From 133ed7237a66ef7a015f481d45d1df3c378a86d0 Mon Sep 17 00:00:00 2001 From: Sheraff Date: Tue, 12 May 2026 21:14:28 +0200 Subject: [PATCH 01/12] ci: add zizmor workflow --- .github/workflows/autofix.yml | 5 +-- .github/workflows/claude.yml | 5 +-- .github/workflows/e2e-tests.yml | 13 +++++--- .github/workflows/pr.yml | 32 ++++++++++++------- .github/workflows/release.yml | 11 ++++--- .../reproduce-and-fix-issue-claude.yml | 5 +-- .github/workflows/review-pr-claude.yml | 9 ++++-- .github/workflows/zizmor.yml | 29 +++++++++++++++++ 8 files changed, 79 insertions(+), 30 deletions(-) create mode 100644 .github/workflows/zizmor.yml diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index b9f4dadc2c..23351ab9f9 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -18,11 +18,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Setup Tools - uses: tanstack/config/.github/setup@main + uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Fix formatting run: pnpm format - name: Apply fixes diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index c4bb5e220b..399b133484 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -18,10 +18,11 @@ jobs: actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # required for Claude Code - - uses: anthropics/claude-code-action@v1 + persist-credentials: false + - uses: anthropics/claude-code-action@b112a167ee1f4aa7ad2e3adae255c8c8c69e740b # v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Responds to @claude mentions in comments diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 6f3d6b54af..8fb7f9d584 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -5,6 +5,9 @@ on: branches: [main] pull_request: +permissions: + contents: read + jobs: e2e-tests: name: Run E2E Tests @@ -13,15 +16,17 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@f40ffcd9367d9f12939873eb1018b921a783ffaa # v4 with: version: 10.27.0 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: '20' cache: 'pnpm' @@ -123,7 +128,7 @@ jobs: - name: Upload test results if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: test-results path: packages/db-collection-e2e/junit/ diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 64525c50b9..b9227b5dac 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -15,7 +15,6 @@ env: permissions: contents: read - pull-requests: write jobs: test: @@ -23,13 +22,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Setup Tools - uses: tanstack/config/.github/setup@main + uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Get base and head commits for `nx affected` - uses: nrwl/nx-set-shas@v4.4.0 + uses: nrwl/nx-set-shas@15514ee4353489ef5a1644bcdae44f0ae2ea45f3 # v4.4.0 with: main-branch-name: main - name: Run Checks @@ -51,26 +51,30 @@ jobs: preview: name: Preview runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Setup Tools - uses: tanstack/config/.github/setup@main + uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Build Packages run: pnpm run build - name: Publish Previews run: pnpx pkg-pr-new publish --pnpm --compact './packages/*' --template './examples/*/*' - name: Compressed Size Action - DB Package - uses: preactjs/compressed-size-action@v2 + uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2 with: repo-token: '${{ secrets.GITHUB_TOKEN }}' pattern: './packages/db/dist/**/*.{js,mjs}' comment-key: 'db-package-size' build-script: 'build:minified' - name: Compressed Size Action - React DB Package - uses: preactjs/compressed-size-action@v2 + uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2 with: repo-token: '${{ secrets.GITHUB_TOKEN }}' pattern: './packages/react-db/dist/**/*.{js,mjs}' @@ -81,9 +85,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Tools - uses: tanstack/config/.github/setup@main + uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Build Packages run: pnpm run build - name: Build Example Site @@ -95,9 +101,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Setup Tools - uses: tanstack/config/.github/setup@main + uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Build Packages run: pnpm run build - name: Build Starter Site diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6c5d363b9c..3ba1bf7a24 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,16 +23,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Setup Tools - uses: