From 22c275c1fd9629eb98e036096a9bc7c397d40d2f Mon Sep 17 00:00:00 2001 From: SuperCoolPencil Date: Fri, 24 Apr 2026 22:22:04 +0530 Subject: [PATCH 1/2] chore: update GitHub Actions to latest versions, add commit linting, and configure native GitHub changelog generation --- .github/release.yml | 18 ++++++++++++++ .github/workflows/build-push-images.yml | 8 +++---- .github/workflows/commit-lint.yml | 24 +++++++++++++++++++ .../workflows/core-binary-size-compare.yml | 6 ++--- .github/workflows/core-build.yml | 12 +++++----- .github/workflows/core-lint.yml | 4 ++-- .github/workflows/extension-checks.yml | 12 +++++----- .github/workflows/extension.yml | 12 +++++----- .github/workflows/integration.yml | 6 ++--- .goreleaser.yaml | 8 ++----- 10 files changed, 74 insertions(+), 36 deletions(-) create mode 100644 .github/release.yml create mode 100644 .github/workflows/commit-lint.yml diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 00000000..d37fa8cf --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,18 @@ +changelog: + exclude: + labels: + - skip-changelog + authors: + - dependabot[bot] + categories: + - title: "Features" + labels: + - feat + - enhancement + - title: "Bug Fixes" + labels: + - fix + - bug + - title: "Internal Changes" + labels: + - "*" diff --git a/.github/workflows/build-push-images.yml b/.github/workflows/build-push-images.yml index aaeb3115..17a9b94c 100644 --- a/.github/workflows/build-push-images.yml +++ b/.github/workflows/build-push-images.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Get Surge version id: surge-version @@ -72,7 +72,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -80,7 +80,7 @@ jobs: - name: Extract metadata (tags, labels) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -88,7 +88,7 @@ jobs: type=raw,value=latest,enable=${{ steps.latest-tag.outputs.enable }} - name: Build and push Docker image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: docker file: docker/Dockerfile diff --git a/.github/workflows/commit-lint.yml b/.github/workflows/commit-lint.yml new file mode 100644 index 00000000..b1131c4d --- /dev/null +++ b/.github/workflows/commit-lint.yml @@ -0,0 +1,24 @@ +name: "Conventional Commits" + +on: + push: + branches: + - main + pull_request: + types: + - opened + - edited + - reopened + - synchronize + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Check commits + uses: webiny/action-conventional-commits@v1.3.1 diff --git a/.github/workflows/core-binary-size-compare.yml b/.github/workflows/core-binary-size-compare.yml index 8c370f49..2cc29d5c 100644 --- a/.github/workflows/core-binary-size-compare.yml +++ b/.github/workflows/core-binary-size-compare.yml @@ -19,12 +19,12 @@ jobs: name: Compare Binary Size runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25.0" check-latest: false @@ -61,7 +61,7 @@ jobs: echo "${{ github.event.pull_request.number }}" > pr_number.txt - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: binary-size-data path: | diff --git a/.github/workflows/core-build.yml b/.github/workflows/core-build.yml index 9816d607..2e39eb95 100644 --- a/.github/workflows/core-build.yml +++ b/.github/workflows/core-build.yml @@ -29,9 +29,9 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25.0" check-latest: false @@ -49,7 +49,7 @@ jobs: fi gotestsum --junitfile test-results.xml --format testdox $cover_arg ./... - name: Upload Test Results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 if: always() with: name: test-results-${{ matrix.os }} @@ -69,15 +69,15 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') && !startsWith(github.ref, 'refs/tags/ext-v') steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25.0" - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@v7 with: distribution: goreleaser-pro version: latest diff --git a/.github/workflows/core-lint.yml b/.github/workflows/core-lint.yml index c9cf8b38..a6d15958 100644 --- a/.github/workflows/core-lint.yml +++ b/.github/workflows/core-lint.yml @@ -22,8 +22,8 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6 + - uses: actions/setup-go@v6 with: go-version: '1.25.0' - name: golangci-lint diff --git a/.github/workflows/extension-checks.yml b/.github/workflows/extension-checks.yml index 6fbf7594..39a0c78d 100644 --- a/.github/workflows/extension-checks.yml +++ b/.github/workflows/extension-checks.yml @@ -14,9 +14,9 @@ jobs: run: working-directory: extension steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: "22" cache: "npm" @@ -32,9 +32,9 @@ jobs: run: working-directory: extension steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: "22" cache: "npm" @@ -50,9 +50,9 @@ jobs: run: working-directory: extension steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: "22" cache: "npm" diff --git a/.github/workflows/extension.yml b/.github/workflows/extension.yml index 527aa05a..b200a395 100644 --- a/.github/workflows/extension.yml +++ b/.github/workflows/extension.yml @@ -36,9 +36,9 @@ jobs: run: working-directory: extension steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: "22" cache: "npm" @@ -54,7 +54,7 @@ jobs: run: | npm run zip -- -b ${{ matrix.browser }} - name: Upload Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: extension-${{ matrix.browser }} path: extension/output/*.zip @@ -76,15 +76,15 @@ jobs: if: startsWith(github.ref, 'refs/tags/ext-v') runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Download all artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: path: artifacts pattern: extension-* merge-multiple: true - name: Create Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v3 with: files: artifacts/*.zip generate_release_notes: true diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 2db85e0e..9df6f953 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -33,10 +33,10 @@ jobs: name: Extension ↔ Surge Backend runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.25.0" check-latest: false @@ -45,7 +45,7 @@ jobs: run: go build -o surge . - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: "22" cache: "npm" diff --git a/.goreleaser.yaml b/.goreleaser.yaml index bece9cd9..cd10aced 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -21,6 +21,7 @@ before: - ./scripts/package-themes.sh release: + header: "## Changelog" footer: | --- **Enjoying Surge?** Consider supporting the project to keep it blazing fast! @@ -32,12 +33,7 @@ release: - glob: .goreleaser-extra/themes.zip changelog: - sort: asc - - filters: - exclude: - - "^docs:" - - "^test:" + use: github-native archives: - formats: [ tar.gz ] From 262e55c710e57afc7a5fba7b651a2bc8d88bf1d5 Mon Sep 17 00:00:00 2001 From: Meet Mehta Date: Fri, 24 Apr 2026 22:24:25 +0530 Subject: [PATCH 2/2] Potential fix for pull request finding 'CodeQL / Workflow does not contain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/commit-lint.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/commit-lint.yml b/.github/workflows/commit-lint.yml index b1131c4d..76196c96 100644 --- a/.github/workflows/commit-lint.yml +++ b/.github/workflows/commit-lint.yml @@ -11,6 +11,9 @@ on: - reopened - synchronize +permissions: + contents: read + jobs: lint: runs-on: ubuntu-latest