\u0623\u0635\u0628\u062d GitHub Actions \u0645\u0646\u0635\u0629 CI\/CD \u0627\u0644\u0623\u0643\u062b\u0631 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u064b\u0627 \u0639\u0644\u0649 \u0646\u0637\u0627\u0642 \u0648\u0627\u0633\u0639 \u0644\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u062a\u062c\u0627\u0631\u064a\u0629 \u0639\u0644\u0649 \u062d\u062f \u0633\u0648\u0627\u0621. \u0647\u0630\u0647 \u0627\u0644\u0634\u0639\u0628\u064a\u0629 \u062a\u062c\u0639\u0644\u0647 \u0633\u0637\u062d \u0627\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u0623\u0648\u0644 \u0641\u064a \u0628\u064a\u0626\u0629 CI\/CD. \u062a\u0642\u0648\u0645 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u064f\u0639\u062f\u064e\u0651\u0629 \u0628\u0634\u0643\u0644 \u062e\u0627\u0637\u0626 \u0628\u062a\u0633\u0631\u064a\u0628 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0628\u0634\u0643\u0644 \u0645\u0646\u062a\u0638\u0645\u060c \u0648\u0645\u0646\u062d \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0645\u0641\u0631\u0637\u0629\u060c \u0648\u0633\u062d\u0628 \u0634\u0641\u0631\u0627\u062a \u0637\u0631\u0641 \u062b\u0627\u0644\u062b \u064a\u0645\u0643\u0646 \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u0647\u0627 \u0628\u0635\u0645\u062a.<\/p>\n
\u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062e\u062a\u0628\u0631 \u0627\u0644\u0639\u0645\u0644\u064a \u0633\u062a\u0642\u0648\u0645 \u0628\u062a\u0639\u0632\u064a\u0632 \u0623\u0645\u0627\u0646 \u0633\u064a\u0631 \u0639\u0645\u0644 GitHub Actions \u063a\u064a\u0631 \u0622\u0645\u0646 \u0639\u0645\u062f\u064b\u0627 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u0643\u062b\u0631 \u062b\u0644\u0627\u062b \u062a\u0642\u0646\u064a\u0627\u062a \u062a\u0623\u062b\u064a\u0631\u064b\u0627 \u0645\u062a\u0627\u062d\u0629 \u0627\u0644\u064a\u0648\u0645:<\/p>\n
GITHUB_TOKEN<\/code> \u0644\u064a\u0634\u0645\u0644 \u0641\u0642\u0637 \u0627\u0644\u0646\u0637\u0627\u0642\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062d\u062a\u0627\u062c\u0647\u0627 \u0643\u0644 job \u0641\u0639\u0644\u064a\u064b\u0627.<\/li>\n- \u062a\u062b\u0628\u064a\u062a SHA<\/strong> \u2014 \u0627\u0644\u0625\u0634\u0627\u0631\u0629 \u0625\u0644\u0649 \u0643\u0644 action \u062a\u0627\u0628\u0639 \u0644\u0637\u0631\u0641 \u062b\u0627\u0644\u062b \u0628\u0648\u0627\u0633\u0637\u0629 SHA \u0627\u0644\u062e\u0627\u0635 \u0628\u0627\u0644\u0640 commit \u0627\u0644\u062b\u0627\u0628\u062a \u0628\u062f\u0644\u0627\u064b \u0645\u0646 tag \u0642\u0627\u0628\u0644 \u0644\u0644\u062a\u063a\u064a\u064a\u0631.<\/li>\n
- \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0623\u0633\u0631\u0627\u0631<\/strong> \u2014 \u062a\u062d\u062f\u064a\u062f \u0646\u0637\u0627\u0642 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0636\u0645\u0646 \u0628\u064a\u0626\u0627\u062a \u0645\u0639 \u0628\u0648\u0627\u0628\u0627\u062a \u0645\u0648\u0627\u0641\u0642\u0629 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0631\u064a\u0628 \u0645\u0646 \u062e\u0644\u0627\u0644 pull requests \u0627\u0644\u0642\u0627\u062f\u0645\u0629 \u0645\u0646 \u0627\u0644\u0640 forks.<\/li>\n<\/ol>\n
\u0628\u0646\u0647\u0627\u064a\u0629 \u0627\u0644\u0645\u062e\u062a\u0628\u0631 \u0633\u064a\u0643\u0648\u0646 \u0644\u062f\u064a\u0643 \u0642\u0627\u0644\u0628 \u0633\u064a\u0631 \u0639\u0645\u0644 \u062c\u0627\u0647\u0632 \u0644\u0644\u0625\u0646\u062a\u0627\u062c \u064a\u0645\u0643\u0646\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647 \u0641\u064a \u0623\u064a \u0645\u0633\u062a\u0648\u062f\u0639.<\/p>\n
\u0627\u0644\u0645\u062a\u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629<\/h2>\n\n- \u062d\u0633\u0627\u0628 GitHub \u0645\u0639 \u0635\u0644\u0627\u062d\u064a\u0629 \u0625\u0646\u0634\u0627\u0621 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639\u0627\u062a.<\/li>\n
