Skip to content

chore(deps): update actions/upload-artifact action to v4.6.0 #231

chore(deps): update actions/upload-artifact action to v4.6.0

chore(deps): update actions/upload-artifact action to v4.6.0 #231

# Copyright 2020 Wayback Archiver. All rights reserved.
# Use of this source code is governed by the MIT license
# that can be found in the LICENSE file.
name: Projects
on:
issues:
types:
- opened
- transferred
pull_request:
types:
- opened
pull_request_target:
types:
- opened
workflow_call:
inputs:
project-url:
type: string
default: 'https://github.com/orgs/wabarc/projects/6'
description: 'URL of the project to add issues or pull requests to'
egress-policy:
type: string
default: 'block'
description: 'Harden-Runner egress traffic policy'
secrets:
github-token:
required: true
env:
PROJECT_URL: https://github.com/orgs/wabarc/projects/6
permissions:
contents: read
issues: read
pull-requests: read
jobs:
add-issue-to-project:
name: Add Issue or Pull Request to Project
runs-on: ubuntu-latest
# pull_request_target: Only "dependabot[bot]" is allowed to access secrets.
# pull_request: All other forks are running without access to secrets.
if: >
(github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') ||
(github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]')
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
disable-sudo: true
egress-policy: ${{ inputs.egress-policy || 'block' }}
disable-telemetry: true
allowed-endpoints: >
github.com:443
api.github.com:443
- name: Check out code base
if: github.event_name != 'pull_request_target'
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
persist-credentials: false
- name: Check out code base
if: github.event_name == 'pull_request_target'
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ github.event.pull_request.head.sha }}
- name: Add to Project
if: github.event == 'workflow_call'
uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 # v0.4.0
with:
project-url: ${{ inputs.project-url }}
github-token: ${{ secrets.github-token }}
- name: Add to Project
if: github.event != 'workflow_call' && github.actor == 'dependabot[bot]'
uses: actions/add-to-project@960fbad431afda394cfcf8743445e741acd19e85 # v0.4.0
with:
project-url: ${{ env.PROJECT_URL }}
github-token: ${{ secrets.GH_PROJECTS_ACTION_TOKEN }}