From 763e837b05e561b53ffadf25601c0b22fbc0bf41 Mon Sep 17 00:00:00 2001 From: Siarhei Salimau Date: Tue, 27 Jan 2026 18:48:42 +0100 Subject: [PATCH 1/3] PFM-TASK-7221 - Restrict GitHub Actions workflow permissions Replace overly permissive 'write-all' with specific permissions (contents, pull-requests, actions, checks) to follow security best practices and improve security rating. Affected files: - .github/workflow-templates/fe/fe-check-upmerge.yml - .github/workflow-templates/fe/fe-cleanup-snapshots.yml - .github/workflow-templates/fe/fe-licenses.yml - .github/workflow-templates/fe/fe-main.yml - .github/workflow-templates/fe/fe-pr-close.yml - .github/workflow-templates/fe/fe-pr-snapshot.yml - .github/workflow-templates/fe/fe-pr.yml - .github/workflow-templates/fe/fe-release.yml - .github/workflow-templates/fe/fe-tag-pushed.yml --- .github/workflow-templates/fe/fe-check-upmerge.yml | 6 +++++- .github/workflow-templates/fe/fe-cleanup-snapshots.yml | 6 +++++- .github/workflow-templates/fe/fe-licenses.yml | 6 +++++- .github/workflow-templates/fe/fe-main.yml | 6 +++++- .github/workflow-templates/fe/fe-pr-close.yml | 6 +++++- .github/workflow-templates/fe/fe-pr-snapshot.yml | 6 +++++- .github/workflow-templates/fe/fe-pr.yml | 6 +++++- .github/workflow-templates/fe/fe-release.yml | 6 +++++- .github/workflow-templates/fe/fe-tag-pushed.yml | 6 +++++- 9 files changed, 45 insertions(+), 9 deletions(-) diff --git a/.github/workflow-templates/fe/fe-check-upmerge.yml b/.github/workflow-templates/fe/fe-check-upmerge.yml index d89c0d73..3c7b6a35 100644 --- a/.github/workflow-templates/fe/fe-check-upmerge.yml +++ b/.github/workflow-templates/fe/fe-check-upmerge.yml @@ -4,7 +4,11 @@ on: # Runs "At 18:00 every day" (see https://crontab.guru) - cron: '0 18 * * *' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write jobs: check-upmerge: diff --git a/.github/workflow-templates/fe/fe-cleanup-snapshots.yml b/.github/workflow-templates/fe/fe-cleanup-snapshots.yml index e65ab792..90b80a57 100644 --- a/.github/workflow-templates/fe/fe-cleanup-snapshots.yml +++ b/.github/workflow-templates/fe/fe-cleanup-snapshots.yml @@ -4,7 +4,11 @@ on: # Runs "At 00:00 on day-of-month 28 in every 3rd month." (see https://crontab.guru) - cron: '0 0 28 */3 *' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write jobs: cleanup-snapshots: diff --git a/.github/workflow-templates/fe/fe-licenses.yml b/.github/workflow-templates/fe/fe-licenses.yml index b6d4dff9..bf2a5389 100644 --- a/.github/workflow-templates/fe/fe-licenses.yml +++ b/.github/workflow-templates/fe/fe-licenses.yml @@ -5,7 +5,11 @@ on: - 'package.json' - 'package-lock.json' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write env: NX_BRANCH: ${{ github.event.number }} diff --git a/.github/workflow-templates/fe/fe-main.yml b/.github/workflow-templates/fe/fe-main.yml index 662b4e50..f915310d 100644 --- a/.github/workflow-templates/fe/fe-main.yml +++ b/.github/workflow-templates/fe/fe-main.yml @@ -5,7 +5,11 @@ on: - main - master -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write env: NX_BRANCH: ${{ github.event.number }} diff --git a/.github/workflow-templates/fe/fe-pr-close.yml b/.github/workflow-templates/fe/fe-pr-close.yml index 050e79a3..8f16fd8a 100644 --- a/.github/workflow-templates/fe/fe-pr-close.yml +++ b/.github/workflow-templates/fe/fe-pr-close.yml @@ -5,7 +5,11 @@ on: branches: - '**' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write jobs: remove-artifacts: diff --git a/.github/workflow-templates/fe/fe-pr-snapshot.yml