Fix actions #27
Merged
Fix actions #27
+16
−51
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… org secret" This reverts commit d292456.
- Update `action.yml` to use Node 20 - Set default Node version to 20 in `.github/workflows/ci.yml` - Quote `$GITHUB_OUTPUT` in `ci.yml` to fix shellcheck SC2086 Generated-by: GitHub Copilot <copilot@github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR updates GitHub Actions configuration and dependency automation to improve consistency in runtime settings and make dependency updates easier to manage.
Changes:
- Set the custom action runtime to
node20and adjusted CI’s fallback Node version to 20. - Updated the secret scanning workflow to pass Gitleaks credentials via
env:instead ofwith:. - Added Dependabot grouping for npm updates to separate minor/patch vs major bumps.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
action.yml |
Updates the action runtime from Node 22 to Node 20. |
.github/workflows/ci.yml |
Changes CI’s default/fallback Node version and improves $GITHUB_OUTPUT quoting. |
.github/workflows/secret-scanning.yml |
Switches Gitleaks secrets from with: to environment variables. |
.github/dependabot.yml |
Adds npm dependency grouping for minor/patch vs major updates. |
package-lock.json |
Removes the lodash.merge lockfile entry. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Change from volta lookup to engines in package.json Authored-by: Ashley Childress <6563688+anchildress1@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
- Set to auto-run anyway Authored-by: Ashley Childress <6563688+anchildress1@users.noreply.github.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request mainly updates configuration files to improve dependency management and CI compatibility. The most significant changes involve grouping npm dependency updates in Dependabot, aligning Node.js versions across workflows and actions, and fixing an environment variable usage in the secret scanning workflow.
Dependabot configuration improvements:
.github/dependabot.yml, separating minor/patch updates from major updates for better control over update PRs..github/dependabot.yml. [1] [2]CI and workflow updates:
.github/workflows/ci.ymlto use theengines.nodefield frompackage.json(defaulting to 20 if not set), and improved output syntax.action.ymlfromnode22tonode20for compatibility with current environments..github/workflows/secret-scanning.ymlby switching fromwithtoenv.