ci: Enhance GitHub Actions workflows

[okineadev]

• Added descriptive step names and emojis in various workflows to enhance readability
• Ensured consistent formatting across all workflows for a unified look

[netlify]

✅ Deploy Preview for creative-fairy-df92c4 ready!

Name	Link
🔨 Latest commit	b06b56a
🔍 Latest deploy log	https://app.netlify.com/sites/creative-fairy-df92c4/deploys/67ae3b2babc7e10008b44155
😎 Deploy Preview	https://deploy-preview-1370--creative-fairy-df92c4.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[Timeraa]

Not much of a fan of having emojis in actions personally but changes look fine otherwise.

[Timeraa]

Not much of a fan of having emojis in actions personally but changes look fine otherwise.

@aklinker1 has to decide on this though

[aklinker1]

Thanks for the PR, I like some of the changes, dislike some others.

• I would also prefer not to have emojis.
• I prefer to not name my jobs/steps to keep things as minimal as possible... But since WXT has grown more popular and there are more contributors, maybe it makes sense to give everything names so people can quickly understand what's going on. I'm onboard with giving names to everything
• I disagree with some of your whitespace choices... But I'll push a commit getting rid of the ones I don't agree with.

[aklinker1]

Whats the point of adding this? I don't think we use permissions on any of the other workflows

Suggested change

	permissions:
	contents: read

[okineadev]

Whats the point of adding this? I don't think we use permissions on any of the other workflows

Security.

It is necessary to grant as few rights as possible (only necessary ones), not all of them

[aklinker1]

Isn't that the default though?

[okineadev]

Isn't that the default though?

I'll check it out in a bit, I'm currently removing the emoji from the titles

[Timeraa]

Isn't that the default though?

It depends: https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

[richardm]

+1 for enforcing least privilege. It's more secure to explicitly grant the permissions needed by a job/workflow than to rely on the repo's defaults (and hope they never accidentally or maliciously get changed in a way that expands permissions for jobs that don't need them)

+1 for naming things to improve clarity for new contributors (although I'm fine with no emojis)

I would recommend also adding a CODEOWNERS file that highly restricts who can approve changes to the .github directory.

[okineadev]

+1 for enforcing least privilege. It's more secure to explicitly grant the permissions needed by a job/workflow than to rely on the repo's defaults (and hope they never accidentally or maliciously get changed in a way that expands permissions for jobs that don't need them)

+1 for naming things to improve clarity for new contributors (although I'm fine with no emojis)

I would recommend also adding a CODEOWNERS file that highly restricts who can approve changes to the .github directory.

You could also configure CodeQL to detect vulnerabilities, I did this in the organization and my projects earlier

[okineadev]

+1 for enforcing least privilege. It's more secure to explicitly grant the permissions needed by a job/workflow than to rely on the repo's defaults (and hope they never accidentally or maliciously get changed in a way that expands permissions for jobs that don't need them)

Yes, this is an important aspect, especially in checks for pull requests, as malicious code can be inserted there

[okineadev]

Regarding emojis - it really helps me navigate workflows, but if there are too many of them, it will look too childish in the logs, it's purely a matter of taste

[okineadev]

Regarding emojis - it really helps me navigate workflows, but if there are too many of them, it will look too childish in the logs, it's purely a matter of taste

There are use cases with emojis in the @material-extensions organization

[aklinker1]

@okineadev Can you update the PR to let maintainers push to it?

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork#enabling-repository-maintainer-permissions-on-existing-pull-requests

[okineadev]

@okineadev Can you update the PR to let maintainers push to it?

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork#enabling-repository-maintainer-permissions-on-existing-pull-requests

No I can't

[aklinker1]

OK, I've opened a PR into your fork with my suggested changes: okineadev-forks#1

[pkg-pr-new]

Open in Stackblitz

@wxt-dev/auto-icons

npm i https://pkg.pr.new/@wxt-dev/auto-icons@1370

@wxt-dev/module-solid

npm i https://pkg.pr.new/@wxt-dev/module-solid@1370

@wxt-dev/i18n

npm i https://pkg.pr.new/@wxt-dev/i18n@1370

@wxt-dev/module-svelte

npm i https://pkg.pr.new/@wxt-dev/module-svelte@1370

@wxt-dev/module-react

npm i https://pkg.pr.new/@wxt-dev/module-react@1370

@wxt-dev/module-vue

npm i https://pkg.pr.new/@wxt-dev/module-vue@1370

@wxt-dev/storage

npm i https://pkg.pr.new/@wxt-dev/storage@1370

@wxt-dev/unocss

npm i https://pkg.pr.new/@wxt-dev/unocss@1370

wxt

npm i https://pkg.pr.new/wxt@1370

commit: b06b56a

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.12%. Comparing base (a53ee6d) to head (b06b56a).
Report is 34 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1370      +/-   ##
==========================================
- Coverage   81.55%   81.12%   -0.44%     
==========================================
  Files         128      128              
  Lines        6296     6284      -12     
  Branches     1072     1069       -3     
==========================================
- Hits         5135     5098      -37     
- Misses       1146     1171      +25     
  Partials       15       15              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[aklinker1]

Well, sorry that took longer than usual, but it's good to go now!