b/.github/workflow-templates/fe/fe-pr-snapshot.yml index 5bd16714..7020269d 100644 --- a/.github/workflow-templates/fe/fe-pr-snapshot.yml +++ b/.github/workflow-templates/fe/fe-pr-snapshot.yml @@ -5,7 +5,11 @@ on: branches: - '**' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write jobs: publish-pr-snapshot: diff --git a/.github/workflow-templates/fe/fe-pr.yml b/.github/workflow-templates/fe/fe-pr.yml index 01060c42..9432f61e 100644 --- a/.github/workflow-templates/fe/fe-pr.yml +++ b/.github/workflow-templates/fe/fe-pr.yml @@ -4,7 +4,11 @@ on: branches: - '**' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write env: NX_BRANCH: ${{ github.event.number }} diff --git a/.github/workflow-templates/fe/fe-release.yml b/.github/workflow-templates/fe/fe-release.yml index 3d67603a..5afbc5e3 100644 --- a/.github/workflow-templates/fe/fe-release.yml +++ b/.github/workflow-templates/fe/fe-release.yml @@ -4,7 +4,11 @@ on: branches: - 'release/*' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write env: NX_BRANCH: ${{ github.event.number }} diff --git a/.github/workflow-templates/fe/fe-tag-pushed.yml b/.github/workflow-templates/fe/fe-tag-pushed.yml index ad46531f..afd639ad 100644 --- a/.github/workflow-templates/fe/fe-tag-pushed.yml +++ b/.github/workflow-templates/fe/fe-tag-pushed.yml @@ -4,7 +4,11 @@ on: tags: - '*/*' -permissions: write-all +permissions: + contents: write + pull-requests: write + actions: read + checks: write env: NX_BRANCH: ${{ github.event.number }} From a11c750e9cd1b72c4e5aa8a9dc82536a592b3a08 Mon Sep 17 00:00:00 2001 From: Siarhei Salimau Date: Thu, 29 Jan 2026 08:53:14 +0100 Subject: [PATCH 2/3] updates target branch for uses for test changes on c-place repo in dummy PR --- .github/workflow-templates/fe/fe-check-upmerge.yml | 2 +- .github/workflow-templates/fe/fe-cleanup-snapshots.yml | 2 +- .github/workflow-templates/fe/fe-licenses.yml | 2 +- .github/workflow-templates/fe/fe-main.yml | 8 ++++---- .github/workflow-templates/fe/fe-pr-close.yml | 2 +- .github/workflow-templates/fe/fe-pr-snapshot.yml | 2 +- .github/workflow-templates/fe/fe-pr.yml | 8 ++++---- .github/workflow-templates/fe/fe-release.yml | 8 ++++---- .github/workflow-templates/fe/fe-tag-pushed.yml | 2 +- .github/workflows/fe-build.yml | 2 +- .github/workflows/fe-check-upmerge.yml | 2 +- .github/workflows/fe-cleanup-snapshots.yml | 2 +- .github/workflows/fe-code-quality.yml | 2 +- .github/workflows/fe-e2e.yml | 2 +- .github/workflows/fe-pr-close.yml | 2 +- .github/workflows/fe-pr-snapshot.yml | 2 +- .github/workflows/fe-release.yml | 2 +- .github/workflows/fe-snapshot.yml | 2 +- .github/workflows/fe-tag.yml | 2 +- 19 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflow-templates/fe/fe-check-upmerge.yml b/.github/workflow-templates/fe/fe-check-upmerge.yml index 3c7b6a35..8c7ffa58 100644 --- a/.github/workflow-templates/fe/fe-check-upmerge.yml +++ b/.github/workflow-templates/fe/fe-check-upmerge.yml @@ -12,7 +12,7 @@ permissions: jobs: check-upmerge: - uses: collaborationFactory/github-actions/.github/workflows/fe-check-upmerge.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-check-upmerge.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions secrets: SLACK_TOKEN_UPMERGE: ${{ secrets.SLACK_TOKEN_UPMERGE }} GIT_USER_EMAIL: ${{ secrets.GIT_USER_EMAIL }} diff --git a/.github/workflow-templates/fe/fe-cleanup-snapshots.yml b/.github/workflow-templates/fe/fe-cleanup-snapshots.yml index 90b80a57..6b5a2e09 100644 --- a/.github/workflow-templates/fe/fe-cleanup-snapshots.yml +++ b/.github/workflow-templates/fe/fe-cleanup-snapshots.yml @@ -12,7 +12,7 @@ permissions: jobs: cleanup-snapshots: - uses: collaborationFactory/github-actions/.github/workflows/fe-cleanup-snapshots.