diff --git a/.github/workflows/cleanup_closed_pr_packages.yaml b/.github/workflows/cleanup_closed_pr_packages.yaml index 7f29bc35b..11955945f 100644 --- a/.github/workflows/cleanup_closed_pr_packages.yaml +++ b/.github/workflows/cleanup_closed_pr_packages.yaml @@ -9,6 +9,9 @@ jobs: cleanup-package: name: Cleanup closed PR package runs-on: ubuntu-latest + permissions: + contents: read # Needed to checkout the repository if the action requires it (though this specific action might not) + packages: write # This is the crucial permission for deleting packages from GHCR steps: - name: Cleanup web package uses: snok/container-retention-policy@v2 diff --git a/.github/workflows/manual_test.yml b/.github/workflows/manual_test.yml index acddd2263..81b7bcd7d 100644 --- a/.github/workflows/manual_test.yml +++ b/.github/workflows/manual_test.yml @@ -1,4 +1,6 @@ name: On-demand tests +permissions: + contents: read # Required for actions/checkout and reading repo content on: workflow_dispatch: @@ -10,12 +12,11 @@ env: jobs: build_and_test: - strategy: matrix: - node-version: [18.x, 20.x, 22.x] + node-version: [20.x, 22.x] operating-system: [ubuntu-latest, windows-latest] - python-version: ['3.10', '3.11', '3.12'] + python-version: ['3.11', '3.12'] # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ runs-on: ${{ matrix.operating-system }} @@ -43,17 +44,18 @@ jobs: if: matrix.operating-system == 'ubuntu-latest' run: npm run start & - - name: Start application in background on Windows + - name: Test application build on Windows if: matrix.operating-system == 'windows-latest' - run: | - Start-Process -FilePath "npm" -ArgumentList "run start" -NoNewWindow + run: npm run build - name: Wait for the app to start + if: matrix.operating-system == 'ubuntu-latest' uses: iFaxity/wait-on-action@v1.2.1 with: resource: http://localhost:3000 - name: Run tests + if: matrix.operating-system == 'ubuntu-latest' uses: nick-fields/retry@v3 with: max_attempts: 2 diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 419de6f57..d29ed5b36 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -1,4 +1,6 @@ name: Node.js CI +permissions: + contents: read on: push: @@ -62,7 +64,6 @@ jobs: # when we run this action as depenabot, we need to give it write permissions to the package registry and to the statuses permissions: - contents: read packages: write statuses: write @@ -122,7 +123,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20.x' + node-version: '22.x' cache: 'npm' - name: webfactory/ssh-agent for dev 🖥️ diff --git a/.github/workflows/packages_retention.yaml b/.github/workflows/packages_retention.yaml index ee5e5ec52..85bad6c2d 100644 --- a/.github/workflows/packages_retention.yaml +++ b/.github/workflows/packages_retention.yaml @@ -9,6 +9,9 @@ jobs: cleanup-packages: name: Cleanup old GHCR docker packages runs-on: ubuntu-latest + permissions: + contents: read # Needed to checkout the repository if the action requires it (though this specific action might not) + packages: write # This is the crucial permission for deleting packages from GHCR steps: - name: Cleanup web outdated PR packages uses: snok/container-retention-policy@v2 diff --git a/buildPython.js b/buildPython.js index e7eb8fa0a..d832669c7 100644 --- a/buildPython.js +++ b/buildPython.js @@ -90,9 +90,7 @@ const saveFileName = (destFolder, fileName) => { }); measureTime('Installing build module for python', () => { - executeCommand( - `${venvCommandPrefix} pip install "poetry ~= 1.8.2" ${venvCommandSuffix}` - ); + executeCommand(`${venvCommandPrefix} pip install "poetry==1.8.5" ${venvCommandSuffix}`); }); measureTime('Building yaptide_converter', () => {