- \u0645\u0639\u0631\u0641\u0629 \u0623\u0633\u0627\u0633\u064a\u0629 \u0628\u0635\u064a\u0627\u063a\u0629 YAML \u0641\u064a GitHub Actions (\u0627\u0644\u0645\u062d\u0641\u0632\u0627\u062a\u060c \u0627\u0644\u0648\u0638\u0627\u0626\u0641\u060c \u0627\u0644\u062e\u0637\u0648\u0627\u062a).<\/li>\n
- \u062a\u062b\u0628\u064a\u062a
gh<\/code> CLI (\u0627\u062e\u062a\u064a\u0627\u0631\u064a \u0644\u0643\u0646\u0647 \u0645\u0641\u064a\u062f \u0644\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0639\u0646 SHA \u0627\u0644\u062e\u0627\u0635 \u0628\u0627\u0644\u0640 actions).<\/li>\n<\/ul>\n\u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0628\u064a\u0626\u0629<\/h2>\n\u0625\u0646\u0634\u0627\u0621 \u0645\u0633\u062a\u0648\u062f\u0639 \u062a\u062c\u0631\u064a\u0628\u064a<\/h3>\n
\u0623\u0646\u0634\u0626 \u0645\u0633\u062a\u0648\u062f\u0639\u064b\u0627 \u0639\u0627\u0645\u064b\u0627 \u062c\u062f\u064a\u062f\u064b\u0627 \u0639\u0644\u0649 GitHub \u0628\u0627\u0633\u0645 gha-hardening-lab<\/code>. \u064a\u0645\u0643\u0646\u0643 \u0627\u0644\u0642\u064a\u0627\u0645 \u0628\u0630\u0644\u0643 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0648\u0627\u062c\u0647\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0623\u0648 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0633\u0637\u0631 \u0627\u0644\u0623\u0648\u0627\u0645\u0631:<\/p>\ngh repo create gha-hardening-lab --public --clone\ncd gha-hardening-lab<\/code><\/pre>\n\u0642\u0645 \u0628\u062a\u0647\u064a\u0626\u0629 \u0645\u0634\u0631\u0648\u0639 Node.js \u0628\u0633\u064a\u0637 \u0644\u064a\u0643\u0648\u0646 \u0644\u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0634\u064a\u0621 \u064a\u0628\u0646\u064a\u0647:<\/p>\n
npm init -y\ncat <<'EOF' > index.js\nconsole.log(\"Hello from the hardening lab\");\nEOF\ngit add -A && git commit -m \"Initial commit\" && git push<\/code><\/pre>\n\u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0623\u0648\u0644\u064a (\u063a\u064a\u0631 \u0627\u0644\u0622\u0645\u0646)<\/h3>\n
\u0623\u0646\u0634\u0626 \u0627\u0644\u0645\u0644\u0641 .github\/workflows\/build.yml<\/code> \u0628\u0627\u0644\u0645\u062d\u062a\u0648\u0649 \u0627\u0644\u062a\u0627\u0644\u064a. \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0647\u0630\u0627 \u063a\u064a\u0631 \u0622\u0645\u0646 \u0639\u0645\u062f\u064b\u0627 \u2014 \u0644\u0627 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0643\u062a\u0644\u0629 permissions\u060c \u0648\u064a\u0633\u062a\u062e\u062f\u0645 tags \u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u062a\u063a\u064a\u064a\u0631\u060c \u0648\u064a\u0643\u0634\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0628\u0634\u0643\u0644 \u0648\u0627\u0633\u0639:<\/p>\n# .github\/workflows\/build.yml \u2014 \u0646\u0642\u0637\u0629 \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u063a\u064a\u0631 \u0627\u0644\u0622\u0645\u0646\u0629\nname: Build\n\non:\n push:\n pull_request_target:\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@v4\n - uses: actions\/setup-node@v4\n with:\n node-version: 20\n - run: npm install\n - run: npm test\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n - uses: actions\/upload-artifact@v4\n with:\n name: build-output\n path: .\n<\/code><\/pre>\n\u0642\u0645 \u0628\u0639\u0645\u0644 commit \u0648\u062f\u0641\u0639 \u0647\u0630\u0627 \u0627\u0644\u0645\u0644\u0641. \u0633\u064a\u0639\u0645\u0644 \u0628\u0646\u062c\u0627\u062d\u060c \u0644\u0643\u0646\u0647 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062e\u0645\u0633 \u0645\u0634\u0627\u0643\u0644 \u0623\u0645\u0646\u064a\u0629 \u0639\u0644\u0649 \u0627\u0644\u0623\u0642\u0644 \u0633\u062a\u0642\u0648\u0645 \u0628\u0625\u0635\u0644\u0627\u062d\u0647\u0627 \u0641\u064a \u0627\u0644\u062a\u0645\u0627\u0631\u064a\u0646 \u0623\u062f\u0646\u0627\u0647.<\/p>\n
\u0627\u0644\u062a\u0645\u0631\u064a\u0646 1: \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u062f\u0646\u064a\u0627<\/h2>\n\u0645\u0634\u0643\u0644\u0629 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629<\/h3>\n