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-cleanup-snapshots.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions secrets: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflow-templates/fe/fe-licenses.yml b/.github/workflow-templates/fe/fe-licenses.yml index bf2a5389..b08d157e 100644 --- a/.github/workflow-templates/fe/fe-licenses.yml +++ b/.github/workflow-templates/fe/fe-licenses.yml @@ -17,7 +17,7 @@ env: jobs: check-licenses: - uses: collaborationFactory/github-actions/.github/workflows/fe-licenses.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-licenses.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: FOSS_DIST: dist CUSTOM_LICENSES_JSON: custom-licenses/custom-licenses.json diff --git a/.github/workflow-templates/fe/fe-main.yml b/.github/workflow-templates/fe/fe-main.yml index f915310d..503f2eba 100644 --- a/.github/workflow-templates/fe/fe-main.yml +++ b/.github/workflow-templates/fe/fe-main.yml @@ -17,7 +17,7 @@ env: jobs: install-deps: - uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' secrets: @@ -26,7 +26,7 @@ jobs: # This job is only needed in case you are using Percy e2e-tests: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} @@ -35,14 +35,14 @@ jobs: build: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} snapshot: needs: build - uses: collaborationFactory/github-actions/.github/workflows/fe-snapshot.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-snapshot.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} diff --git a/.github/workflow-templates/fe/fe-pr-close.yml b/.github/workflow-templates/fe/fe-pr-close.yml index 8f16fd8a..37e86ebb 100644 --- a/.github/workflow-templates/fe/fe-pr-close.yml +++ b/.github/workflow-templates/fe/fe-pr-close.yml @@ -13,7 +13,7 @@ permissions: jobs: remove-artifacts: - uses: collaborationFactory/github-actions/.github/workflows/fe-pr-close.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-pr-close.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_BASE: ${{ github.event.pull_request.base.ref }} secrets: diff --git a/.github/workflow-templates/fe/fe-pr-snapshot.yml b/.github/workflow-templates/fe/fe-pr-snapshot.yml index 7020269d..a869323e 100644 --- a/.github/workflow-templates/fe/fe-pr-snapshot.yml +++ b/.github/workflow-templates/fe/fe-pr-snapshot.yml @@ -13,7 +13,7 @@ permissions: jobs: publish-pr-snapshot: - uses: collaborationFactory/github-actions/.github/workflows/fe-pr-snapshot.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-pr-snapshot.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_BASE: ${{ github.event.pull_request.base.ref }} secrets: diff --git a/.github/workflow-templates/fe/fe-pr.yml b/.github/workflow-templates/fe/fe-pr.yml index 9432f61e..210791cf 100644 --- a/.github/workflow-templates/fe/fe-pr.yml +++ b/.github/workflow-templates/fe/fe-pr.yml @@ -16,7 +16,7 @@ env: jobs: install-deps: - uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: ${{ github.event.pull_request.head.ref }} secrets: @@ -24,20 +24,20 @@ jobs: build: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: ${{ github.event.pull_request.head.ref }} GHA_BASE: ${{ github.event.pull_request.base.ref }} code-quality: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-code-quality.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-code-quality.