CodeQL'

permissions: {}

on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '25 14 * * 1'

jobs:
analyze:
Expand All @@ -22,17 +26,17 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Initialize CodeQL
uses: github/codeql-action/init@v4
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@v4
uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4

- name: Run CodeQL analysis
uses: github/codeql-action/analyze@v4
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4
with:
category: 'security'
8 changes: 6 additions & 2 deletions .github/workflows/coverage.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: Coverage

permissions: {}

on:
pull_request:
branches:
Expand All @@ -11,12 +13,14 @@ on:
jobs:
coverage:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Set up Node.js
uses: actions/setup-node@v6
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: '20'

Expand Down
11 changes: 6 additions & 5 deletions .github/workflows/dependabot-automerge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,25 +5,26 @@ on:
branches:
- main

permissions:
contents: write
pull-requests: write
permissions: {}

jobs:
dependabot:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]'
permissions:
contents: write
pull-requests: write
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v2
with:
github-token: '${{ secrets.GITHUB_TOKEN }}'

- name: Generate app token
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.dependency-type == 'indirect'
id: app-token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
11 changes: 8 additions & 3 deletions .github/workflows/nodejs-tests.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: Node.js Tests

permissions: {}

on:
push:
branches: [main]
Expand All @@ -10,16 +12,19 @@ jobs:
node-tests:
name: Node.js Tests
runs-on: ubuntu-latest
permissions:
contents: read
actions: write
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Use Node.js 20
uses: actions/setup-node@v6
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: '20'

- name: Cache node modules
uses: actions/cache@v5
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
Comment thread
don-petry marked this conversation as resolved.
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
Expand Down
11 changes: 7 additions & 4 deletions .github/workflows/playwright-tests.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: Playwright UI Tests

permissions: {}

on:
push:
branches: [main]
Expand All @@ -12,16 +14,17 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
actions: write
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Use Node.js 20
uses: actions/setup-node@v6
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: '20'

- name: Cache node modules
uses: actions/cache@v5
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
Expand All @@ -39,7 +42,7 @@ jobs:

- name: Upload Playwright report on failure
if: failure()
uses: actions/upload-artifact@v7
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
Comment thread
don-petry marked this conversation as resolved.
with:
name: playwright-report
path: playwright-report/
Expand Down
12 changes: 8 additions & 4 deletions .github/workflows/sonarcloud.yml
Original file line number Diff line number Diff line change
@@ -1,20 +1,24 @@
name: SonarCloud Analysis
permissions:
contents: read
pull-requests: read

permissions: {}

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: SonarCloud Scan
Expand Down
33 changes: 33 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Security Policy

## Supported Versions

| Version | Supported |
| ----------- | ------------------ |
| main branch | :white_check_mark: |

## Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly.

**Do not open a public issue.**

Instead, use one of the following methods:

1. **GitHub Private Vulnerability Reporting**: Use the [Security tab](https://github.com/petry-projects/google-app-scripts/security/advisories/new) to report a vulnerability privately.
2. **Email**: Send details to **security@petry-projects.dev**.

### What to include

- A description of the vulnerability
- Steps to reproduce the issue
- Any relevant logs or screenshots
- The potential impact of the vulnerability

### Response Timeline

- **Acknowledgement**: Within 48 hours of receiving your report.
- **Initial Assessment**: Within 5 business days.
- **Resolution**: We aim to release a fix within 30 days of confirming the vulnerability, depending on complexity.

We appreciate your help in keeping this project secure.
42 changes: 21 additions & 21 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading