diff --git a/.github/workflows/issues-auto-manager.yml b/.github/workflows/issues-auto-manager.yml index b7af4c750..d15ae1add 100644 --- a/.github/workflows/issues-auto-manager.yml +++ b/.github/workflows/issues-auto-manager.yml @@ -7,6 +7,10 @@ on: issue_comment: types: [created] +permissions: + contents: read + issues: write + jobs: label-on-content: name: 🏷️ Label Issues by Content @@ -16,7 +20,7 @@ jobs: - name: Checkout Repository # Checkout # https://github.com/marketplace/actions/checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Auto-Label Issues (Based on Issue Content) # only auto label based on issue content once, on open (to prevent re-labeling removed labels) @@ -24,7 +28,7 @@ jobs: # Issue Labeler # https://github.com/marketplace/actions/regex-issue-labeler - uses: github/issue-labeler@v3 + uses: github/issue-labeler@v3.4 with: configuration-path: .github/issues-auto-labels.yml enable-versioned-regex: 0 @@ -39,7 +43,7 @@ jobs: if: contains(fromJSON('["👩‍💻 Good First Issue", "🙏 Help Wanted", "🪲 Confirmed", "⚠️ High Priority", "❕ Medium Priority", "💤 Low Priority"]'), github.event.label.name) # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: 'add-labels' token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -49,7 +53,7 @@ jobs: if: contains(fromJSON('["✅ Done", "✅ Done (staging)", "⚰️ Stale", "❌ wontfix"]'), github.event.label.name) # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: 'remove-labels' token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -59,7 +63,7 @@ jobs: if: contains(fromJSON('["❌ wontfix","👍 Approved","👩‍💻 Good First Issue"]'), github.event.label.name) # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: 'remove-labels' token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -69,7 +73,7 @@ jobs: if: github.event.label.name == '🪲 Confirmed' # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: 'remove-labels' token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -85,7 +89,7 @@ jobs: - name: Remove Stale Label # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: 'remove-labels' token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -101,12 +105,12 @@ jobs: - name: Checkout Repository # Checkout # https://github.com/marketplace/actions/checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Post Issue Comments Based on Labels # Label Commenter # https://github.com/marketplace/actions/label-commenter - uses: peaceiris/actions-label-commenter@v1 + uses: peaceiris/actions-label-commenter@v1.10.0 with: config_file: .github/issues-auto-comments.yml github_token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/issues-updates-on-merge.yml b/.github/workflows/issues-updates-on-merge.yml index c0d8f12f3..3a5b9a152 100644 --- a/.github/workflows/issues-updates-on-merge.yml +++ b/.github/workflows/issues-updates-on-merge.yml @@ -6,6 +6,10 @@ on: - staging - release +permissions: + contents: read + issues: write + jobs: # This runs commits to staging/release, reading the commit messages. Check `pr-auto-manager.yml`:`update-linked-issues` for PR-linked updates. update-linked-issues: @@ -16,12 +20,12 @@ jobs: - name: Checkout Repository # Checkout # https://github.com/marketplace/actions/checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Extract Linked Issues from Commit Message id: extract_issues run: | - ISSUES=$(git log -1 --pretty=%B | grep -oiE '(close|closes|closed|fix|fixes|fixed|resolve|resolves|resolved) #([0-9]+)' | awk '{print $2}' | tr -d '#' | jq -R -s -c 'split("\n")[:-1]') + ISSUES=$(git log ${{ github.event.before }}..${{ github.event.after }} --pretty=%B | grep -oiE '(close|closes|closed|fix|fixes|fixed|resolve|resolves|resolved) #([0-9]+)' | awk '{print $2}' | tr -d '#' | jq -R -s -c 'split("\n")[:-1]') echo "issues=$ISSUES" >> $GITHUB_ENV - name: Label Linked Issues diff --git a/.github/workflows/job-close-stale.yml b/.github/workflows/job-close-stale.yml index ceb381f39..9b83a6fa0 100644 --- a/.github/workflows/job-close-stale.yml +++ b/.github/workflows/job-close-stale.yml @@ -6,6 +6,11 @@ on: schedule: - cron: '0 0 * * *' # Runs every day at midnight UTC +permissions: + contents: read + issues: write + pull-requests: write + jobs: mark-inactivity: name: ⏳ Mark Issues/PRs without Activity @@ -15,7 +20,7 @@ jobs: - name: Mark Issues/PRs without Activity # Close Stale Issues and PRs # https://github.com/marketplace/actions/close-stale-issues - uses: actions/stale@v9 + uses: actions/stale@v9.1.0 with: repo-token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} days-before-stale: 183 @@ -49,7 +54,7 @@ jobs: - name: Mark Issues/PRs Awaiting User Response # Close Stale Issues and PRs # https://github.com/marketplace/actions/close-stale-issues - uses: actions/stale@v9 + uses: actions/stale@v9.1.0 with: repo-token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} days-before-stale: 7 @@ -76,7 +81,7 @@ jobs: - name: Mark Issues with Alternative Exists # Close Stale Issues and PRs # https://github.com/marketplace/actions/close-stale-issues - uses: actions/stale@v9 + uses: actions/stale@v9.1.0 with: repo-token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} days-before-stale: 7 diff --git a/.github/workflows/on-close-handler.yml b/.github/workflows/on-close-handler.yml index 2491cc622..c132e558a 100644 --- a/.github/workflows/on-close-handler.yml +++ b/.github/workflows/on-close-handler.yml @@ -6,6 +6,11 @@ on: pull_request_target: types: [closed] +permissions: + contents: read + issues: write + pull-requests: write + jobs: remove-labels: name: 🗑️ Remove Pending Labels on Close @@ -15,7 +20,7 @@ jobs: - name: Remove Pending