fix(deps): resolve dependabot security vulnerabilities #1883
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| release-please: | |
| permissions: | |
| contents: write | |
| runs-on: macos-latest | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| - name: release-please | |
| id: release | |
| uses: googleapis/release-please-action@v4 | |
| with: | |
| token: ${{ secrets.CI_TOKEN }} | |
| release-type: node | |
| release-assets: | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.release_created }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| cache: pnpm | |
| node-version: latest | |
| - name: install dependencies | |
| run: pnpm install | |
| - name: build | |
| run: NUXT_APP_BASE_URL='./' pnpm generate | |
| - name: publish gh-pages | |
| uses: peaceiris/actions-gh-pages@v4 | |
| with: | |
| github_token: ${{ secrets.CI_TOKEN }} | |
| publish_dir: ./.output/public | |
| force_orphan: true | |
| cname: d.metacubex.one | |
| commit_message: ${{ needs.release-please.outputs.tag_name }} | |
| - name: compress dist | |
| run: tar czvf compressed-dist.tgz -C .output/public . | |
| - name: attach github release artifacts | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| token: ${{ secrets.CI_TOKEN }} | |
| files: compressed-dist.tgz | |
| tag_name: ${{ needs.release-please.outputs.tag_name }} | |
| release-image: | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.release_created }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-docker-action@v4 | |
| with: | |
| daemon-config: | | |
| { | |
| "debug": true, | |
| "features": { | |
| "containerd-snapshotter": true | |
| } | |
| } | |
| - uses: docker/setup-buildx-action@v3 | |
| id: buildx | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.CI_TOKEN }} | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| builder: ${{ steps.buildx.outputs.name }} | |
| file: Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: | | |
| ghcr.io/metacubex/metacubexd:latest | |
| ghcr.io/metacubex/metacubexd:${{ needs.release-please.outputs.tag_name }} | |
| update-screenshots: | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.release_created }} | |
| permissions: | |
| contents: write | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| token: ${{ secrets.CI_TOKEN }} | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| cache: pnpm | |
| node-version: latest | |
| - name: install dependencies | |
| run: pnpm install | |
| - name: install playwright browsers | |
| run: pnpm playwright install chromium | |
| - name: build with mock mode | |
| run: pnpm generate:mock | |
| - name: generate screenshots | |
| run: pnpm screenshot | |
| - name: commit and push screenshots | |
| run: | | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "github-actions[bot]" | |
| git add docs/pc/*.png docs/mobile/*.png | |
| git diff --staged --quiet || git commit -m "chore: update screenshots for ${{ needs.release-please.outputs.tag_name }} [skip ci]" | |
| git push |