diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0fb8676..9322ba5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,8 @@ name: Push commit to schema registry +permissions: + contents: read + on: push: branches: @@ -11,10 +14,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Buf - uses: bufbuild/buf-setup-action@v1.18.0 + uses: bufbuild/buf-setup-action@v1.26.1 with: github_token: ${{ github.token }} diff --git a/.github/workflows/create_tag.yml b/.github/workflows/create_tag.yml index 3c49457..482ea79 100644 --- a/.github/workflows/create_tag.yml +++ b/.github/workflows/create_tag.yml @@ -1,5 +1,8 @@ name: Create tag +permissions: + contents: write + on: workflow_dispatch: inputs: @@ -18,7 +21,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - id: version @@ -47,7 +50,7 @@ jobs: echo "NEW_VERSION=v$MAJOR.$MINOR.$PATCH" >> $GITHUB_OUTPUT - name: Create release - uses: ncipollo/release-action@v1.12.0 + uses: ncipollo/release-action@v1.13.0 with: name: Meshtastic Protobufs ${{ steps.version.outputs.NEW_VERSION }} tag: ${{ steps.version.outputs.NEW_VERSION }} @@ -55,7 +58,7 @@ jobs: token: ${{ github.token }} - name: Setup Buf - uses: bufbuild/buf-setup-action@v1 + uses: bufbuild/buf-setup-action@v1.26.1 with: github_token: ${{ github.token }} diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml deleted file mode 100644 index d9d52a2..0000000 --- a/.github/workflows/nightly.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Nightly -on: - schedule: - - cron: 0 8 * * 1-5 - workflow_dispatch: {} - -jobs: - trunk_check: - name: Trunk Check Upload - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Trunk Check - uses: trunk-io/trunk-action@v1 - with: - trunk-token: ${{ secrets.TRUNK_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index da3d251..a54687d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,5 +1,8 @@ name: Push new version to schema registry +permissions: + contents: read + on: push: tags: @@ -11,10 +14,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Buf - uses: bufbuild/buf-setup-action@v1 + uses: bufbuild/buf-setup-action@v1.26.1 with: github_token: ${{ github.token }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index a7b6e68..598c808 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,4 +1,8 @@ name: pull-request + +permissions: + contents: read + on: pull_request jobs: build: @@ -6,18 +10,18 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Buf - uses: bufbuild/buf-setup-action@v1 + uses: bufbuild/buf-setup-action@v1.26.1 with: github_token: ${{ github.token }} - name: Lint - uses: bufbuild/buf-lint-action@v1 + uses: bufbuild/buf-lint-action@v1.0.3 - name: Push to schema registry - uses: bufbuild/buf-push-action@v1 + uses: bufbuild/buf-push-action@v1.1.1 with: buf_token: ${{ secrets.BUF_TOKEN }} draft: ${{ github.ref_name != 'master'}} diff --git a/.trunk/.gitignore b/.trunk/.gitignore index 8130ba6..1e24652 100644 --- a/.trunk/.gitignore +++ b/.trunk/.gitignore @@ -2,7 +2,7 @@ *logs *actions *notifications +*tools plugins user_trunk.yaml user.yaml -shims diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index b685b59..acdfaad 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,25 +1,28 @@ version: 0.1 cli: - version: 1.10.0 + version: 1.16.2 plugins: sources: - id: trunk - ref: v0.0.17 + ref: v1.2.5 uri: https://github.com/trunk-io/plugins lint: enabled: + - checkov@2.4.9 + - trivy@0.45.1 + - trufflehog@3.57.0 - yamllint@1.32.0 - - buf-lint@1.20.0 - - buf-breaking@1.20.0 - - actionlint@1.6.24 - - markdownlint@0.34.0 - - prettier@2.8.8 - - gitleaks@8.16.3 + - buf-lint@1.26.1 + - buf-breaking@1.26.1 + - actionlint@1.6.26 + - markdownlint@0.37.0 + - prettier@3.0.3 + - gitleaks@8.18.0 - git-diff-check runtimes: enabled: - python@3.10.8 - - go@1.19.5 + - go@1.21.0 - node@18.12.1 actions: disabled: