From e05ba59cd034ace74e7fa8209adbc25daf3d052b Mon Sep 17 00:00:00 2001 From: Atsushi Nakamura <16175660+nuitsjp@users.noreply.github.com> Date: Fri, 21 Nov 2025 09:01:01 +0900 Subject: [PATCH 1/3] chore: split heavy workflows --- .github/workflows/codeql.yml | 38 +++++++++ .github/workflows/dependency-audit.yml | 29 +++++++ .github/workflows/licensed.yml | 56 ++++++++++++++ .github/workflows/npm-ci.yml | 103 ------------------------- 4 files changed, 123 insertions(+), 103 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependency-audit.yml create mode 100644 .github/workflows/licensed.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..7b00737 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,38 @@ +name: CodeQL + +on: + schedule: + - cron: '0 6 * * *' + workflow_dispatch: + +permissions: + actions: read + checks: write + contents: read + security-events: write + +jobs: + analyze: + name: CodeQL Analyze + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + language: + - typescript + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + config-file: .github/codeql/codeql-config.yml + languages: ${{ matrix.language }} + source-root: src + + - name: Autobuild + uses: github/codeql-action/autobuild@v4 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml new file mode 100644 index 0000000..6df5511 --- /dev/null +++ b/.github/workflows/dependency-audit.yml @@ -0,0 +1,29 @@ +name: Dependency Audit + +on: + schedule: + - cron: '0 3 * * *' + workflow_dispatch: + +permissions: + contents: read + +jobs: + audit: + name: npm audit (production, high+) + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Setup Node.js + uses: actions/setup-node@v6 + with: + node-version-file: .node-version + cache: npm + + - name: Install Dependencies + run: npm ci + + - name: npm audit (production, high+) + run: npm audit --omit=dev --audit-level=high diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml new file mode 100644 index 0000000..aaeb504 --- /dev/null +++ b/.github/workflows/licensed.yml @@ -0,0 +1,56 @@ +name: Licensed + +on: + schedule: + - cron: '0 15 * * 0,3' + workflow_dispatch: + +permissions: + contents: write + +jobs: + licensed: + name: Check Licenses + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Setup Node.js + uses: actions/setup-node@v6 + with: + node-version-file: .node-version + cache: npm + + - name: Install Dependencies + run: npm ci + + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ruby + + - uses: licensee/setup-licensed@v1.3.2 + with: + version: 4.x + github_token: ${{ secrets.GITHUB_TOKEN }} + + - if: ${{ github.event_name == 'workflow_dispatch' }} + name: Update Licenses + run: licensed cache + + - if: ${{ github.event_name == 'workflow_dispatch' }} + name: Commit Licenses + run: | + git config --local user.email "licensed-ci@users.noreply.github.com" + git config --local user.name "licensed-ci" + git add . + if git diff --staged --quiet; then + echo "No changes to commit" + else + git commit -m "Auto-update license files" + git push + fi + + - name: Check Licenses + run: licensed status diff --git a/.github/workflows/npm-ci.yml b/.github/workflows/npm-ci.yml index 90ce647..af55e61 100644 --- a/.github/workflows/npm-ci.yml +++ b/.github/workflows/npm-ci.yml @@ -7,8 +7,6 @@ on: push: branches: - main - schedule: - - cron: '31 7 * * 3' workflow_dispatch: permissions: @@ -17,7 +15,6 @@ permissions: jobs: lint: name: Format & Lint - if: github.event_name != 'schedule' runs-on: ubuntu-latest steps: - name: Checkout @@ -40,7 +37,6 @@ jobs: test: name: Tests - if: github.event_name != 'schedule' runs-on: ubuntu-latest steps: - name: Checkout @@ -60,7 +56,6 @@ jobs: bundle: name: Bundle & Check dist - if: github.event_name != 'schedule' runs-on: ubuntu-latest needs: lint steps: @@ -99,101 +94,3 @@ jobs: with: name: dist path: dist/ - - dependency-audit: - name: Dependency Audit - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Setup Node.js - uses: actions/setup-node@v6 - with: - node-version-file: .node-version - cache: npm - - - name: