Chalarangelo/30-seconds-of-code

4 workflows · maturity 33% · 1 patterns · GitHub ↗

Security 6.25/100

Practices

✓ Matrix✓ Permissions○ Security scan○ AI review○ Cache○ Concurrency○ Reusable workflows

Detected patterns

least-privilege-permissions

Security dimensions

permissions
6.3
security scan
0
supply chain
0
secret handling
0
harden runner
0

Workflows (4)

deploy-production .github/workflows/deploy-production.yml
Triggers
schedule, workflow_dispatch
Runs on
ubuntu-latest
Jobs
deploy
Commands
  • chmod +x ./bin/deploy ./bin/deploy production
View raw YAML 
name: Deploy production
on:
  schedule:
    - cron: "20 18 * * *"
  workflow_dispatch:
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Run the Cloudflare build hook
      env:
        DEPLOY_URL: ${{ secrets.CF_BUILD_HOOK_URL }}
        DEPLOY_TRIGGER: ${{ github.event_name }}
      run: |
        chmod +x ./bin/deploy
        ./bin/deploy production
label .github/workflows/label.yml
Triggers
pull_request_target
Runs on
ubuntu-latest
Jobs
label
Actions
actions/labeler
View raw YAML 
# This workflow will triage pull requests and apply a label based on the
# paths that are modified in the pull request.
#
# To use this workflow, you will need to set up a .github/labeler.yml
# file with configuration.  For more information, see:
# https://github.com/actions/labeler

name: Labeler
on: [pull_request_target]

jobs:
  label:

    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
    - uses: actions/labeler@v4
      with:
        repo-token: "${{ secrets.GITHUB_TOKEN }}"
stale .github/workflows/stale.yml
Triggers
schedule
Runs on
ubuntu-latest
Jobs
stale
Actions
actions/stale
View raw YAML 
# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
#
# You can adjust the behavior by modifying this file.
# For more information, see:
# https://github.com/actions/stale
name: Mark stale issues and pull requests

on:
  schedule:
  - cron: '44 0 * * *'

jobs:
  stale:

    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write

    steps:
    - uses: actions/stale@v5
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        stale-issue-message: 'This issue has been inactive for a while, marking as stale.'
        stale-pr-message: 'This pull request has been inactive for a while, marking as stale.'
        stale-issue-label: 'stale'
        stale-pr-label: 'stale'
        days-before-stale: 14
        days-before-close: 7
        exempt-assignees: 'Chalarangelo'
        close-issue-message: 'This issue has been stale for a while, closing due to inactivity.'
        close-pr-message: 'This pull request has been inactive for a while, closing due to inactivity.'
test matrix perms .github/workflows/test.yml
Triggers
push, pull_request
Runs on
ubuntu-latest
Jobs
js_tests
Matrix
node-version→ 22.14.0
Commands
  • npm ci
  • npm test
View raw YAML 
name: Run tests
permissions:
  contents: read
on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
jobs:
  js_tests:
    name: 'Node.js ${{ matrix.node-version }} tests'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [22.14.0]
    steps:
    - uses: actions/checkout@v4
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
    - run: npm ci
    - run: npm test