From f40f00ad33147e60f7c39c08b9d8b292b1122d48 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Thu, 26 Mar 2026 21:12:05 +0530 Subject: [PATCH 1/4] Sign workflow commit with AboutCode automation Signed-off-by: Keshav Priyadarshi --- .github/workflows/update-releases.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/update-releases.yml b/.github/workflows/update-releases.yml index 48ad018..584e4e3 100644 --- a/.github/workflows/update-releases.yml +++ b/.github/workflows/update-releases.yml @@ -117,14 +117,10 @@ jobs: # 5 Commit & push changes if releases.json changed - name: Commit and push if changed run: | - git config user.name "github-actions" - git config user.email "github-actions@github.com" + git config user.name "AboutCode Automation" + git config user.email "automation@aboutcode.org" git add website/static/releases.json - if ! git diff --cached --quiet; then - git commit -m "Update releases for ${{ matrix.repo }}" - git pull --rebase origin main - git push - else - echo "No changes detected" - fi + git commit -m "$(echo -e "Update releases for ${{ matrix.repo }}\n\nSigned-off-by: AboutCode Automation ")" || exit 0 + git pull --rebase origin main + git push shell: bash From 3a7bc053fe5c20a44c7ecb87ab9bf321e353e7b7 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Thu, 26 Mar 2026 21:26:12 +0530 Subject: [PATCH 2/4] Pin down action to full-length commit Signed-off-by: Keshav Priyadarshi --- .github/workflows/update-releases.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-releases.yml b/.github/workflows/update-releases.yml index 584e4e3..d7553c4 100644 --- a/.github/workflows/update-releases.yml +++ b/.github/workflows/update-releases.yml @@ -60,7 +60,7 @@ jobs: # 1 Checkout the target repo (Repo B) - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main fetch-depth: 0 From 5d1fc4d8bcef6eb530256b49751638361960395c Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Thu, 26 Mar 2026 21:27:34 +0530 Subject: [PATCH 3/4] Remove redundant GitHub token Signed-off-by: Keshav Priyadarshi --- .github/workflows/update-releases.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/update-releases.yml b/.github/workflows/update-releases.yml index d7553c4..785384d 100644 --- a/.github/workflows/update-releases.yml +++ b/.github/workflows/update-releases.yml @@ -6,12 +6,11 @@ on: # - cron: "15 * * * *" # every hour at :15 - cron: "15 9 * * *" # every day at 09:15 UTC -permissions: - contents: write # needed to commit updates to releases.json - jobs: update: runs-on: ubuntu-latest + permissions: + contents: write # needed to commit updates to releases.json strategy: max-parallel: 1 @@ -52,19 +51,13 @@ jobs: - aboutcode-org/www.aboutcode.org # Add more repos here - env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GH_REPO_POLLING }} - steps: - # 1 Checkout the target repo (Repo B) - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main fetch-depth: 0 - token: ${{ secrets.GH_REPO_POLLING }} # 2 Debug: show which repo is being processed - name: Debug - current repo From e4d7964413274a1695b7c8199fd128c58b0c6a5e Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Thu, 26 Mar 2026 21:40:42 +0530 Subject: [PATCH 4/4] Pin down action to full-length commit SHA Signed-off-by: Keshav Priyadarshi --- .github/workflows/a-b-deploy.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/a-b-deploy.yml b/.github/workflows/a-b-deploy.yml index 017fcb2..ef77e61 100644 --- a/.github/workflows/a-b-deploy.yml +++ b/.github/workflows/a-b-deploy.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set deploy target id: set-target @@ -45,7 +45,7 @@ jobs: fi - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #v6.3.0 with: node-version: 20 cache: npm @@ -64,7 +64,7 @@ jobs: npm run build - name: Upload build artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: docusaurus-build path: website/build @@ -83,18 +83,18 @@ jobs: steps: - name: Download build artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: docusaurus-build path: build - name: Upload Pages artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b #v4.0.0 with: path: build - name: Deploy to GitHub Pages - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e #v4.0.5 deploy-dreamhost: @@ -107,7 +107,7 @@ jobs: steps: - name: Download build artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: docusaurus-build path: build