Install Dependencies - run: npm ci - - - name: npm audit (production, high+) - run: npm audit --omit=dev --audit-level=high - - analyze: - name: CodeQL Analyze - runs-on: ubuntu-latest - permissions: - actions: read - checks: write - contents: read - security-events: write - strategy: - fail-fast: false - matrix: - language: - - typescript - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - config-file: .github/codeql/codeql-config.yml - languages: ${{ matrix.language }} - source-root: src - - - name: Autobuild - uses: github/codeql-action/autobuild@v4 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 - - licensed: - name: Check Licenses - if: github.event_name != 'schedule' - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Setup Node.js - uses: actions/setup-node@v6 - with: - node-version-file: .node-version - cache: npm - - - name: Install Dependencies - run: npm ci - - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: ruby - - - uses: licensee/setup-licensed@v1.3.2 - with: - version: 4.x - github_token: ${{ secrets.GITHUB_TOKEN }} - - - if: ${{ github.event_name == 'workflow_dispatch' }} - name: Update Licenses - run: licensed cache - - - if: ${{ github.event_name == 'workflow_dispatch' }} - name: Commit Licenses - run: | - git config --local user.email "licensed-ci@users.noreply.github.com" - git config --local user.name "licensed-ci" - git add . - if git diff --staged --quiet; then - echo "No changes to commit" - else - git commit -m "Auto-update license files" - git push - fi - - - name: Check Licenses - run: licensed status From 34cc2e0a495d8048b8ab8bf4140429b31357ebd7 Mon Sep 17 00:00:00 2001 From: Atsushi Nakamura <16175660+nuitsjp@users.noreply.github.com> Date: Fri, 21 Nov 2025 09:03:25 +0900 Subject: [PATCH 2/3] chore: temp push triggers for workflow tests --- .github/workflows/codeql.yml | 3 +++ .github/workflows/dependency-audit.yml | 3 +++ .github/workflows/licensed.yml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7b00737..13ec784 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,6 +1,9 @@ name: CodeQL on: + push: + branches: + - chore/split-workflows schedule: - cron: '0 6 * * *' workflow_dispatch: diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml index 6df5511..2908ca0 100644 --- a/.github/workflows/dependency-audit.yml +++ b/.github/workflows/dependency-audit.yml @@ -1,6 +1,9 @@ name: Dependency Audit on: + push: + branches: + - chore/split-workflows schedule: - cron: '0 3 * * *' workflow_dispatch: diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index aaeb504..012a221 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -1,6 +1,9 @@ name: Licensed on: + push: + branches: + - chore/split-workflows schedule: - cron: '0 15 * * 0,3' workflow_dispatch: From 8baabd3f2c2dec8bc9498de634aa5c7832c116df Mon Sep 17 00:00:00 2001 From: Atsushi Nakamura <16175660+nuitsjp@users.noreply.github.com> Date: Fri, 21 Nov 2025 09:05:51 +0900 Subject: [PATCH 3/3] Revert "chore: temp push triggers for workflow tests" This reverts commit 34cc2e0a495d8048b8ab8bf4140429b31357ebd7. --- .github/workflows/codeql.yml | 3 --- .github/workflows/dependency-audit.yml | 3 --- .github/workflows/licensed.yml | 3 --- 3 files changed, 9 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 13ec784..7b00737 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,9 +1,6 @@ name: CodeQL on: - push: - branches: - - chore/split-workflows schedule: - cron: '0 6 * * *' workflow_dispatch: diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml index 2908ca0..6df5511 100644 --- a/.github/workflows/dependency-audit.yml +++ b/.github/workflows/dependency-audit.yml @@ -1,9 +1,6 @@ name: Dependency Audit on: - push: - branches: - - chore/split-workflows schedule: - cron: '0 3 * * *' workflow_dispatch: diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index 012a221..aaeb504 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -1,9 +1,6 @@ name: Licensed on: - push: - branches: - - chore/split-workflows schedule: - cron: '0 15 * * 0,3' workflow_dispatch: