-
Notifications
You must be signed in to change notification settings - Fork 195
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add permissions block and actions analysis
This change does two things. If it is complicated to review I will split up. First, this ensures that all workflows have minimal permissions blocks. Second, this adds actions analysis.
- Loading branch information
1 parent
e9003a0
commit 323aa3e
Showing
7 changed files
with
229 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,9 @@ on: | |
| pull_request: | ||
| branches: [main] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| e2e-test: | ||
| name: E2E Test | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,6 +3,9 @@ on: | |
| issues: | ||
| types: [opened] | ||
|
|
||
| permissions: | ||
| issues: write | ||
|
|
||
| jobs: | ||
| label: | ||
| name: Label issue | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,6 +7,9 @@ on: | |
| branches: | ||
| - main | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,203 @@ | ||
| const { resolve } = require("path"); | ||
|
|
||
| const baseConfig = { | ||
| parser: "@typescript-eslint/parser", | ||
| files: [".js", ".ts", ".tsx "], | ||
|
|
||
| parserOptions: { | ||
| ecmaVersion: 2018, | ||
| sourceType: "module", | ||
| project: [ | ||
| resolve(__dirname, "tsconfig.lint.json"), | ||
| resolve(__dirname, "src/**/tsconfig.json"), | ||
| resolve(__dirname, "test/**/tsconfig.json"), | ||
| resolve(__dirname, "gulpfile.ts/tsconfig.json"), | ||
| resolve(__dirname, "scripts/tsconfig.json"), | ||
| resolve(__dirname, ".storybook/tsconfig.json"), | ||
| ], | ||
| }, | ||
| plugins: ["github", "@typescript-eslint", "etc"], | ||
| env: { | ||
| node: true, | ||
| es6: true, | ||
| }, | ||
| extends: [ | ||
| "eslint:recommended", | ||
| "plugin:github/recommended", | ||
| "plugin:github/typescript", | ||
| "plugin:jest-dom/recommended", | ||
| "plugin:prettier/recommended", | ||
| "plugin:@typescript-eslint/recommended", | ||
| "plugin:import/recommended", | ||
| "plugin:import/typescript", | ||
| "plugin:deprecation/recommended", | ||
| ], | ||
| rules: { | ||
| "@typescript-eslint/await-thenable": "error", | ||
| "@typescript-eslint/no-unused-vars": [ | ||
| "warn", | ||
| { | ||
| vars: "all", | ||
| args: "none", | ||
| ignoreRestSiblings: false, | ||
| }, | ||
| ], | ||
| "@typescript-eslint/no-explicit-any": "error", | ||
| "@typescript-eslint/no-floating-promises": ["error", { ignoreVoid: true }], | ||
| "@typescript-eslint/no-invalid-this": "off", | ||
| "@typescript-eslint/no-shadow": "off", | ||
| "prefer-const": ["warn", { destructuring: "all" }], | ||
| "@typescript-eslint/only-throw-error": "error", | ||
| "@typescript-eslint/consistent-type-imports": "error", | ||
| "import/consistent-type-specifier-style": ["error", "prefer-top-level"], | ||
| curly: ["error", "all"], | ||
| "escompat/no-regexp-lookbehind": "off", | ||
| "etc/no-implicit-any-catch": "error", | ||
| "filenames/match-regex": "off", | ||
| "i18n-text/no-en": "off", | ||
| "no-invalid-this": "off", | ||
| "no-console": "off", | ||
| "no-shadow": "off", | ||
| "github/array-foreach": "off", | ||
| "github/no-then": "off", | ||
| "react/jsx-key": ["error", { checkFragmentShorthand: true }], | ||
| "import/no-cycle": "error", | ||
| // Never allow extensions in import paths, except for JSON files where they are required. | ||
| "import/extensions": ["error", "never", { json: "always" }], | ||
| }, | ||
| settings: { | ||
| "import/resolver": { | ||
| typescript: true, | ||
| node: true, | ||
| }, | ||
