From c4ebf1a1a5baef3dc6b77b1812e51fb100b29f00 Mon Sep 17 00:00:00 2001 From: Yasin Ghasemi Date: Thu, 12 Mar 2026 21:44:55 +0100 Subject: [PATCH 1/4] Update GitHub Actions workflows --- .github/workflows/build-dist.yml | 17 +++++------------ .github/workflows/build.yml | 19 +++++++++++++++++++ .github/workflows/jest-tests.yml | 16 ---------------- .github/workflows/prettier.yml | 10 +++++----- .../{publish-to-npm.yml => publish.yml} | 19 ++++++++++--------- .github/workflows/update-docs.yml | 6 +++--- 6 files changed, 42 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/jest-tests.yml rename .github/workflows/{publish-to-npm.yml => publish.yml} (73%) diff --git a/.github/workflows/build-dist.yml b/.github/workflows/build-dist.yml index f577108..8562958 100644 --- a/.github/workflows/build-dist.yml +++ b/.github/workflows/build-dist.yml @@ -2,27 +2,20 @@ name: Build dist on: push: - branches: - - main + branches: [main] jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: write steps: - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 with: - node-version: 20 - - - name: Install dependencies - run: npm install - - - name: Build - run: npm run build - + node-version: '24.x' + - run: npm install + - run: npm run build - name: Push dist to main-dist branch run: | git config user.name "github-actions[bot]" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..a1e4a08 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,19 @@ +name: Build + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + build: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '24.x' + - run: npm install + - run: npm run build + - run: npm test diff --git a/.github/workflows/jest-tests.yml b/.github/workflows/jest-tests.yml deleted file mode 100644 index 98c48d0..0000000 --- a/.github/workflows/jest-tests.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Jest Tests - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Install modules - run: npm i - - name: Run tests - run: npm test diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index ef54679..6fba1db 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -2,21 +2,21 @@ name: Prettier on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] jobs: prettier: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: ${{ github.head_ref }} - name: Prettify code - uses: creyD/prettier_action@v3.3 + uses: creyD/prettier_action@v4.3 with: prettier_options: --write **/*.{js,md} env: diff --git a/.github/workflows/publish-to-npm.yml b/.github/workflows/publish.yml similarity index 73% rename from .github/workflows/publish-to-npm.yml rename to .github/workflows/publish.yml index a1b071f..8460d26 100644 --- a/.github/workflows/publish-to-npm.yml +++ b/.github/workflows/publish.yml @@ -3,23 +3,25 @@ on: release: types: [created] +permissions: + contents: write + id-token: write + jobs: publish: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: - node-version: '12.x' + node-version: '24.x' registry-url: 'https://registry.npmjs.org' - run: npm install - run: npm run build - run: npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} updateDocs: - runs-on: ubuntu-20.04 - if: success() + runs-on: ubuntu-24.04 + needs: publish steps: - name: Call update docs env: @@ -28,4 +30,3 @@ jobs: WORKFLOW_ID: 90722302 run: | curl -fL --retry 3 -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ secrets.TOKEN }}" https://api.github.com/repos/${{ env.REPO }}/actions/workflows/${{ env.WORKFLOW_ID }}/dispatches -d '{"ref":"main", "inputs": {}}' - diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index 9912542..f73534b 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -4,15 +4,15 @@ on: jobs: update-docs: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: fetch-depth: 1 path: 'authentication' - - uses: actions/setup-node@v2 + - uses: actions/setup-node@v4 with: - node-version: '20.x' + node-version: '24.x' - name: Clone docs run: | cd $GITHUB_WORKSPACE/ From 4e6d8ef6f191bb8c48a6d09e9eaa9e8a699d1808 Mon Sep 17 00:00:00 2001 From: Yasin Ghasemi Date: Thu, 12 Mar 2026 21:47:13 +0100 Subject: [PATCH 2/4] fix: address Copilot security findings - Add permissions block to build.yml (contents: read) - Pin creyD/prettier_action to commit hash for supply chain safety --- .github/workflows/build.yml | 3 +++ .github/workflows/prettier.yml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a1e4a08..1af3693 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [main] +permissions: + contents: read + jobs: build: runs-on: ubuntu-24.04 diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index 6fba1db..8029bd5 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -16,7 +16,7 @@ jobs: ref: ${{ github.head_ref }} - name: Prettify code - uses: creyD/prettier_action@v4.3 + uses: creyD/prettier_action@31355f8eef017f8aeba2e0bc09d8502b13dbbad1 # v4.3 with: prettier_options: --write **/*.{js,md} env: From c323caff18a02a5c0682c231dc6fc8a61f6e0d7b Mon Sep 17 00:00:00 2001 From: Yasin Ghasemi Date: Thu, 12 Mar 2026 21:49:22 +0100 Subject: [PATCH 3/4] fix: add write permissions to prettier workflow --- .github/workflows/prettier.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index 8029bd5..dba85b8 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -6,6 +6,9 @@ on: pull_request: branches: [main] +permissions: + contents: write + jobs: prettier: runs-on: ubuntu-24.04 From d1b87288aa7f620de21ed2c359125c122013feb5 Mon Sep 17 00:00:00 2001 From: yasinghasmi Date: Thu, 12 Mar 2026 20:49:34 +0000 Subject: [PATCH 4/4] Prettified Code! --- readme.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 076e0a7..422c8c3 100644 --- a/readme.md +++ b/readme.md @@ -63,8 +63,7 @@ const authenticationContext = new AuthenticationContext({ method: "POST", body: JSON.stringify({ token }), }).then(() => {}), - refreshAccessToken: () => - fetch("/auth/refresh").then((r) => r.json()), + refreshAccessToken: () => fetch("/auth/refresh").then((r) => r.json()), revokeRefreshToken: () => fetch("/auth/revoke", { method: "POST" }).then(() => {}), });