Skip to content

fix: harden the actions #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pandeymangg merged 1 commit into from
Oct 1, 2025
Merged

fix: harden the actions #32

pandeymangg merged 1 commit into from
Oct 1, 2025

Conversation

@pandeymangg
Copy link
Contributor

@pandeymangg pandeymangg commented Oct 1, 2025

Hardened the actions for test, build, release and sonarqube

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 1, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@pandeymangg pandeymangg requested a review from Dhruwang October 1, 2025 06:46
@coderabbitai
Copy link

coderabbitai bot commented Oct 1, 2025

Walkthrough

Across build, test, and SonarQube workflows, a pre-checkout hardening step using step-security/harden-runner (egress-policy: audit) was added. actions/checkout, actions/setup-node, and pnpm/action-setup were updated to pinned commit SHAs. In the release workflow, the trigger changed from published to released, a job name and 30-minute timeout were added, id-token permission was retained with a clarifying comment, pnpm cache and always-auth were enabled, and npm publish includes provenance. No exported/public APIs changed.

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The title "fix: harden the actions" succinctly identifies the primary change of hardening the GitHub Actions workflows using conventional commit style and accurately reflects the pull request’s main purpose without extraneous detail.
Description Check ✅ Passed The description clearly states that the workflows for test, build, release, and SonarQube have been hardened, directly relating to the changeset and providing appropriate context for reviewers.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 1, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 28b7403 and 1790adc.

📒 Files selected for processing (4)
  • .github/workflows/build.yml (1 hunks)
  • .github/workflows/release.yml (1 hunks)
  • .github/workflows/sonarqube.yml (1 hunks)
  • .github/workflows/test.yml (1 hunks)

@pandeymangg pandeymangg added this pull request to the merge queue Oct 1, 2025
Merged via the queue into main with commit 39761d4 Oct 1, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@Dhruwang Dhruwang Dhruwang approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pandeymangg @Dhruwang