updates and new actions

Consensys · Jul 9, 2024 · cc8b9d9 · cc8b9d9
1 parent 8925f44
commit cc8b9d9
Show file tree

Hide file tree

Showing 13 changed files with 169 additions and 16 deletions.
diff --git a/.github/workflows/algolia-search-scraper.yaml b/.github/workflows/algolia-search-scraper.yaml
@@ -26,15 +26,15 @@ jobs:
             "orion",
           ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: config
         name: Read ${{ matrix.version }}.json
         shell: bash
         run: |
           content=$(cat ./.github/config/${{ matrix.version }}.json | jq -r tostring)
           echo "configJSON=$content" >> $GITHUB_OUTPUT
       - name: Checkout algolia/docsearch-scraper
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: algolia/docsearch-scraper
           path: "./algolia"

diff --git a/.github/workflows/gh-pages-publish.yml b/.github/workflows/gh-pages-publish.yml
@@ -0,0 +1,46 @@
+name: Publish docs to GitHub Pages
+
+on:
+  workflow_call:
+    inputs:
+      destination_dir:
+        type: string
+      ref:
+        required: false
+        type: string
+
+jobs:
+  publish-docs-to-gh-pages:
+    name: Publish docs to GitHub Pages
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+          submodules: true
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'yarn'
+      - name: Configure Npm
+        run: |
+          npm config set @codefi:registry ${{ env.NPM_PRIVATE_REGISTRY_URL }}
+          npm config set ${{ env.NPM_PRIVATE_REGISTRY_URL }}:_authToken=${{ env.NPM_PRIVATE_REGISTRY_TOKEN }}
+        env:
+          NPM_PRIVATE_REGISTRY_URL: ${{ secrets.NPM_PRIVATE_REGISTRY_URL }}
+          NPM_PRIVATE_REGISTRY_TOKEN: ${{ secrets.NPM_PRIVATE_REGISTRY_TOKEN }}          
+      - name: Install npm dependencies
+        run: yarn --immutable
+      - name: Run build script
+        run: DEST="/${{ inputs.destination_dir }}" yarn build
+      - name: Deploy to `${{ inputs.destination_dir }}` directory of `gh-pages` branch
+        uses: peaceiris/actions-gh-pages@068dc23d9710f1ba62e86896f84735d869951305
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: ./build
+          destination_dir: ${{ inputs.destination_dir }}
+          keep_files: true
diff --git a/build/action.yml b/build/action.yml
@@ -12,7 +12,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha
@@ -23,7 +23,7 @@ runs:
       id: nvm
 
     - name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: https://registry.npmjs.org/
         node-version-file: '.nvmrc'

diff --git a/case/action.yml b/case/action.yml
@@ -20,7 +20,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha

diff --git a/dependency-review/action.yml b/dependency-review/action.yml
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+name: 'Dependency Review'
+
+inputs:
+  GITHUB_TOKEN:
+    description: 'Github secret Token'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout tools repo
+      uses: actions/checkout@v4
+      with:
+        repository: Consensys/docs-gha
+        path: .docs-gha
+
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v4
+      with:
+        fail-on-severity: high
+        deny-licenses: LGPL-2.0, BSD-2-Clause
diff --git a/linkcheck/action.yml b/linkcheck/action.yml
@@ -25,7 +25,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha

diff --git a/lint/action.yml b/lint/action.yml
@@ -12,7 +12,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha
@@ -23,7 +23,7 @@ runs:
       id: nvm
 
     - name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: https://registry.npmjs.org/
         node-version-file: '.nvmrc'

diff --git a/mm-security-scanner/action.yml b/mm-security-scanner/action.yml
@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+name: 'MetaMask Security Code Scanner'
+description: 'MetaMask Security Code Scanner'
+
+inputs:
+  GITHUB_TOKEN:
+    description: 'Github secret Token'
+    required: true
+  SECURITY_SCAN_METRICS_TOKEN:
+    description: 'Metrics token'
+    required: true
+  APPSEC_BOT_SLACK_WEBHOOK:
+    description: 'Slack webhook'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout tools repo
+      uses: actions/checkout@v4
+      with:
+        repository: Consensys/docs-gha
+        path: .docs-gha
+
+    - name: MetaMask Security Code Scanner
+      uses: MetaMask/Security-Code-Scanner@main
+      with:
+        repo: ${{ github.repository }}
+        paths_ignored: |
+          .storybook/
+          '**/__snapshots__/'
+          '**/*.snap'
+          '**/*.stories.js'
+          '**/*.stories.tsx'
+          '**/*.test.browser.ts*'
+          '**/*.test.js*'
+          '**/*.test.ts*'
+          '**/fixtures/'
+          '**/jest.config.js'
+          '**/jest.environment.js'
+          '**/mocks/'
+          '**/test*/'
+          docs/
+          e2e/
+          merged-packages/
+          node_modules
+          storybook/
+          test*/
+        rules_excluded: example
+        project_metrics_token: ${{ inputs.SECURITY_SCAN_METRICS_TOKEN }}
+        slack_webhook: ${{ inputs.APPSEC_BOT_SLACK_WEBHOOK }}
diff --git a/pages-deploy/action.yml b/pages-deploy/action.yml
@@ -12,7 +12,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha
@@ -23,7 +23,7 @@ runs:
       id: nvm
 
     - name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
         registry-url: https://registry.npmjs.org/      

diff --git a/pages-pr-deploy/action.yml b/pages-pr-deploy/action.yml
@@ -12,7 +12,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha
@@ -35,7 +35,7 @@ runs:
       id: nvm
 
     - name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
         registry-url: https://registry.npmjs.org/      

diff --git a/release/action.yml b/release/action.yml
@@ -16,7 +16,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha
@@ -27,7 +27,7 @@ runs:
       id: nvm
 
     - name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: https://registry.npmjs.org/
         node-version-file: '.nvmrc'

diff --git a/spelling/action.yml b/spelling/action.yml
@@ -12,13 +12,13 @@ runs:
   using: "composite"
   steps:
     - name: Checkout tools repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Consensys/docs-gha
         path: .docs-gha
 
     - name: Vale
-      uses: errata-ai/vale-action@v2.0.1
+      uses: errata-ai/vale-action@v2
       with:
         files: '["./docs/", "./blog/"]' 
         vale_flags: "--config ./.docs-gha/spelling/config/.vale.ini --glob='!docs/**/*.js'"        

diff --git a/trivy/action.yml b/trivy/action.yml
@@ -0,0 +1,32 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+name: 'Trivy'
+description: 'Composite action to run trivy on the npm package.json'
+
+inputs:
+  GITHUB_TOKEN:
+    description: 'Github secret Token'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout tools repo
+      uses: actions/checkout@v4
+      with:
+        repository: Consensys/docs-gha
+        path: .docs-gha
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/[email protected]       
+      with:
+        scan-type: 'fs'
+        ignore-unfixed: true
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+        severity: 'CRITICAL'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: 'trivy-results.sarif'