-
Notifications
You must be signed in to change notification settings - Fork 876
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: update workflows #1471
ci: update workflows #1471
Conversation
@mcollina as discussed, this is part of improving Pino's repo CI and bringing it up to Fastify's standard. If happy with this PR i'll make equivalents in the other repos. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
go for it! This is amazing work! |
Please put some stuff in the
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
This PR:
persist-credentials
to false, they are not used after the initial checkout--ignore-scripts
option tonpm install
commands to protect against malicious scripts in dependenciesactions/dependency-review-action
into the mainci.yml
workflow, and deletes the olddependency-review.yml
workflow (brings it more into line with Fastify's CI style and makes it easier to maintain)concurrency
inci.yml
; see related docs, this allows a subsequently queued workflow run to interrupt previous runs in PRsactions/dependency-review-action
does the same thing as Snyk, so it is no longer needed.gitignore
template, whilst also adding the pnpm lockfilebench.yml
tolts/*
, so it will always test with the current LTS, and it doesn't need to be updated when the LTS changesif
to the automerge job inci.yml
; this stops the job from running if the user is not Dependabot, saving a few seconds CI run time