mirror of
https://github.com/supabase/supabase.git
synced 2026-05-31 09:52:58 +08:00
c9cc6cd835
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Chore, CI hardening ## Additional context Hardens all GitHub actions to recommendations of [zizmor](https://docs.zizmor.sh/audits/) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Disabled persistence of checkout credentials across many CI workflows to reduce credential exposure. * Upgraded GitHub App token tooling and tightened generated token permissions for automation. * Added cooldown/rate-limiting to dependency update automation to reduce update churn. * Adjusted workflow-level permissions, required secret inputs for workflow callers, and refactored some job step logic. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46454?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com>
60 lines
1.9 KiB
YAML
60 lines
1.9 KiB
YAML
name: '[Docs] Sync troubleshooting guides to GitHub Discussions'
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- 'apps/docs/content/troubleshooting/**'
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
update-troubleshooting:
|
|
runs-on: blacksmith-4vcpu-ubuntu-2404
|
|
|
|
env:
|
|
DOCS_GITHUB_APP_ID: ${{ secrets.SEARCH_GITHUB_APP_ID }}
|
|
DOCS_GITHUB_APP_INSTALLATION_ID: ${{ secrets.SEARCH_GITHUB_APP_INSTALLATION_ID }}
|
|
DOCS_GITHUB_APP_PRIVATE_KEY: ${{ secrets.SEARCH_GITHUB_APP_PRIVATE_KEY }}
|
|
NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.SEARCH_SUPABASE_URL }}
|
|
SUPABASE_SECRET_KEY: ${{ secrets.SEARCH_SUPABASE_SERVICE_ROLE_KEY }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
|
|
with:
|
|
persist-credentials: false
|
|
sparse-checkout: |
|
|
apps/docs
|
|
patches
|
|
|
|
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
|
|
name: Install pnpm
|
|
with:
|
|
run_install: false
|
|
|
|
- name: Use Node.js
|
|
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
|
with:
|
|
node-version-file: '.nvmrc'
|
|
cache: 'pnpm'
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Run Troubleshooting script
|
|
run: pnpm run --filter docs troubleshooting:sync
|
|
|
|
- name: Create Pull Request
|
|
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
|
|
with:
|
|
commit-message: '[bot] sync troubleshooting guides to db'
|
|
title: '[bot] sync troubleshooting guides to db'
|
|
author: 'github-docs-sync-bot <github-docs-sync-bot@supabase.com>'
|
|
branch: 'bot/docs-sync-troubleshooting'
|
|
branch-suffix: 'random'
|
|
labels: 'documentation'
|