ci: add dependabot integration for github actions

.github/dependabot.yml

@@ -5,13 +5,7 @@ updates:
     schedule:
       interval: daily
     open-pull-requests-limit: 10
-    ignore:
-      - dependency-name: sinon
-        versions:
-          - 10.0.0
-          - 9.2.4
-      - dependency-name: mocha
-        versions:
-          - 8.2.1
-          - 8.3.0
-          - 8.3.1
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily

.github/workflows/codeql-analysis.yml

@@ -37,7 +37,10 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+        show-progress: false
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/tests-release.yml

@@ -22,13 +22,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          show-progress: false
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
-      # install to create local package-lock.json but don't cache the files
-      # also: no audit for dev dependencies
-      - run: npm i --package-lock-only  && npm audit --production
+      - run: npm clean-install && npm audit --production
 
   # STEP 2 - basic unit tests
 
@@ -41,29 +43,25 @@ jobs:
       matrix:
         node: [16, 18, 20]
     steps:
-      - name: Checkout ${{ matrix.node }}
-        uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          show-progress: false
 
       - name: Setup node ${{ matrix.node }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node }}
-
-      - name: Cache dependencies ${{ matrix.node }}
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-${{ matrix.node }}
+          cache: npm
       # for this workflow we also require npm audit to pass
-      - run: npm i
+      - run: npm clean-install
       - run: npm run test:coverage
 
       # with the following action we enforce PRs to have a high coverage
       # and ensure, changes are tested well enough so that coverage won't fail
       - name: check coverage
-        uses: VeryGoodOpenSource/very_good_coverage@v1.2.0
+        uses: VeryGoodOpenSource/very_good_coverage@v3
         with:
           path: './coverage/lcov.info'
           min_coverage: 95
@@ -82,36 +80,34 @@ jobs:
         node: [16, 18, 20] # TODO get running for node 16+
     steps:
       # checkout this repo
-      - name: Checkout ${{ matrix.node }}
-        uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          show-progress: false
 
       # checkout express-adapter repo
-      - name: Checkout express-adapter ${{ matrix.node }}
-        uses: actions/checkout@v3
+      - name: Checkout express-adapter
+        uses: actions/checkout@v4
         with:
+          persist-credentials: false
+          show-progress: false
           repository: node-oauth/express-oauth-server
           path: github/testing/express
 
       - name: Setup node ${{ matrix.node }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node }}
-
-      - name: Cache dependencies ${{ matrix.node }}
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server-${{ hashFiles('github/testing/express/**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server
+          cache: npm
 
       # in order to test the adapter we need to use the current checkout
       # and install it as local dependency
       # we just cloned and install it as local dependency
       # xxx: added bluebird as explicit dependency
       - run: |
           cd github/testing/express
-          npm i
+          npm install
           npm install https://github.com/node-oauth/node-oauth2-server.git#${{ github.ref_name }}
           npm run test
 
@@ -121,12 +117,16 @@ jobs:
     runs-on: ubuntu-latest
     needs: [integrationtests]
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          show-progress: false
+      - uses: actions/setup-node@v4
         with:
           node-version: 16
           registry-url: https://registry.npmjs.org/
-      - run: npm i
+      - run: npm clean-install
       - run: npm publish --dry-run
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
@@ -138,13 +138,17 @@ jobs:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          show-progress: false
+      - uses: actions/setup-node@v4
         with:
           # we always publish targeting the lowest supported node version
           node-version: 16
           registry-url: $registry-url(npm)
-      - run: npm i
+      - run: npm clean-install
       - run: npm publish --dry-run
         env:
           NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/tests.yml

@@ -17,22 +17,18 @@ jobs:
     name: Javascript standard lint
     runs-on: ubuntu-latest
     steps:
-      - name: checkout
-        uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          show-progress: false
 
       - name: setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 20
-
-      - name: cache dependencies
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-16-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
-      - run: npm install
+          cache: npm
+      - run: npm clean-install
       - run: npm run lint
 
   unittest:
@@ -43,28 +39,24 @@ jobs:
       matrix:
         node: [16, 18, 20, 22]
     steps:
-    - name: Checkout ${{ matrix.node }}
-      uses: actions/checkout@v3
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+        show-progress: false
 
     - name: Setup node ${{ matrix.node }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node }}
-
-    - name: Cache dependencies ${{ matrix.node }}
-      uses: actions/cache@v3
-      with:
-        path: ~/.npm
-        key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-node-${{ matrix.node }}
-    - run: npm i
+        cache: npm
+    - run: npm clean-install
     - run: npm run test:coverage
 
     # with the following action we enforce PRs to have a high coverage
     # and ensure, changes are tested well enough so that coverage won't fail
     - name: check coverage
-      uses: VeryGoodOpenSource/very_good_coverage@v1.2.0
+      uses: VeryGoodOpenSource/very_good_coverage@v3
       with:
         path: './coverage/lcov.info'
         min_coverage: 95

.gitignore

@@ -39,6 +39,3 @@ tramp
 # coverage
 coverage
 .nyc_output
-
-package-lock.json
-yarn.lock