tanstack/config/.github/setup@main + uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Run Tests run: pnpm run lint && pnpm run build && pnpm run test - name: Run Changesets (version or publish) id: changesets - uses: changesets/action@v1.5.3 + uses: changesets/action@8eb63fb4cfc7f9643537c7d39d0b68c835012a19 # v1.5.3 with: version: pnpm run changeset:version publish: pnpm run changeset:publish @@ -69,7 +70,7 @@ jobs: exit 0 fi git commit -m "docs: regenerate API documentation" - git push --force-with-lease origin "$BRANCH" + git push --force-with-lease "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" "$BRANCH" if [ "$CREATE_PR" = true ]; then gh pr create \ @@ -85,6 +86,6 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Comment on PRs about release if: steps.changesets.outputs.published == 'true' - uses: tanstack/config/.github/comment-on-release@main + uses: tanstack/config/.github/comment-on-release@e4b48f16568324f76f467aa4c2aac2f05db632c3 with: published-packages: ${{ steps.changesets.outputs.publishedPackages }} diff --git a/.github/workflows/reproduce-and-fix-issue-claude.yml b/.github/workflows/reproduce-and-fix-issue-claude.yml index 75bd6e259e..1bc1e12df0 100644 --- a/.github/workflows/reproduce-and-fix-issue-claude.yml +++ b/.github/workflows/reproduce-and-fix-issue-claude.yml @@ -28,12 +28,13 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Run Claude Code (auto issue handler) - uses: anthropics/claude-code-action@v1 + uses: anthropics/claude-code-action@b112a167ee1f4aa7ad2e3adae255c8c8c69e740b # v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_args: | diff --git a/.github/workflows/review-pr-claude.yml b/.github/workflows/review-pr-claude.yml index e40e97580d..f71b15195d 100644 --- a/.github/workflows/review-pr-claude.yml +++ b/.github/workflows/review-pr-claude.yml @@ -28,9 +28,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Get PR branch id: pr-info @@ -42,10 +43,12 @@ jobs: echo "base_ref=$(echo $PR_DATA | jq -r '.baseRefName')" >> $GITHUB_OUTPUT - name: Checkout PR branch - run: git checkout ${{ steps.pr-info.outputs.head_ref }} + env: + HEAD_REF: ${{ steps.pr-info.outputs.head_ref }} + run: git checkout "$HEAD_REF" - name: Run Claude Code (PR review) - uses: anthropics/claude-code-action@v1 + uses: anthropics/claude-code-action@b112a167ee1f4aa7ad2e3adae255c8c8c69e740b # v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000000..5d0acc22a4 --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,29 @@ +name: GitHub Actions Security Analysis + +on: + push: + branches: [main] + pull_request: + branches: ['**'] + +permissions: {} + +jobs: + zizmor: + name: zizmor + runs-on: ubuntu-latest + permissions: + security-events: write + contents: read + actions: read + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor + uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 + with: + advanced-security: false + annotations: true From 2913932c01c1690faa75f4af6b180f6cc104d129 Mon Sep 17 00:00:00 2001 From: Sheraff Date: Wed, 13 May 2026 00:51:31 +0200 Subject: [PATCH 02/12] ci: fix zizmor workflow findings --- .github/workflows/claude.yml | 2 +- .github/workflows/e2e-tests.yml | 2 +- .github/workflows/pr.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/reproduce-and-fix-issue-claude.yml | 2 +- .github/workflows/review-pr-claude.yml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 399b133484..58976d3cc3 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -22,7 +22,7 @@ jobs: with: fetch-depth: 0 # required for Claude Code persist-credentials: false - - uses: anthropics/claude-code-action@b112a167ee1f4aa7ad2e3adae255c8c8c69e740b # v1 + - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Responds to @claude mentions in comments diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 8fb7f9d584..2d677d4080 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Setup pnpm - uses: pnpm/action-setup@f40ffcd9367d9f12939873eb1018b921a783ffaa # v4 + uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 with: version: 10.27.0 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index b9227b5dac..c485626fbc 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -29,7 +29,7 @@ jobs: - name: Setup Tools uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Get base and head commits for `nx affected` - uses: nrwl/nx-set-shas@15514ee4353489ef5a1644bcdae44f0ae2ea45f3 # v4.4.0 + uses: nrwl/nx-set-shas@3e9ad7370203c1e93d109be57f3b72eb0eb511b1 # v4.4.0 with: main-branch-name: main - name: Run Checks diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3ba1bf7a24..6ec135f943 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,14 +26,14 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - persist-credentials: false + persist-credentials: true # release job pushes version/docs changes - name: Setup Tools uses: tanstack/config/.github/setup@e4b48f16568324f76f467aa4c2aac2f05db632c3 - name: Run Tests run: pnpm run lint && pnpm run build && pnpm run test - name: Run Changesets (version or publish) id: changesets - uses: changesets/action@8eb63fb4cfc7f9643537c7d39d0b68c835012a19 # v1.5.3 + uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3 with: version: pnpm run changeset:version publish: pnpm run changeset:publish @@ -70,7 +70,7 @@ jobs: exit 0 fi git commit -m "docs: regenerate API documentation" - git push --force-with-lease "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" "$BRANCH" + git push --force-with-lease origin "$BRANCH" if [ "$CREATE_PR" = true ]; then gh pr create \ diff --git a/.github/workflows/reproduce-and-fix-issue-claude.yml b/.github/workflows/reproduce-and-fix-issue-claude.yml index 1bc1e12df0..91c6da2c55 100644 --- a/.github/workflows/reproduce-and-fix-issue-claude.yml +++ b/.github/workflows/reproduce-and-fix-issue-claude.yml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Run Claude Code (auto issue handler) - uses: anthropics/claude-code-action@b112a167ee1f4aa7ad2e3adae255c8c8c69e740b # v1 + uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_args: | diff --git a/.github/workflows/review-pr-claude.yml b/.github/workflows/review-pr-claude.yml index f71b15195d..d246e22d3a 100644 --- a/.github/workflows/review-pr-claude.yml +++ b/.github/workflows/review-pr-claude.yml @@ -48,7 +48,7 @@ jobs: run: git checkout "$HEAD_REF" - name: Run Claude Code (PR review) - uses: anthropics/claude-code-action@b112a167ee1f4aa7ad2e3adae255c8c8c69e740b # v1 + uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' From e00ed9186a284680ee30f10523c0e4f373afa392 Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:22:09 +0200 Subject: [PATCH 03/12] Update .github/workflows/zizmor.yml --- .github/workflows/zizmor.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 5d0acc22a4..2202c720fe 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -12,10 +12,6 @@ jobs: zizmor: name: zizmor runs-on: ubuntu-latest - permissions: - security-events: write - contents: read - actions: read steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 From bec4fc44fd626477f7bfa7e6353745e7cc83ae13 Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:22:17 +0200 Subject: [PATCH 04/12] Update .github/workflows/review-pr-claude.yml --- .github/workflows/review-pr-claude.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/review-pr-claude.yml b/.github/workflows/review-pr-claude.yml index d246e22d3a..a38f98d429 100644 --- a/.github/workflows/review-pr-claude.yml +++ b/.github/workflows/review-pr-claude.yml @@ -48,7 +48,7 @@ jobs: run: git checkout "$HEAD_REF" - name: Run Claude Code (PR review) - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 + uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1.0.121 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' From 32c1b4020c5610f1d69ec6c0075f0b4959bf907c Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:22:26 +0200 Subject: [PATCH 05/12] Update .github/workflows/reproduce-and-fix-issue-claude.yml --- .github/workflows/reproduce-and-fix-issue-claude.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reproduce-and-fix-issue-claude.yml b/.github/workflows/reproduce-and-fix-issue-claude.yml index 91c6da2c55..10cfeb2fe0 100644 --- a/.github/workflows/reproduce-and-fix-issue-claude.yml +++ b/.github/workflows/reproduce-and-fix-issue-claude.yml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Run Claude Code (auto issue handler) - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 + uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1.0.121 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_args: | From b5285e56a3efb1803e1d2515be2fea98bb238978 Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:22:34 +0200 Subject: [PATCH 06/12] Update .github/workflows/claude.yml --- .github/workflows/claude.