dbfcfbd623
The `backspace/ember-asset-size` action we're using is unmaintained and has a bunch of vulns in it, so it won't pass security screening (this is a NodeJS action so it has piles of dependencies, 99% of which won't be in use but fails automated screening anyways). Move this to the upstream version. The `machine-learning-apps/pr-comment` action also presents a problem for the ProdSec security screening because it's archived and also runs an external Docker image. Move this to a likely-ok maintained action for now, until we can spare some time to remove this in lieu of something more reasonable that isn't a GitHub action.
25 lines
593 B
YAML
25 lines
593 B
YAML
name: Ember Asset Sizes
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'ui/**'
|
|
|
|
jobs:
|
|
build:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Use Node.js
|
|
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
|
with:
|
|
node-version: '14'
|
|
- uses: mainmatter/ember-asset-size-action@255fe534db3d2f731e0d70ce9a5de74b0a6b140a # v3
|
|
with:
|
|
repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
|
working-directory: "ui"
|