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: ${{ github.event.pull_request.head.ref }} GHA_BASE: ${{ github.event.pull_request.base.ref }} e2e: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: ${{ github.event.pull_request.head.ref }} GHA_BASE: ${{ github.event.pull_request.base.ref }} diff --git a/.github/workflow-templates/fe/fe-release.yml b/.github/workflow-templates/fe/fe-release.yml index 5afbc5e3..52ff9c66 100644 --- a/.github/workflow-templates/fe/fe-release.yml +++ b/.github/workflow-templates/fe/fe-release.yml @@ -16,7 +16,7 @@ env: jobs: install-deps: - uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' secrets: @@ -24,7 +24,7 @@ jobs: e2e-tests: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} @@ -33,14 +33,14 @@ jobs: build: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} tag: needs: [build, e2e-tests] - uses: collaborationFactory/github-actions/.github/workflows/fe-tag.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-tag.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} diff --git a/.github/workflow-templates/fe/fe-tag-pushed.yml b/.github/workflow-templates/fe/fe-tag-pushed.yml index afd639ad..f2e95ecb 100644 --- a/.github/workflow-templates/fe/fe-tag-pushed.yml +++ b/.github/workflow-templates/fe/fe-tag-pushed.yml @@ -16,7 +16,7 @@ env: jobs: release-version: - uses: collaborationFactory/github-actions/.github/workflows/fe-release.yml@release/26.1 + uses: collaborationFactory/github-actions/.github/workflows/fe-release.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions secrets: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-build.yml b/.github/workflows/fe-build.yml index ff906e0d..904f940e 100644 --- a/.github/workflows/fe-build.yml +++ b/.github/workflows/fe-build.yml @@ -44,7 +44,7 @@ jobs: run: git fetch origin ${{ inputs.GHA_BASE }}:${{ inputs.GHA_BASE }} || true - name: Build and Storybook - uses: collaborationFactory/github-actions/.github/actions/run-many@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/run-many@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: target: ${{ matrix.target }} jobIndex: ${{ matrix.jobIndex }} diff --git a/.github/workflows/fe-check-upmerge.yml b/.github/workflows/fe-check-upmerge.yml index f92c76da..7d52e2a9 100644 --- a/.github/workflows/fe-check-upmerge.yml +++ b/.github/workflows/fe-check-upmerge.yml @@ -32,7 +32,7 @@ jobs: key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} - name: check if upmerge is necessary and post to slack - uses: collaborationFactory/github-actions/.github/actions/upmerge@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/upmerge@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions env: SLACK_TOKEN_UPMERGE: ${{ secrets.SLACK_TOKEN_UPMERGE }} GIT_USER_EMAIL: ${{ secrets.GIT_USER_EMAIL }} diff --git a/.github/workflows/fe-cleanup-snapshots.yml b/.github/workflows/fe-cleanup-snapshots.yml index ecaf1f87..e3335d01 100644 --- a/.github/workflows/fe-cleanup-snapshots.yml +++ b/.github/workflows/fe-cleanup-snapshots.yml @@ -39,7 +39,7 @@ jobs: dot-npmrc: ${{ secrets.DOT_NPMRC }} - name: Cleanup Snapshot Artifacts - uses: collaborationFactory/github-actions/.github/actions/snapshots@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/snapshots@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-code-quality.yml b/.github/workflows/fe-code-quality.yml index 77fc0a26..9d83756f 100644 --- a/.github/workflows/fe-code-quality.yml +++ b/.github/workflows/fe-code-quality.yml @@ -60,7 +60,7 @@ jobs: - name: Unit Tests id: test - uses: collaborationFactory/github-actions/.github/actions/run-many@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/run-many@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions