ci: Replace third-party GitHub Actions with trusted alternatives (#521)

mtrezza · web-flow · commit 39c07f16cbf3 · 2026-04-04T19:50:25.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,9 +15,12 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Check NPM lock file version
-        uses: mansona/npm-lockfile-version@v1
-        with:
-          version: 2
+        run: |
+          version=$(node -e "console.log(require('./package-lock.json').lockfileVersion)")
+          if [ "$version" != "2" ]; then
+            echo "::error::Expected lockfileVersion 2, got $version"
+            exit 1
+          fi
   build:
     runs-on: ubuntu-20.04
     timeout-minutes: 30
diff --git a/.github/workflows/release-automated.yml b/.github/workflows/release-automated.yml
@@ -30,6 +30,12 @@ jobs:
     if: needs.release.outputs.current_tag != ''
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deploy.outputs.page_url }}
     steps:
       - uses: actions/checkout@v3
         with:
@@ -49,8 +55,12 @@ jobs:
           npm run document
         env:
           SOURCE_TAG: ${{ needs.release.outputs.current_tag }}
-      - name: Deploy
-        uses: peaceiris/actions-gh-pages@v3.7.3
+      - name: Configure Pages
+        uses: actions/configure-pages@v5
+      - name: Upload Pages artifact
+        uses: actions/upload-pages-artifact@v4
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./.phpdoc/build
+          path: ./.phpdoc/build
+      - name: Deploy to GitHub Pages
+        id: deploy
+        uses: actions/deploy-pages@v4
diff --git a/.github/workflows/release-manual-docs.yml b/.github/workflows/release-manual-docs.yml
@@ -13,6 +13,12 @@ jobs:
     if: github.event.inputs.tag != ''
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deploy.outputs.page_url }}
     steps:
       - uses: actions/checkout@v3
         with:
@@ -32,8 +38,12 @@ jobs:
           npm run document
         env:
           SOURCE_TAG: ${{ github.event.inputs.tag }}
-      - name: Deploy
-        uses: peaceiris/actions-gh-pages@v3.7.3
+      - name: Configure Pages
+        uses: actions/configure-pages@v5
+      - name: Upload Pages artifact
+        uses: actions/upload-pages-artifact@v4
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./.phpdoc/build
+          path: ./.phpdoc/build
+      - name: Deploy to GitHub Pages
+        id: deploy
+        uses: actions/deploy-pages@v4
