mirror of
https://github.com/supabase/supabase.git
synced 2026-06-01 02:14:43 +08:00
c9cc6cd835
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Chore, CI hardening ## Additional context Hardens all GitHub actions to recommendations of [zizmor](https://docs.zizmor.sh/audits/) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Disabled persistence of checkout credentials across many CI workflows to reduce credential exposure. * Upgraded GitHub App token tooling and tightened generated token permissions for automation. * Added cooldown/rate-limiting to dependency update automation to reduce update churn. * Adjusted workflow-level permissions, required secret inputs for workflow callers, and refactored some job step logic. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46454?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com>
89 lines
2.9 KiB
YAML
89 lines
2.9 KiB
YAML
name: Update JS Client Libraries Docs
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Version that was released (e.g., patch, minor, major, or v2.1.0)'
|
|
required: true
|
|
type: string
|
|
source:
|
|
description: 'Source of the documentation update'
|
|
required: false
|
|
type: string
|
|
default: 'manual'
|
|
|
|
permissions:
|
|
pull-requests: write
|
|
contents: write
|
|
|
|
jobs:
|
|
update-docs:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
|
|
with:
|
|
persist-credentials: false
|
|
ref: master
|
|
|
|
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
|
|
name: Install pnpm
|
|
with:
|
|
run_install: false
|
|
|
|
- name: Use Node.js
|
|
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
|
with:
|
|
node-version-file: '.nvmrc'
|
|
cache: 'pnpm'
|
|
|
|
- name: Install deps
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Regenerate JS client libraries tsdoc files
|
|
working-directory: apps/docs/spec
|
|
env:
|
|
SOURCE: ${{ github.event.inputs.source }}
|
|
VERSION: ${{ github.event.inputs.version }}
|
|
run: |
|
|
echo "Regenerating tsdoc files for JS client libraries..."
|
|
echo "Source: ${SOURCE}"
|
|
echo "Version: ${VERSION}"
|
|
make
|
|
|
|
- name: Generate new typespec snapshot
|
|
working-directory: apps/docs
|
|
run: |
|
|
echo "Generating new typespec snapshot for review..."
|
|
npx vitest run --update --dir features/docs
|
|
|
|
- name: Generate token
|
|
id: app-token
|
|
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
|
|
with:
|
|
client-id: ${{ vars.GH_AUTOFIX_APP_CLIENT_ID }}
|
|
private-key: ${{ secrets.GH_AUTOFIX_PRIVATE_KEY }}
|
|
permission-contents: write
|
|
permission-pull-requests: write
|
|
|
|
|
|
- name: Create pull request
|
|
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
|
|
with:
|
|
token: ${{ steps.app-token.outputs.token }}
|
|
commit-message: 'docs: update js sdk docs (${{ github.event.inputs.version }})'
|
|
title: 'docs: update js sdk docs (${{ github.event.inputs.version }})'
|
|
body: |
|
|
Updates JS sdk documentation following stable release.
|
|
Ran `make` in apps/docs/spec to regenerate tsdoc files.
|
|
|
|
**Details:**
|
|
- **Version:** `${{ github.event.inputs.version }}`
|
|
- **Source:** `${{ github.event.inputs.source }}`
|
|
- **Changes:** Regenerated tsdoc files from latest spec files
|
|
|
|
🤖 Auto-generated from @supabase/supabase-js stable release.
|
|
branch: 'gha/update-js-sdk-docs-${{ github.run_number }}'
|
|
base: 'master'
|