continue-on-error: true with: target: ${{ matrix.target }} diff --git a/.github/workflows/fe-e2e.yml b/.github/workflows/fe-e2e.yml index 5b9e4eda..42ae57fb 100644 --- a/.github/workflows/fe-e2e.yml +++ b/.github/workflows/fe-e2e.yml @@ -48,7 +48,7 @@ jobs: - name: Affected Regression Tests id: regressionTests continue-on-error: true - uses: collaborationFactory/github-actions/.github/actions/run-many@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/run-many@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions with: target: ${{ matrix.target }} jobIndex: ${{ matrix.jobIndex }} diff --git a/.github/workflows/fe-pr-close.yml b/.github/workflows/fe-pr-close.yml index 6ccddc67..21df17f3 100644 --- a/.github/workflows/fe-pr-close.yml +++ b/.github/workflows/fe-pr-close.yml @@ -45,7 +45,7 @@ jobs: run: npm ci - name: Delete Snapshots from NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-pr-snapshot.yml b/.github/workflows/fe-pr-snapshot.yml index 8c7a884d..f01366b4 100644 --- a/.github/workflows/fe-pr-snapshot.yml +++ b/.github/workflows/fe-pr-snapshot.yml @@ -62,7 +62,7 @@ jobs: run: npm ci - name: Build and Push to Jfrog NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-release.yml b/.github/workflows/fe-release.yml index 37e04562..589f9b55 100644 --- a/.github/workflows/fe-release.yml +++ b/.github/workflows/fe-release.yml @@ -50,7 +50,7 @@ jobs: uses: dawidd6/action-get-tag@v1 - name: Build and Push to Jfrog NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-snapshot.yml b/.github/workflows/fe-snapshot.yml index e9f34692..4087b5e8 100644 --- a/.github/workflows/fe-snapshot.yml +++ b/.github/workflows/fe-snapshot.yml @@ -38,7 +38,7 @@ jobs: key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} - name: Build and Push to Jfrog NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-tag.yml b/.github/workflows/fe-tag.yml index b4a8fa54..09c457fa 100644 --- a/.github/workflows/fe-tag.yml +++ b/.github/workflows/fe-tag.yml @@ -48,7 +48,7 @@ jobs: git config user.email ${{ secrets.GIT_USER_EMAIL }} - name: Bump Version and Push new Tag - uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 + uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} From 342074d9cef9a4718b239102cde1a2ebb1d1945c Mon Sep 17 00:00:00 2001 From: Siarhei Salimau Date: Mon, 2 Feb 2026 10:49:01 +0100 Subject: [PATCH 3/3] Revert "updates target branch for uses for test changes on c-place repo in dummy PR" This reverts commit a11c750e9cd1b72c4e5aa8a9dc82536a592b3a08. --- .github/workflow-templates/fe/fe-check-upmerge.yml | 2 +- .github/workflow-templates/fe/fe-cleanup-snapshots.yml | 2 +- .github/workflow-templates/fe/fe-licenses.yml | 2 +- .github/workflow-templates/fe/fe-main.yml | 8 ++++---- .github/workflow-templates/fe/fe-pr-close.yml | 2 +- .github/workflow-templates/fe/fe-pr-snapshot.yml | 2 +- .github/workflow-templates/fe/fe-pr.yml | 8 ++++---- .github/workflow-templates/fe/fe-release.yml | 8 ++++---- .github/workflow-templates/fe/fe-tag-pushed.yml | 2 +- .github/workflows/fe-build.yml | 2 +- .github/workflows/fe-check-upmerge.yml | 2 +- .github/workflows/fe-cleanup-snapshots.yml | 2 +- .github/workflows/fe-code-quality.yml | 2 +- .github/workflows/fe-e2e.yml | 2 +- .github/workflows/fe-pr-close.yml | 2 +- .github/workflows/fe-pr-snapshot.yml | 2 +- .github/workflows/fe-release.yml | 2 +- .github/workflows/fe-snapshot.yml | 2 +- .github/workflows/fe-tag.yml | 2 +- 19 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflow-templates/fe/fe-check-upmerge.yml b/.github/workflow-templates/fe/fe-check-upmerge.yml index 8c7ffa58..3c7b6a35 100644 --- a/.github/workflow-templates/fe/fe-check-upmerge.yml +++ b/.github/workflow-templates/fe/fe-check-upmerge.yml @@ -12,7 +12,7 @@ permissions: jobs: check-upmerge: - uses: collaborationFactory/github-actions/.github/workflows/fe-check-upmerge.