Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@putout/plugin-github
Advanced tools
Readme
Automate, customize, and execute your software development workflows right in your repository with GitHub Actions.
(c) github.com
🐊Putout plugin helps with Github Actions.
npm i @putout/plugin-github -D
{
"rules": {
"github/add-continue-on-error-to-coveralls": "on",
"github/add-continue-on-error-to-add-and-commit": "on",
"github/set-node-versions": "on",
"github/install-bun": "on",
"github/install-rust": "on",
"github/convert-npm-to-bun": "on",
"github/update-actions": "on"
}
}
Add ability to continue when cannot submit coverage to Coveralls using continue-on-error
.
- name: Commit fixes
continue-on-error: true
uses: EndBug/add-and-commit@v9
with:
fetch: --force
message: "chore: ${{ env.NAME }}: actions: lint ☘️"
pull: --rebase --autostash
+ continue-on-error: true
Add ability to continue when cannot submit coverage to Coveralls using continue-on-error
.
- name: Coveralls
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
+ continue-on-error: true
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
- node-version: [16.x, 18.x, 20.x, 21.x]
+ node-version: [18.x, 20.x, 21.x, 22.x]
You can override versions with:
{
"rules": {
"github/set-node-versions": ["on", {
"versions": [
"16.x",
"18.x",
"20.x",
"21.x"
]
}]
}
}
coverallsapp/github-action@master
:
- name: Coveralls
- uses: coverallsapp/github-action@master
+ uses: coverallsapp/github-action@v2
docker/login-action
:
- name: Login to Docker Hub
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
docker/build-push
:
- name: Build and push alpine-image
- uses: docker/build-push-action@v4
+ uses: docker/build-push-action@v5
docker/setup-buildx
:
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
actions/checkout
:
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
actions/cache
:
steps:
- - uses: actions/cache@v3
+ - uses: actions/checkout@v4
actions/setup-node
:
steps:
- - uses: actions/setup-node@v2
+ - uses: actions/setup-node@v3
docker/setup-quemu
:
steps:
- name: Set up QEMU
- uses: docker/setup-qemu-action@v2
+ uses: docker/setup-qemu-action@v3
EndBug/add-and-commit
:
steps:
- uses: EndBug/add-and-commit@v7
+ uses: EndBug/add-and-commit@v9
Bun is an all-in-one toolkit for JavaScript and TypeScript apps. It ships as a single executable called bun.
At its core is the Bun runtime, a fast JavaScript runtime designed as a drop-in replacement for Node.js. It's written in Zig and powered by JavaScriptCore under the hood, dramatically reducing startup times and memory usage.
(c) bun.sh.
Checkout in 🐊Putout Editor.
steps:
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
+ - uses: oven-sh/setup-bun@v1
+ with:
+ bun-version: latest
A language empowering everyone to build reliable and efficient software.
(c) Rust.
Checkout in 🐊Putout Editor.
steps:
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
+ - name: Install Rust
+ run: runstup update
Bun is an all-in-one toolkit for JavaScript and TypeScript apps. It ships as a single executable called bun.
At its core is the Bun runtime, a fast JavaScript runtime designed as a drop-in replacement for Node.js. It's written in Zig and powered by JavaScriptCore under the hood, dramatically reducing startup times and memory usage.
(c) bun.sh.
Bun install works much faster: 40s before - 2s after.
Checkout in 🐊Putout Editor.
- name: Install Redrun
- run: npm i redrun -g
+ run: bun i redrun -g --no-save
- name: Install
- run: npm install
+ run: bun i --no-save
MIT
FAQs
🐊Putout plugin helps with github actions
The npm package @putout/plugin-github receives a total of 15,745 weekly downloads. As such, @putout/plugin-github popularity was classified as popular.
We found that @putout/plugin-github demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.