GitHub Actions Improvements

trimble-oss · Apr 17, 2024 · d8b90d3 · d8b90d3
1 parent bfde9ef
commit d8b90d3
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 13 deletions.
diff --git a/.github/workflows/azure-static-web-apps-deploy.yml b/.github/workflows/azure-static-web-apps-deploy.yml
@@ -23,7 +23,6 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v3
         with:
-          hugo-version: "0.122.0"
           extended: true
 
       - run: npm i

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -6,8 +6,9 @@ on:
       - "dependabot/**"
   pull_request:
     branches: [main]
+  workflow_dispatch:
 
-permissions:  # added using https://github.com/step-security/secure-workflows
+permissions:
   contents: read
 
 jobs:
@@ -32,6 +33,9 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
+          queries: +security-and-quality
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -10,6 +10,8 @@ jobs:
     steps:
       - name: "Checkout Repository"
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: "Dependency Review"
         uses: actions/dependency-review-action@v4
diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
@@ -16,6 +16,8 @@ jobs:
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: streetsidesoftware/cspell-action@v6
         with:
           check_dot_files: false

diff --git a/.github/workflows/whitesource-scan.yml b/.github/workflows/whitesource-scan.yml
@@ -3,6 +3,7 @@ name: WhiteSource Scan
 on:
   schedule:
     - cron: '0 0 1 * *'
+  workflow_dispatch:
 
 permissions:  # added using https://github.com/step-security/secure-workflows
   contents: read

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -39,15 +39,15 @@
     "eslint": "8.57.0",
     "eslint-config-prettier": "9.1.0",
     "htmlhint": "1.1.4",
-    "hugo-bin": "0.121.1",
+    "hugo-bin": "0.122.0",
     "jquery": "3.7.1",
     "npm-run-all": "4.1.5",
     "popper.js": "1.16.1",
     "postcss": "8.4.38",
     "postcss-cli": "11.0.0",
     "prettier": "3.2.5",
     "stylelint": "16.3.1",
-    "stylelint-config-standard-scss": "13.0.0"
+    "stylelint-config-standard-scss": "13.1.0"
   },
   "hugo-bin": {
     "buildTags": "extended"