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-check-upmerge.yml@release/26.1 secrets: SLACK_TOKEN_UPMERGE: ${{ secrets.SLACK_TOKEN_UPMERGE }} GIT_USER_EMAIL: ${{ secrets.GIT_USER_EMAIL }} diff --git a/.github/workflow-templates/fe/fe-cleanup-snapshots.yml b/.github/workflow-templates/fe/fe-cleanup-snapshots.yml index 6b5a2e09..90b80a57 100644 --- a/.github/workflow-templates/fe/fe-cleanup-snapshots.yml +++ b/.github/workflow-templates/fe/fe-cleanup-snapshots.yml @@ -12,7 +12,7 @@ permissions: jobs: cleanup-snapshots: - uses: collaborationFactory/github-actions/.github/workflows/fe-cleanup-snapshots.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-cleanup-snapshots.yml@release/26.1 secrets: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflow-templates/fe/fe-licenses.yml b/.github/workflow-templates/fe/fe-licenses.yml index b08d157e..bf2a5389 100644 --- a/.github/workflow-templates/fe/fe-licenses.yml +++ b/.github/workflow-templates/fe/fe-licenses.yml @@ -17,7 +17,7 @@ env: jobs: check-licenses: - uses: collaborationFactory/github-actions/.github/workflows/fe-licenses.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-licenses.yml@release/26.1 with: FOSS_DIST: dist CUSTOM_LICENSES_JSON: custom-licenses/custom-licenses.json diff --git a/.github/workflow-templates/fe/fe-main.yml b/.github/workflow-templates/fe/fe-main.yml index 503f2eba..f915310d 100644 --- a/.github/workflow-templates/fe/fe-main.yml +++ b/.github/workflow-templates/fe/fe-main.yml @@ -17,7 +17,7 @@ env: jobs: install-deps: - uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@release/26.1 with: GHA_REF: '' secrets: @@ -26,7 +26,7 @@ jobs: # This job is only needed in case you are using Percy e2e-tests: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@release/26.1 with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} @@ -35,14 +35,14 @@ jobs: build: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@release/26.1 with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} snapshot: needs: build - uses: collaborationFactory/github-actions/.github/workflows/fe-snapshot.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-snapshot.yml@release/26.1 with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} diff --git a/.github/workflow-templates/fe/fe-pr-close.yml b/.github/workflow-templates/fe/fe-pr-close.yml index 37e86ebb..8f16fd8a 100644 --- a/.github/workflow-templates/fe/fe-pr-close.yml +++ b/.github/workflow-templates/fe/fe-pr-close.yml @@ -13,7 +13,7 @@ permissions: jobs: remove-artifacts: - uses: collaborationFactory/github-actions/.github/workflows/fe-pr-close.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-pr-close.yml@release/26.1 with: GHA_BASE: ${{ github.event.pull_request.base.ref }} secrets: diff --git a/.github/workflow-templates/fe/fe-pr-snapshot.yml b/.github/workflow-templates/fe/fe-pr-snapshot.yml index a869323e..7020269d 100644 --- a/.github/workflow-templates/fe/fe-pr-snapshot.yml +++ b/.github/workflow-templates/fe/fe-pr-snapshot.yml @@ -13,7 +13,7 @@ permissions: jobs: publish-pr-snapshot: - uses: collaborationFactory/github-actions/.github/workflows/fe-pr-snapshot.