diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 40182cd6..549243ae 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -3,7 +3,7 @@ name: Audit on: - workflow_dispatch: null + workflow_dispatch: schedule: # "At 01:00 on Monday" https://crontab.guru/#0_1_*_*_1 - cron: "0 1 * * 1" @@ -23,5 +23,5 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i --package-lock + - run: npm i --ignore-scripts --package-lock - run: npm audit diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bdfc4fb3..8067c86d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ name: CI on: - workflow_dispatch: null + workflow_dispatch: pull_request: branches: - '*' @@ -30,7 +30,7 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm run lint test: @@ -82,5 +82,5 @@ jobs: if: ${{ !startsWith(matrix.node-version, '10.') }} run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm test --ignore-scripts diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index a575aff0..bae1d8d2 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -6,6 +6,7 @@ on: pull_request # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps permissions: + actions: write contents: write jobs: @@ -35,7 +36,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr checkout ${{ github.event.pull_request.number }} - npm install --no-scripts + npm install --ignore-scripts npm run template-oss-apply git add . git commit -am "chore: postinstall for dependabot template-oss PR" diff --git a/CHANGELOG.md b/CHANGELOG.md index e3a60382..c1c306a0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## [3.2.0](https://github.com/npm/template-oss/compare/v3.1.1...v3.2.0) (2022-03-25) + + +### Features + +* ignore scripts for all ci installs ([#106](https://github.com/npm/template-oss/issues/106)) ([b9c9c95](https://github.com/npm/template-oss/commit/b9c9c95f0b922a8a163ebc6b7a3faf772dc05c23)) + + +### Bug Fixes + +* allow post-dependabot action to edit workflows ([#103](https://github.com/npm/template-oss/issues/103)) ([0ca9a9e](https://github.com/npm/template-oss/commit/0ca9a9ee6ee5493112395d313c3e5632b3d5d8f7)) + +### [3.1.2](https://github.com/npm/template-oss/compare/v3.1.1...v3.1.2) (2022-03-21) + + +### Bug Fixes + +* allow post-dependabot action to edit workflows ([#103](https://github.com/npm/template-oss/issues/103)) ([0ca9a9e](https://github.com/npm/template-oss/commit/0ca9a9ee6ee5493112395d313c3e5632b3d5d8f7)) + ### [3.1.1](https://github.com/npm/template-oss/compare/v3.1.0...v3.1.1) (2022-03-21) diff --git a/lib/content/audit.yml b/lib/content/audit.yml index ed190440..3680e102 100644 --- a/lib/content/audit.yml +++ b/lib/content/audit.yml @@ -12,5 +12,5 @@ jobs: steps: {{> setupGit}} {{> setupNode}} - - run: npm i --package-lock + - run: npm i --ignore-scripts --package-lock - run: npm audit diff --git a/lib/content/ci.yml b/lib/content/ci.yml index 2c26a0f1..74a05f82 100644 --- a/lib/content/ci.yml +++ b/lib/content/ci.yml @@ -28,7 +28,7 @@ jobs: steps: {{> setupGit}} {{> setupNode}} - - run: npm i + - run: npm i --ignore-scripts - run: npm run lint {{~#if isWorkspace}} -w {{pkgName}}{{/if}} test: @@ -55,5 +55,5 @@ jobs: steps: {{> setupGit}} {{> setupNode useMatrix=true}} - - run: npm i + - run: npm i --ignore-scripts - run: npm test --ignore-scripts {{~#if isWorkspace}} -w {{pkgName}}{{/if}} diff --git a/lib/content/post-dependabot.yml b/lib/content/post-dependabot.yml index 5daa4cbf..ad8b3d42 100644 --- a/lib/content/post-dependabot.yml +++ b/lib/content/post-dependabot.yml @@ -5,6 +5,7 @@ on: # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps permissions: + actions: write contents: write jobs: @@ -25,7 +26,7 @@ jobs: GITHUB_TOKEN: $\{{ secrets.GITHUB_TOKEN }} run: | gh pr checkout $\{{ github.event.pull_request.number }} - npm install --no-scripts + npm install --ignore-scripts npm run template-oss-apply git add . git commit -am "chore: postinstall for dependabot template-oss PR" diff --git a/package.json b/package.json index d9c0278a..2a04060e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/template-oss", - "version": "3.1.1", + "version": "3.2.0", "description": "templated files used in npm CLI team oss projects", "main": "lib/content/index.js", "bin": { diff --git a/tap-snapshots/test/apply/full-content.js.test.cjs b/tap-snapshots/test/apply/full-content.js.test.cjs index 369b6917..85953af4 100644 --- a/tap-snapshots/test/apply/full-content.js.test.cjs +++ b/tap-snapshots/test/apply/full-content.js.test.cjs @@ -132,7 +132,7 @@ updates: name: Audit on: - workflow_dispatch: null + workflow_dispatch: schedule: # "At 01:00 on Monday" https://crontab.guru/#0_1_*_*_1 - cron: "0 1 * * 1" @@ -152,7 +152,7 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i --package-lock + - run: npm i --ignore-scripts --package-lock - run: npm audit .github/workflows/ci.yml @@ -162,7 +162,7 @@ jobs: name: CI on: - workflow_dispatch: null + workflow_dispatch: pull_request: branches: - '*' @@ -189,7 +189,7 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm run lint test: @@ -241,7 +241,7 @@ jobs: if: \${{ !startsWith(matrix.node-version, '10.') }} run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm test --ignore-scripts .github/workflows/codeql-analysis.yml @@ -301,6 +301,7 @@ on: pull_request # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps permissions: + actions: write contents: write jobs: @@ -330,7 +331,7 @@ jobs: GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }} run: | gh pr checkout \${{ github.event.pull_request.number }} - npm install --no-scripts + npm install --ignore-scripts npm run template-oss-apply git add . git commit -am "chore: postinstall for dependabot template-oss PR" @@ -608,7 +609,7 @@ updates: name: Audit on: - workflow_dispatch: null + workflow_dispatch: schedule: # "At 01:00 on Monday" https://crontab.guru/#0_1_*_*_1 - cron: "0 1 * * 1" @@ -628,7 +629,7 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i --package-lock + - run: npm i --ignore-scripts --package-lock - run: npm audit .github/workflows/ci-bbb.yml @@ -638,7 +639,7 @@ jobs: name: CI - bbb on: - workflow_dispatch: null + workflow_dispatch: pull_request: branches: - '*' @@ -669,7 +670,7 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm run lint -w bbb test: @@ -721,7 +722,7 @@ jobs: if: \${{ !startsWith(matrix.node-version, '10.') }} run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm test --ignore-scripts -w bbb .github/workflows/ci-name-aaaa.yml @@ -731,7 +732,7 @@ jobs: name: CI - @name/aaaa on: - workflow_dispatch: null + workflow_dispatch: pull_request: branches: - '*' @@ -762,7 +763,7 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm run lint -w @name/aaaa test: @@ -814,7 +815,7 @@ jobs: if: \${{ !startsWith(matrix.node-version, '10.') }} run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm test --ignore-scripts -w @name/aaaa .github/workflows/ci.yml @@ -824,7 +825,7 @@ jobs: name: CI on: - workflow_dispatch: null + workflow_dispatch: pull_request: branches: - '*' @@ -851,7 +852,7 @@ jobs: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm run lint test: @@ -903,7 +904,7 @@ jobs: if: \${{ !startsWith(matrix.node-version, '10.') }} run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i + - run: npm i --ignore-scripts - run: npm test --ignore-scripts .github/workflows/codeql-analysis.yml @@ -963,6 +964,7 @@ on: pull_request # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps permissions: + actions: write contents: write jobs: @@ -992,7 +994,7 @@ jobs: GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }} run: | gh pr checkout \${{ github.event.pull_request.number }} - npm install --no-scripts + npm install --ignore-scripts npm run template-oss-apply git add . git commit -am "chore: postinstall for dependabot template-oss PR" diff --git a/tap-snapshots/test/check/diffs.js.test.cjs b/tap-snapshots/test/check/diffs.js.test.cjs index 4d6e36a3..3a498f08 100644 --- a/tap-snapshots/test/check/diffs.js.test.cjs +++ b/tap-snapshots/test/check/diffs.js.test.cjs @@ -318,7 +318,7 @@ The repo file ci.yml needs to be updated: + if: \${{ !startsWith(matrix.node-version, '10.') }} + run: npm i --prefer-online --no-fund --no-audit -g npm@latest + - run: npm -v - + - run: npm i + + - run: npm i --ignore-scripts + - run: npm test --ignore-scripts To correct it: npx template-oss-apply --force @@ -338,7 +338,7 @@ The repo file audit.yml needs to be updated: name: Audit on: - workflow_dispatch: null + workflow_dispatch: schedule: # "At 01:00 on Monday" https://crontab.guru/#0_1_*_*_1 - cron: "0 1 * * 1" @@ -358,7 +358,7 @@ The repo file audit.yml needs to be updated: - name: Update npm to latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v - - run: npm i --package-lock + - run: npm i --ignore-scripts --package-lock - run: npm audit