chore: (deps): bump step-security/harden-runner from 1.4.5 to 2.8.1 #171
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Notice how there is an extra complile and upload step. | |
# This is due to how the build-main job checks for errors. Instead of using a script, | |
# such as, /gradlew build, with this being a datapack, it checks the source files instead. (see Check commands and Check JSON.) | |
# This is completely intentional, please do not create a PR changing it! | |
name: CI | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
workflow_dispatch: | |
jobs: | |
build-main: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 | |
with: | |
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
- name: Checkout repo | |
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | |
- name: Dependency Review | |
if: github.event_name == 'pull_request' | |
uses: actions/dependency-review-action@23d1ffffb6fa5401173051ec21eba8c35242733f | |
- name: Check commands | |
uses: mcbeet/check-commands@03cff79228a0a50fe6856becd7972112e326e922 | |
with: | |
source: . | |
minecraft: 1.18 | |
- name: Check JSON | |
uses: ocular-d/json-linter@7d3716a34bcd6fcc5b3b38141a21b9e02da6531d | |
- name: Compile and upload | |
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 | |
with: | |
name: muffinhunt-datapack v2.0.0-SNAPSHOT | |
path: | | |
assets/ | |
data/ | |
pack.mcmeta | |
pack.png | |
if-no-files-found: error | |
build-packsquash: | |
permissions: | |
actions: read # for ComunidadAylas/PackSquash-action to get latest artifact | |
contents: read # for actions/checkout to fetch code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 | |
with: | |
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
- name: Checkout repo | |
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | |
with: | |
fetch-depth: 0 | |
- name: Run PackSquash | |
uses: ComunidadAylas/PackSquash-action@cdeba7365a1491b436b1a9c381d63b5ee6c27f2e | |
with: | |
path: ./ | |
token: ${{ secrets.GITHUB_TOKEN }} | |
minify_json_files: true | |
validate_pack_metadata_file: true | |
allow_optifine_mod: true | |
delete_bloat_json_keys: true | |
artifact_name: 'optimized-muffinhunt-datapack v2.0.0-SNAPSHOT' | |