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-pr-snapshot.yml@release/26.1 with: GHA_BASE: ${{ github.event.pull_request.base.ref }} secrets: diff --git a/.github/workflow-templates/fe/fe-pr.yml b/.github/workflow-templates/fe/fe-pr.yml index 210791cf..9432f61e 100644 --- a/.github/workflow-templates/fe/fe-pr.yml +++ b/.github/workflow-templates/fe/fe-pr.yml @@ -16,7 +16,7 @@ env: jobs: install-deps: - uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@release/26.1 with: GHA_REF: ${{ github.event.pull_request.head.ref }} secrets: @@ -24,20 +24,20 @@ jobs: build: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@release/26.1 with: GHA_REF: ${{ github.event.pull_request.head.ref }} GHA_BASE: ${{ github.event.pull_request.base.ref }} code-quality: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-code-quality.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-code-quality.yml@release/26.1 with: GHA_REF: ${{ github.event.pull_request.head.ref }} GHA_BASE: ${{ github.event.pull_request.base.ref }} e2e: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@release/26.1 with: GHA_REF: ${{ github.event.pull_request.head.ref }} GHA_BASE: ${{ github.event.pull_request.base.ref }} diff --git a/.github/workflow-templates/fe/fe-release.yml b/.github/workflow-templates/fe/fe-release.yml index 52ff9c66..5afbc5e3 100644 --- a/.github/workflow-templates/fe/fe-release.yml +++ b/.github/workflow-templates/fe/fe-release.yml @@ -16,7 +16,7 @@ env: jobs: install-deps: - uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-install-deps.yml@release/26.1 with: GHA_REF: '' secrets: @@ -24,7 +24,7 @@ jobs: e2e-tests: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-e2e.yml@release/26.1 with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} @@ -33,14 +33,14 @@ jobs: build: needs: install-deps - uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-build.yml@release/26.1 with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} tag: needs: [build, e2e-tests] - uses: collaborationFactory/github-actions/.github/workflows/fe-tag.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-tag.yml@release/26.1 with: GHA_REF: '' GHA_BASE: ${{ github.event.before }} diff --git a/.github/workflow-templates/fe/fe-tag-pushed.yml b/.github/workflow-templates/fe/fe-tag-pushed.yml index f2e95ecb..afd639ad 100644 --- a/.github/workflow-templates/fe/fe-tag-pushed.yml +++ b/.github/workflow-templates/fe/fe-tag-pushed.yml @@ -16,7 +16,7 @@ env: jobs: release-version: - uses: collaborationFactory/github-actions/.github/workflows/fe-release.yml@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/workflows/fe-release.yml@release/26.1 secrets: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-build.yml b/.github/workflows/fe-build.yml index 904f940e..ff906e0d 100644 --- a/.github/workflows/fe-build.yml +++ b/.github/workflows/fe-build.yml @@ -44,7 +44,7 @@ jobs: run: git fetch origin ${{ inputs.GHA_BASE }}:${{ inputs.GHA_BASE }} || true - name: Build and Storybook - uses: collaborationFactory/github-actions/.github/actions/run-many@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/run-many@release/26.1 with: target: ${{ matrix.target }} jobIndex: ${{ matrix.jobIndex }} diff --git a/.github/workflows/fe-check-upmerge.yml b/.github/workflows/fe-check-upmerge.yml index 7d52e2a9..f92c76da 100644 --- a/.github/workflows/fe-check-upmerge.yml +++ b/.github/workflows/fe-check-upmerge.yml @@ -32,7 +32,7 @@ jobs: key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} - name: check if upmerge is necessary and post to slack - uses: