anuraghazra/github-readme-stats
14 workflows · maturity 50% · 3 patterns · GitHub ↗
Practices
✓ Matrix✓ Permissions✓ Security scan○ AI review○ Cache○ Concurrency○ Reusable workflows
Detected patterns
Security dimensions
Tools: github/codeql-action/analyze, github/codeql-action/init, github/codeql-action/upload-sarif, ossf/scorecard-action
Workflows (14)
codeql-analysis perms security .github/workflows/codeql-analysis.yml
View raw YAML
name: "Static code analysis workflow (CodeQL)"
on:
push:
branches:
- master
pull_request:
branches:
- master
permissions:
actions: read
checks: read
contents: read
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: read
repository-projects: read
security-events: write
statuses: read
jobs:
CodeQL-Build:
if: github.repository == 'anuraghazra/github-readme-stats'
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@46a6823b81f2d7c67ddf123851eea88365bc8a67 # v2.13.5
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@46a6823b81f2d7c67ddf123851eea88365bc8a67 # v2.13.5
deploy-prep .github/workflows/deploy-prep.yml
View raw YAML
name: Deployment Prep
on:
workflow_dispatch:
push:
branches:
- master
jobs:
config:
if: github.repository == 'anuraghazra/github-readme-stats'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Deployment Prep
run: python ./.github/workflows/deploy-prep.py
- uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
with:
branch: vercel
create_branch: true
push_options: "--force"
e2e-test matrix perms .github/workflows/e2e-test.yml
View raw YAML
name: Test Deployment
on:
# Temporarily disabled automatic triggers; manual-only for now.
workflow_dispatch:
# Original trigger (restore to re-enable):
# deployment_status:
permissions: read-all
jobs:
e2eTests:
# Temporarily disabled; set to the original condition to re-enable.
# if:
# github.repository == 'anuraghazra/github-readme-stats' &&
# github.event_name == 'deployment_status' &&
# github.event.deployment_status.state == 'success'
if: false
name: Perform e2e tests
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
- name: Install dependencies
run: npm ci
env:
CI: true
- name: Run end-to-end tests.
run: npm run test:e2e
# env:
# VERCEL_PREVIEW_URL: ${{ github.event.deployment_status.target_url }}
empty-issues-closer perms .github/workflows/empty-issues-closer.yml
View raw YAML
name: Close empty issues and templates
on:
issues:
types:
- reopened
- opened
- edited
permissions:
actions: read
checks: read
contents: read
deployments: read
issues: write
discussions: read
packages: read
pages: read
pull-requests: read
repository-projects: read
security-events: read
statuses: read
jobs:
closeEmptyIssuesAndTemplates:
if: github.repository == 'anuraghazra/github-readme-stats'
name: Close empty issues
runs-on: ubuntu-latest
steps:
# NOTE: Retrieve issue templates.
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Run empty issues closer action
uses: rickstaa/empty-issues-closer-action@e96914613221511279ca25f50fd4acc85e331d99 # v1.1.74
env:
github_token: ${{ secrets.GITHUB_TOKEN }}
with:
close_comment:
Closing this issue because it appears to be empty. Please update the
issue for it to be reopened.
open_comment:
Reopening this issue because the author provided more information.
check_templates: true
template_close_comment:
Closing this issue since the issue template was not filled in.
Please provide us with more information to have this issue reopened.
template_open_comment:
Reopening this issue because the author provided more information.
generate-theme-doc matrix perms .github/workflows/generate-theme-doc.yml
View raw YAML
name: Generate Theme Readme
on:
push:
branches:
- master
paths:
- "themes/index.js"
workflow_dispatch:
permissions:
actions: read
checks: read
contents: write
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: read
repository-projects: read
security-events: read
statuses: read
jobs:
generateThemeDoc:
runs-on: ubuntu-latest
name: Generate theme doc
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
# Fix the unsafe repo error which was introduced by the CVE-2022-24765 git patches.
- name: Fix unsafe repo error
run: git config --global --add safe.directory ${{ github.workspace }}
- name: npm install, generate readme
run: |
npm ci
npm run theme-readme-gen
env:
CI: true
- name: Run Script
uses: skx/github-action-tester@e29768ff4ff67be9d1fdbccd8836ab83233bebb1 # v0.10.0
with:
script: ./scripts/push-theme-readme.sh
env:
CI: true
PERSONAL_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
GH_REPO: ${{ secrets.GH_REPO }}
label-pr perms .github/workflows/label-pr.yml
View raw YAML
name: "Pull Request Labeler"
on:
- pull_request_target
permissions:
actions: read
checks: read
contents: read
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: read
jobs:
triage:
if: github.repository == 'anuraghazra/github-readme-stats'
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
sync-labels: true
ossf-analysis perms security .github/workflows/ossf-analysis.yml
View raw YAML
name: OSSF Scorecard analysis workflow
on:
push:
branches:
- master
pull_request:
branches:
- master
permissions: read-all
jobs:
analysis:
if: github.repository == 'anuraghazra/github-readme-stats'
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed if using Code scanning alerts
security-events: write
# Needed for GitHub OIDC token if publish_results is true
id-token: write
steps:
- name: "Checkout code"
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: SARIF file
path: results.sarif
retention-days: 5
# required for Code scanning alerts
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
with:
sarif_file: results.sarif
preview-theme matrix perms .github/workflows/preview-theme.yml
View raw YAML
name: Theme preview
on:
