mirror of
https://github.com/goauthentik/authentik.git
synced 2026-06-17 19:09:11 +03:00
Teffen Ellis
9543b3c9f6
* core: add .npmrc baseline to block dependency lifecycle scripts Set ignore-scripts=true at the repo root, plus engine-strict, save-exact, audit, and prefer-offline. This neutralizes the dominant npm supply-chain attack vector — postinstall scripts in transitive dependencies — at the cost of requiring an explicit rebuild for the handful of packages that legitimately need install scripts (esbuild, chromedriver, tree-sitter, tree-sitter-json). The next commit wires that rebuild into the Makefile. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * core: route node installs through make to retire website preinstall hook Make docs-install depend on a new root-node-install so the root deps are guaranteed before the website install runs, removing the need for the website/preinstall lifecycle script. Rebuild the small audited list of trusted packages (esbuild, chromedriver, tree-sitter, tree-sitter-json) after the web install so ignore-scripts=true remains the only path that needs maintenance. web/README documents the new workflow. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * Clean up install scripts. * Track .npmrc in CODEOWNERS * Fix formatter config. Reformat. * Fix mounted references. * Flesh out node scripts. * Bump engines. * Prep containers. * Update makefile. * Flesh out github actions. * Clean up docs container. * lint. Bump. Lint. Bump NPM version. * Add limits. * collapse the composite's three setup-node calls to one cache restore * Add SHA. * Bump NPM range. * Run formatter. * Bump NPM. * Remove extra install. * Fix website deps. * Use local prettier. Fix drift in CI. * ci: build frontend in CI with node_env production Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Install docusaurus config. * Fix linter warning, order. * Add linter commands. * Add timeout. * Remove pre install check. --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
---
|
|
name: Repo - Mark and close stale issues
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "30 1 * * *"
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
# Needed to update issues and PRs
|
|
issues: write
|
|
|
|
jobs:
|
|
stale:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- id: generate_token
|
|
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v2
|
|
with:
|
|
app-id: ${{ secrets.GH_APP_ID }}
|
|
private-key: ${{ secrets.GH_APP_PRIV_KEY }}
|
|
- uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10
|
|
with:
|
|
repo-token: ${{ steps.generate_token.outputs.token }}
|
|
days-before-stale: 60
|
|
days-before-close: 7
|
|
exempt-issue-labels: pinned,security,pr_wanted,enhancement,bug/confirmed,enhancement/confirmed,question,status/reviewing
|
|
stale-issue-label: status/stale
|
|
stale-issue-message: >
|
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
|
|
# Don't stale PRs, so only apply to PRs with a non-existent label
|
|
only-pr-labels: foo
|