collaborationFactory/github-actions/.github/actions/upmerge@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/upmerge@release/26.1 env: SLACK_TOKEN_UPMERGE: ${{ secrets.SLACK_TOKEN_UPMERGE }} GIT_USER_EMAIL: ${{ secrets.GIT_USER_EMAIL }} diff --git a/.github/workflows/fe-cleanup-snapshots.yml b/.github/workflows/fe-cleanup-snapshots.yml index e3335d01..ecaf1f87 100644 --- a/.github/workflows/fe-cleanup-snapshots.yml +++ b/.github/workflows/fe-cleanup-snapshots.yml @@ -39,7 +39,7 @@ jobs: dot-npmrc: ${{ secrets.DOT_NPMRC }} - name: Cleanup Snapshot Artifacts - uses: collaborationFactory/github-actions/.github/actions/snapshots@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/snapshots@release/26.1 env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-code-quality.yml b/.github/workflows/fe-code-quality.yml index 9d83756f..77fc0a26 100644 --- a/.github/workflows/fe-code-quality.yml +++ b/.github/workflows/fe-code-quality.yml @@ -60,7 +60,7 @@ jobs: - name: Unit Tests id: test - uses: collaborationFactory/github-actions/.github/actions/run-many@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/run-many@release/26.1 continue-on-error: true with: target: ${{ matrix.target }} diff --git a/.github/workflows/fe-e2e.yml b/.github/workflows/fe-e2e.yml index 42ae57fb..5b9e4eda 100644 --- a/.github/workflows/fe-e2e.yml +++ b/.github/workflows/fe-e2e.yml @@ -48,7 +48,7 @@ jobs: - name: Affected Regression Tests id: regressionTests continue-on-error: true - uses: collaborationFactory/github-actions/.github/actions/run-many@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/run-many@release/26.1 with: target: ${{ matrix.target }} jobIndex: ${{ matrix.jobIndex }} diff --git a/.github/workflows/fe-pr-close.yml b/.github/workflows/fe-pr-close.yml index 21df17f3..6ccddc67 100644 --- a/.github/workflows/fe-pr-close.yml +++ b/.github/workflows/fe-pr-close.yml @@ -45,7 +45,7 @@ jobs: run: npm ci - name: Delete Snapshots from NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-pr-snapshot.yml b/.github/workflows/fe-pr-snapshot.yml index f01366b4..8c7a884d 100644 --- a/.github/workflows/fe-pr-snapshot.yml +++ b/.github/workflows/fe-pr-snapshot.yml @@ -62,7 +62,7 @@ jobs: run: npm ci - name: Build and Push to Jfrog NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-release.yml b/.github/workflows/fe-release.yml index 589f9b55..37e04562 100644 --- a/.github/workflows/fe-release.yml +++ b/.github/workflows/fe-release.yml @@ -50,7 +50,7 @@ jobs: uses: dawidd6/action-get-tag@v1 - name: Build and Push to Jfrog NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-snapshot.yml b/.github/workflows/fe-snapshot.yml index 4087b5e8..e9f34692 100644 --- a/.github/workflows/fe-snapshot.yml +++ b/.github/workflows/fe-snapshot.yml @@ -38,7 +38,7 @@ jobs: key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }} - name: Build and Push to Jfrog NPM Registry - uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }} diff --git a/.github/workflows/fe-tag.yml b/.github/workflows/fe-tag.yml index 09c457fa..b4a8fa54 100644 --- a/.github/workflows/fe-tag.yml +++ b/.github/workflows/fe-tag.yml @@ -48,7 +48,7 @@ jobs: git config user.email ${{ secrets.GIT_USER_EMAIL }} - name: Bump Version and Push new Tag - uses: collaborationFactory/github-actions/.github/actions/artifacts@feature/PFM-TASK-7221-Restrict-GitHub-Actions-Workflow-Permissions + uses: collaborationFactory/github-actions/.github/actions/artifacts@release/26.1 env: JFROG_BASE64_TOKEN: ${{ secrets.JFROG_BASE64_TOKEN }} JFROG_URL: ${{ secrets.JFROG_URL }}