Skip to content

Bump the github-actions group with 5 updates #7278

Bump the github-actions group with 5 updates

Bump the github-actions group with 5 updates #7278

# This workflow removes any assets created for manual QA testing
# from the GCP bucket once a pull request is closed.
name: Clean up PR assets
on:
pull_request:
types: [closed]
permissions:
contents: read
jobs:
remove-pr:
name: Cleanup storage
runs-on: ubuntu-latest
timeout-minutes: 5
if: >
github.event.pull_request.draft == false &&
github.event.pull_request.head.repo.fork == false &&
github.event.pull_request.user.login != 'dependabot[bot]'
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
with:
disable-file-monitoring: true
disable-sudo: true
egress-policy: block
allowed-endpoints: >
cloudresourcemanager.googleapis.com:443
dl.google.com:443
oauth2.googleapis.com:443
storage.googleapis.com:443
raw.githubusercontent.com:443
- name: Authenticate
uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Setup Cloud SDK
uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Prune PR files
run: gsutil rm -rf gs://web-stories-wp-github-artifacts/refs/pull/${{ github.event.pull_request.number }}