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 58976d3cc3..0130d38007 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -22,7 +22,7 @@ jobs: with: fetch-depth: 0 # required for Claude Code persist-credentials: false - - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 + - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1.0.121 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Responds to @claude mentions in comments From a1cce657ddb66311f346eb9ff361ce349ce4baf6 Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:22:41 +0200 Subject: [PATCH 07/12] Update .github/workflows/pr.yml --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index c485626fbc..18bf3d532a 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -74,7 +74,7 @@ jobs: comment-key: 'db-package-size' build-script: 'build:minified' - name: Compressed Size Action - React DB Package - uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2 + uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2.9.1 with: repo-token: '${{ secrets.GITHUB_TOKEN }}' pattern: './packages/react-db/dist/**/*.{js,mjs}' From 164bee51dc8a1ccec68403a0931d3f6779cbfd77 Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:22:48 +0200 Subject: [PATCH 08/12] Update .github/workflows/pr.yml --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 18bf3d532a..28473f62e5 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -67,7 +67,7 @@ jobs: - name: Publish Previews run: pnpx pkg-pr-new publish --pnpm --compact './packages/*' --template './examples/*/*' - name: Compressed Size Action - DB Package - uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2 + uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2.9.1 with: repo-token: '${{ secrets.GITHUB_TOKEN }}' pattern: './packages/db/dist/**/*.{js,mjs}' From 32854ec7794cdb9a5fa81650acee802e5ac40b2b Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:22:55 +0200 Subject: [PATCH 09/12] Update .github/workflows/e2e-tests.yml --- .github/workflows/e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 2d677d4080..981fd9c01a 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -128,7 +128,7 @@ jobs: - name: Upload test results if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: test-results path: packages/db-collection-e2e/junit/ From 8c7c9e8dbbfc85fcdedb4b783e36dc5ecee181dd Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:23:03 +0200 Subject: [PATCH 10/12] Update .github/workflows/e2e-tests.yml --- .github/workflows/e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 981fd9c01a..50b080b63f 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -26,7 +26,7 @@ jobs: version: 10.27.0 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '20' cache: 'pnpm' From 4a42b4568780440aadc2107c9620e7fb7cf06746 Mon Sep 17 00:00:00 2001 From: Flo Date: Wed, 13 May 2026 12:23:12 +0200 Subject: [PATCH 11/12] Update .github/workflows/e2e-tests.yml --- .github/workflows/e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 50b080b63f..4c83337bd4 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Setup pnpm - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 with: version: 10.27.0 From db63904a6b5af5c38ac09f3f23b564e59d0156fa Mon Sep 17 00:00:00 2001 From: Sheraff Date: Wed, 13 May 2026 12:56:40 +0200 Subject: [PATCH 12/12] ci: fix compressed size action ref comments --- .github/workflows/pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 28473f62e5..48f12e07c8 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -67,14 +67,14 @@ jobs: - name: Publish Previews run: pnpx pkg-pr-new publish --pnpm --compact './packages/*' --template './examples/*/*' - name: Compressed Size Action - DB Package - uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2.9.1 + uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # 2.9.1 with: repo-token: '${{ secrets.GITHUB_TOKEN }}' pattern: './packages/db/dist/**/*.{js,mjs}' comment-key: 'db-package-size' build-script: 'build:minified' - name: Compressed Size Action - React DB Package - uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # v2.9.1 + uses: preactjs/compressed-size-action@66325aad6443cb7cf89c4bfcd414aea2367cda94 # 2.9.1 with: repo-token: '${{ secrets.GITHUB_TOKEN }}' pattern: './packages/react-db/dist/**/*.{js,mjs}'