Labels on Close # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: remove-labels token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/on-open-handler.yml b/.github/workflows/on-open-handler.yml index 1861f4167..df109f914 100644 --- a/.github/workflows/on-open-handler.yml +++ b/.github/workflows/on-open-handler.yml @@ -6,6 +6,11 @@ on: pull_request_target: types: [opened] +permissions: + contents: read + issues: write + pull-requests: write + jobs: label-maintainer: name: 🏷️ Label if Author is a Repo Maintainer @@ -16,7 +21,7 @@ jobs: - name: Label if Author is a Repo Maintainer # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: 'add-labels' token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-auto-manager.yml b/.github/workflows/pr-auto-manager.yml index e672f1412..01656c1cd 100644 --- a/.github/workflows/pr-auto-manager.yml +++ b/.github/workflows/pr-auto-manager.yml @@ -6,6 +6,10 @@ on: pull_request_review_comment: types: [created] +permissions: + contents: read + pull-requests: write + jobs: label-by-size: name: 🏷️ Label PR by Size @@ -15,7 +19,7 @@ jobs: - name: Label PR Size # Pull Request Size Labeler # https://github.com/marketplace/actions/pull-request-size-labeler - uses: codelytv/pr-size-labeler@v1 + uses: codelytv/pr-size-labeler@v1.10.2 with: GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} xs_label: '🟩 ⬤○○○○' @@ -43,12 +47,12 @@ jobs: - name: Checkout Repository # Checkout # https://github.com/marketplace/actions/checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Apply Labels Based on Branch Name and Target Branch # Pull Request Labeler # https://github.com/marketplace/actions/labeler - uses: actions/labeler@v5 + uses: actions/labeler@v5.0.0 with: configuration-path: .github/pr-auto-labels-by-branch.yml repo-token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -61,12 +65,12 @@ jobs: - name: Checkout Repository # Checkout # https://github.com/marketplace/actions/checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Apply Labels Based on Changed Files # Pull Request Labeler # https://github.com/marketplace/actions/labeler - uses: actions/labeler@v5 + uses: actions/labeler@v5.0.0 with: configuration-path: .github/pr-auto-labels-by-files.yml repo-token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -75,13 +79,13 @@ jobs: name: 🗑️ Remove Stale Label on Comment runs-on: ubuntu-latest # Only runs when this is not done by the github actions bot - if: github.actor != 'github-actions[bot]' + if: github.event_name == 'pull_request_review_comment' && github.actor != 'github-actions[bot]' steps: - name: Remove Stale Label # 🤖 Issues Helper # https://github.com/marketplace/actions/issues-helper - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@v3.6.0 with: actions: 'remove-labels' token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -95,12 +99,18 @@ jobs: # Run, even if the previous jobs were skipped/failed if: always() + # Override permissions, as this needs to write a check + permissions: + checks: write + contents: read + pull-requests: read + steps: - name: Check Merge Blocking # GitHub Script - # https://github.com/marketplace/actions/github-scriptLabels + # https://github.com/marketplace/actions/github-script id: label-check - uses: actions/github-script@v7 + uses: actions/github-script@v7.0.1 with: script: | const prLabels = context.payload.pull_request.labels.map(label => label.name); @@ -143,12 +153,12 @@ jobs: - name: Checkout Repository # Checkout # https://github.com/marketplace/actions/checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 - name: Post PR Comments Based on Labels # Label Commenter for PRs # https://github.com/marketplace/actions/label-commenter - uses: peaceiris/actions-label-commenter@v1 + uses: peaceiris/actions-label-commenter@v1.10.0 with: config_file: .github/pr-auto-comments.yml github_token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-check-merge-conflicts.yaml b/.github/workflows/pr-check-merge-conflicts.yaml index 73b3e5896..6c5acebc3 100644 --- a/.github/workflows/pr-check-merge-conflicts.yaml +++ b/.github/workflows/pr-check-merge-conflicts.yaml @@ -7,6 +7,10 @@ on: pull_request_target: types: [synchronize] +permissions: + contents: read + pull-requests: write + jobs: check-merge-conflicts: name: ⚔️ Check Merge Conflicts @@ -16,7 +20,7 @@ jobs: - name: Check Merge Conflicts # Label Conflicting Pull Requests # https://github.com/marketplace/actions/label-conflicting-pull-requests - uses: eps1lon/actions-label-merge-conflict@v3 + uses: eps1lon/actions-label-merge-conflict@v3.0.3 with: dirtyLabel: '🚫 Merge Conflicts' repoToken: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/public/script.js b/public/script.js index c85303d0e..8d3784c71 100644 --- a/public/script.js +++ b/public/script.js @@ -6861,14 +6861,14 @@ export function buildAvatarList(block, entities, { templateId = 'inline_avatar_t */ export async function unshallowCharacter(characterId) { if (characterId === undefined) { - console.warn('Undefined character cannot be unshallowed'); + console.debug('Undefined character cannot be unshallowed'); return; } /** @type {import('./scripts/char-data.js').v1CharData} */ const character = characters[characterId]; if (!character) { - console.warn('Character not found:', characterId); + console.debug('Character not found:', characterId); return; } @@ -6879,7 +6879,7 @@ export async function unshallowCharacter(characterId) { const avatar = character.avatar; if (!avatar) { - console.warn('Character has no avatar field:', characterId); + console.debug('Character has no avatar field:', characterId); return; }