# Temporary disabled due to paused themes addition.
# See: https://github.com/anuraghazra/github-readme-stats/issues/3404
# pull_request_target:
# types: [opened, edited, reopened, synchronize]
# branches:
# - master
# paths:
# - "themes/index.js"
workflow_dispatch:
permissions:
actions: read
checks: read
contents: read
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: read
jobs:
previewTheme:
name: Install & Preview
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
- uses: bahmutov/npm-install@3e063b974f0d209807684aa23e534b3dde517fd9 # v1.11.2
with:
useLockFile: false
- run: npm run preview-theme
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
prs-cache-clean perms .github/workflows/prs-cache-clean.yml
View raw YAML
name: Cleanup closed pull requests cache
on:
pull_request:
types:
- closed
permissions:
actions: write
checks: read
contents: read
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: read
repository-projects: read
security-events: read
statuses: read
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- name: Cleanup
run: |
gh extension install actions/gh-actions-cache
REPO=${{ github.repository }}
BRANCH="refs/pull/${{ github.event.pull_request.number }}/merge"
echo "Fetching list of cache key"
cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH | cut -f 1 )
## Setting this to not fail the workflow while deleting cache keys.
set +e
echo "Deleting caches..."
for cacheKey in $cacheKeysForPR
do
gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
done
echo "Done"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
stale-theme-pr-closer matrix perms .github/workflows/stale-theme-pr-closer.yml
View raw YAML
name: Close stale theme pull requests that have the 'invalid' label.
on:
# Temporary disabled due to paused themes addition.
# See: https://github.com/anuraghazra/github-readme-stats/issues/3404
# schedule:
# # ┌───────────── minute (0 - 59)
# # │ ┌───────────── hour (0 - 23)
# # │ │ ┌───────────── day of the month (1 - 31)
# # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
# # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
# # │ │ │ │ │
# # │ │ │ │ │
# # │ │ │ │ │
# # * * * * *
# - cron: "0 0 */7 * *"
workflow_dispatch:
permissions:
actions: read
checks: read
contents: read
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: read
jobs:
closeOldThemePrs:
if: github.repository == 'anuraghazra/github-readme-stats'
name: Close stale 'invalid' theme PRs
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
- uses: bahmutov/npm-install@3e063b974f0d209807684aa23e534b3dde517fd9 # v1.11.2
with:
useLockFile: false
- run: npm run close-stale-theme-prs
env:
STALE_DAYS: 20
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test matrix perms .github/workflows/test.yml
View raw YAML
name: Test
on:
push:
branches:
- master
pull_request:
branches:
- master
permissions: read-all
jobs:
build:
name: Perform tests
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
- name: Install & Test
run: |
npm ci
npm run test
- name: Run ESLint
run: |
npm run lint
- name: Run bench tests
run: |
npm run bench
- name: Run Prettier
run: |
npm run format:check
- name: Code Coverage
uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
theme-prs-closer perms .github/workflows/theme-prs-closer.yml
View raw YAML
name: Theme Pull Requests Closer
on:
- pull_request_target
permissions:
actions: read
checks: read
contents: read
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: read
jobs:
close-prs:
if: github.repository == 'anuraghazra/github-readme-stats'
runs-on: ubuntu-latest
steps:
- name: Check out the code
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Set up Git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Close Pull Requests
run: |
comment_message="We are currently pausing addition of new themes. If this theme is exclusively for your personal use, then instead of adding it to our theme collection, you can use card [customization options](https://github.com/anuraghazra/github-readme-stats?tab=readme-ov-file#customization)."
for pr_number in $(gh pr list -l "themes" -q is:open --json number -q ".[].number"); do
gh pr close $pr_number -c "$comment_message"
done
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
top-issues-dashboard perms .github/workflows/top-issues-dashboard.yml
View raw YAML
name: Update top issues dashboard
on:
schedule:
# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of the month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
# * * * * *
- cron: "0 0 */3 * *"
workflow_dispatch:
permissions:
actions: read
checks: read
contents: read
deployments: read
issues: write
discussions: read
packages: read
pages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: read
jobs:
showAndLabelTopIssues:
if: github.repository == 'anuraghazra/github-readme-stats'
name: Update top issues Dashboard.
runs-on: ubuntu-latest
steps:
- name: Run top issues action
uses: rickstaa/top-issues-action@7e8dda5d5ae3087670f9094b9724a9a091fc3ba1 # v1.3.101
env:
github_token: ${{ secrets.GITHUB_TOKEN }}
with:
top_list_size: 10
filter: "1772"
label: true
dashboard: true
dashboard_show_total_reactions: true
top_issues: true
top_bugs: true
top_features: true
top_pull_requests: true
update-langs matrix perms .github/workflows/update-langs.yml
View raw YAML
name: Update supported languages
on:
schedule:
# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of the month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
# * * * * *
- cron: "0 0 */30 * *"
permissions:
actions: read
checks: read
contents: write
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: read
jobs:
updateLanguages:
if: github.repository == 'anuraghazra/github-readme-stats'
name: Update supported languages
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
- name: Install dependencies
run: npm ci
env:
CI: true
- name: Run update-languages-json.js script
run: npm run generate-langs-json
- name: Create Pull Request if upstream language file is changed
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
with:
commit-message: "refactor: update languages JSON"
branch: "update_langs/patch"
delete-branch: true
title: Update languages JSON
body:
"The
[update-langs](https://github.com/anuraghazra/github-readme-stats/actions/workflows/update-langs.yaml)
action found new/updated languages in the [upstream languages JSON
file](https://raw.githubusercontent.com/github/linguist/master/lib/linguist/languages.yml)."
labels: "ci, lang-card"