| "import/extensions": [".js", ".jsx", ".ts", ".tsx", ".json"], | ||
| // vscode and sarif don't exist on-disk, but only provide types. | ||
| "import/core-modules": ["vscode", "sarif"], | ||
| }, | ||
| }; | ||
|
|
||
| module.exports = [ | ||
| baseConfig, | ||
| { | ||
| ignores: [ | ||
| ".vscode-test/", | ||
| "node_modules/", | ||
| "out/", | ||
| "build/", | ||
|
|
||
| // Ignore js files | ||
| "**/.*", | ||
| "**/jest.config.js", | ||
| "test/vscode-tests/activated-extension/jest-runner-vscode.config.js", | ||
| "test/vscode-tests/cli-integration/jest-runner-vscode.config.js", | ||
| "test/vscode-tests/jest-runner-vscode.config.base.js", | ||
| "test/vscode-tests/minimal-workspace/jest-runner-vscode.config.js", | ||
| "test/vscode-tests/no-workspace/jest-runner-vscode.config.js", | ||
|
|
||
| // Include the Storybook config | ||
| "!.storybook" | ||
| ] | ||
| }, | ||
| { | ||
| files: ["src/stories/**/*"], | ||
| parserOptions: { | ||
| project: resolve(__dirname, "src/stories/tsconfig.json"), | ||
| }, | ||
| extends: [ | ||
| ...baseConfig.extends, | ||
| "plugin:react/recommended", | ||
| "plugin:react/jsx-runtime", | ||
| "plugin:react-hooks/recommended", | ||
| "plugin:storybook/recommended", | ||
| "plugin:github/react", | ||
| ], | ||
| rules: { | ||
| ...baseConfig.rules, | ||
| }, | ||
| settings: { | ||
| react: { | ||
| version: "detect", | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| files: ["src/view/**/*"], | ||
| parserOptions: { | ||
| project: resolve(__dirname, "src/view/tsconfig.json"), | ||
| }, | ||
| extends: [ | ||
| ...baseConfig.extends, | ||
| "plugin:react/recommended", | ||
| "plugin:react/jsx-runtime", | ||
| "plugin:react-hooks/recommended", | ||
| "plugin:github/react", | ||
| ], | ||
| rules: { | ||
| ...baseConfig.rules, | ||
| }, | ||
| settings: { | ||
| react: { | ||
| version: "detect", | ||
| }, | ||
| }, | ||
| }, | ||
| { | ||
| files: ["test/vscode-tests/**/*"], | ||
| parserOptions: { | ||
| project: resolve(__dirname, "test/tsconfig.json"), | ||
| }, | ||
| env: { | ||
| jest: true, | ||
| }, | ||
| rules: { | ||
| ...baseConfig.rules, | ||
| // We want to allow mocking of functions in modules, so we need to allow namespace imports. | ||
| "import/no-namespace": "off", | ||
| "@typescript-eslint/no-unsafe-function-type": "off", | ||
| }, | ||
| }, | ||
| { | ||
| files: ["test/**/*"], | ||
| parserOptions: { | ||
| project: resolve(__dirname, "test/tsconfig.json"), | ||
| }, | ||
| env: { | ||
| jest: true, | ||
| }, | ||
| rules: { | ||
| "@typescript-eslint/no-explicit-any": "off", | ||
| }, | ||
| }, | ||
| { | ||
| files: [ | ||
| ".eslintrc.js", | ||
| "test/**/jest-runner-vscode.config.js", | ||
| "test/**/jest-runner-vscode.config.base.js", | ||
| ], | ||
| parser: undefined, | ||
| plugins: ["github"], | ||
| extends: [ | ||
| "eslint:recommended", | ||
| "plugin:github/recommended", | ||
| "plugin:prettier/recommended", | ||
| ], | ||
| rules: { | ||
| "import/no-commonjs": "off", | ||
| "prefer-template": "off", | ||
| "filenames/match-regex": "off", | ||
| "@typescript-eslint/no-var-requires": "off", | ||
| }, | ||
| }, | ||
| { | ||
| files: [".storybook/**/*.tsx"], | ||
| parserOptions: { | ||
| project: resolve(__dirname, ".storybook/tsconfig.json"), | ||
| }, | ||
| rules: { | ||
| ...baseConfig.rules, | ||
| // Storybook doesn't use the automatic JSX runtime in the addon yet, so we need to allow | ||
| // `React` to be imported. | ||
| "import/no-namespace": ["error", { ignore: ["react"] }], | ||
| }, | ||
| }, | ||
| ]; |