diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml deleted file mode 100644 index 07fb5f7b08f..00000000000 --- a/.github/workflows/commitlint.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Commit Message Linting - -on: - push: - branches: - - main - pull_request: - branches: - - main - -permissions: - contents: read - -jobs: - commitlint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index a8b269729d8..142a3eaaeaf 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -55,6 +55,6 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Close parallel build - uses: coverallsapp/github-action@v2.3.7 + uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 with: parallel-finished: true diff --git a/.github/workflows/github-ci.yml b/.github/workflows/github-ci.yml index c164066ca5e..aa9ade1ada1 100644 --- a/.github/workflows/github-ci.yml +++ b/.github/workflows/github-ci.yml @@ -19,6 +19,8 @@ jobs: steps: - uses: actions/checkout@v6 + with: + fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v6 @@ -56,6 +58,14 @@ jobs: - name: Perform ESLint check run: npm run lint + - name: Validate current commit (last commit) with commitlint + if: github.event_name == 'push' + run: npm run lint:commit -- --last --verbose + + - name: Validate PR commits with commitlint + if: github.event_name == 'pull_request' + run: npm run lint:commit -- --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose + - name: Perform Licenses check run: npm run check-licenses diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index aac0b7b6244..3bfe68b6a8f 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -8,7 +8,6 @@ on: permissions: contents: write pull-requests: write - id-token: write # Required for trusted publishing via OIDC (https://docs.npmjs.com/trusted-publishers) jobs: release-please: @@ -24,7 +23,7 @@ jobs: node-version: 24.x - name: Run Release Please to update PRs and create releases - uses: googleapis/release-please-action@v5 + uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 id: release with: token: "${{ secrets.GITHUB_TOKEN }}" @@ -60,6 +59,10 @@ jobs: runs-on: ubuntu-24.04 needs: release-please if: needs.release-please.outputs.releases_created == 'true' + permissions: + id-token: write # Required for trusted publishing via OIDC (https://docs.npmjs.com/trusted-publishers) + # The GitHub Actions Environment configured for the trusted publisher + environment: npmjs:ui5-cli-mono strategy: # Sequential publishing ensures dependencies exist on NPM before dependents are published # Order: logger → fs → builder → server → project (CLI handled separately for shrinkwrap generation) @@ -87,6 +90,10 @@ jobs: runs-on: ubuntu-24.04 needs: [release-please, publish-packages] if: needs.release-please.outputs.releases_created == 'true' + permissions: + id-token: write # Required for trusted publishing via OIDC (https://docs.npmjs.com/trusted-publishers) + # The GitHub Actions Environment configured for the trusted publisher + environment: npmjs:ui5-cli-mono steps: - uses: actions/checkout@v6 diff --git a/.github/workflows/reuse-compliance.yml b/.github/workflows/reuse-compliance.yml index a7f056c0ba8..d17397d1465 100644 --- a/.github/workflows/reuse-compliance.yml +++ b/.github/workflows/reuse-compliance.yml @@ -46,4 +46,4 @@ jobs: - uses: actions/checkout@v6 - name: REUSE check for full repository - uses: fsfe/reuse-action@v6 + uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0 diff --git a/.npmrc b/.npmrc index 3eeeab4e326..f5bb40b0e47 100644 --- a/.npmrc +++ b/.npmrc @@ -2,3 +2,4 @@ registry=https://registry.npmjs.org/ lockfile-version=3 ignore-scripts=true +allow-git=none