Update dependencies to address CVE-2024-7254 (#752) #146
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| uses: ./.github/workflows/test.yml | |
| publish-docs: | |
| needs: build | |
| name: Publish documentation | |
| permissions: | |
| pages: write | |
| id-token: write | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
| # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
| concurrency: | |
| group: pages | |
| cancel-in-progress: false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download site | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: site-doc | |
| - name: Download JavaDoc | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: java-doc | |
| path: ${{ github.ref_name }}/api/java | |
| - name: Download Node documentation | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: node-doc | |
| path: ${{ github.ref_name }}/api/node | |
| - name: Setup Pages | |
| uses: actions/configure-pages@v5 | |
| - name: Upload GitHub Pages content | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: . | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 | |
| publish-node: | |
| needs: build | |
| name: Publish Node package | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18 | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Build | |
| run: make build-node | |
| - name: Publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: ${{ github.workspace }}/.github/scripts/npm_publish.sh unstable | |
| working-directory: node | |
| publish-java: | |
| needs: build | |
| name: Publish Java artifact to GitHub Packages | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: temurin | |
| cache: maven | |
| gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| - name: Publish | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
| run: ${{ github.workspace }}/.github/scripts/maven_publish_snapshot.sh | |
| working-directory: java |