\u0639\u0646\u062f\u0645\u0627 \u0644\u0627 \u064a\u064f\u0639\u0644\u0646 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0639\u0646 \u0643\u062a\u0644\u0629 permissions<\/code>\u060c \u064a\u062d\u0635\u0644 GITHUB_TOKEN<\/code> \u0639\u0644\u0649 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0644\u0645\u0633\u062a\u0648\u062f\u0639. \u0628\u0627\u0644\u0646\u0633\u0628\u0629 \u0644\u0645\u0639\u0638\u0645 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639\u0627\u062a \u064a\u0639\u0646\u064a \u0630\u0644\u0643 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0648\u0627\u0644\u0643\u062a\u0627\u0628\u0629 \u0644\u0643\u0644 \u0646\u0637\u0627\u0642<\/strong> \u2014 contents \u0648packages \u0648issues \u0648pull requests \u0648deployments \u0648\u063a\u064a\u0631\u0647\u0627. \u0625\u0630\u0627 \u0627\u062e\u062a\u0631\u0642 \u0645\u0647\u0627\u062c\u0645 \u0623\u064a \u062e\u0637\u0648\u0629 \u0641\u064a \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0647\u0630\u0627\u060c \u0641\u0633\u064a\u0631\u062b \u062c\u0645\u064a\u0639 \u062a\u0644\u0643 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a.<\/p>\n\u064a\u062a\u0637\u0644\u0628 \u0645\u0628\u062f\u0623 \u0627\u0644\u062d\u062f \u0627\u0644\u0623\u062f\u0646\u0649 \u0645\u0646 \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0623\u0646 \u062a\u0645\u0646\u062d \u0641\u0642\u0637 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062d\u062a\u0627\u062c\u0647\u0627 \u0643\u0644 job \u0641\u0639\u0644\u064a\u064b\u0627\u060c \u0648\u0644\u0627 \u0634\u064a\u0621 \u063a\u064a\u0631 \u0630\u0644\u0643.<\/p>\n
\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u062a\u0639\u064a\u064a\u0646 \u0642\u064a\u0645\u0629 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0645\u0642\u064a\u0651\u062f\u0629 \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0623\u0639\u0644\u0649<\/h3>\n
\u0623\u0636\u0641 \u0645\u0641\u062a\u0627\u062d permissions<\/code> \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0623\u0639\u0644\u0649 \u0645\u0628\u0627\u0634\u0631\u0629 \u0628\u0639\u062f \u0643\u062a\u0644\u0629 on:<\/code>. \u0647\u0630\u0627 \u064a\u062d\u062f\u062f \u0627\u0644\u0642\u064a\u0645\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0643\u0644 job \u0641\u064a \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644:<\/p>\npermissions:\n contents: read\n<\/code><\/pre>\n\u0625\u0630\u0627 \u0623\u0631\u062f\u062a \u0627\u0644\u0628\u062f\u0621 \u0628\u0623\u0643\u062b\u0631 \u0642\u064a\u0645\u0629 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u062a\u0642\u064a\u064a\u062f\u064b\u0627 \u062b\u0645 \u0645\u0646\u062d \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0644\u0643\u0644 job \u0639\u0644\u0649 \u062d\u062f\u0629\u060c \u064a\u0645\u0643\u0646\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u0631\u064a\u0637\u0629 \u0641\u0627\u0631\u063a\u0629:<\/p>\n
permissions: {}\n<\/code><\/pre>\n\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u0625\u0636\u0627\u0641\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0644\u0643\u0644 Job<\/h3>\n
\u064a\u0645\u0643\u0646 \u0644\u0643\u0644 job \u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u0642\u064a\u0645\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644. \u0627\u0645\u0646\u062d \u0641\u0642\u0637 \u0645\u0627 \u064a\u062d\u062a\u0627\u062c\u0647 \u0627\u0644\u0640 job:<\/p>\n
jobs:\n build:\n runs-on: ubuntu-latest\n permissions:\n contents: read # \u0633\u062d\u0628 \u0627\u0644\u0634\u0641\u0631\u0629\n actions: read # \u0642\u0631\u0627\u0621\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0648\u0635\u0641\u064a\u0629\n steps:\n - uses: actions\/checkout@v4\n # ...\n<\/code><\/pre>\n\u0625\u0630\u0627 \u0643\u0627\u0646 job \u062b\u0627\u0646\u064d \u064a\u062d\u062a\u0627\u062c \u0644\u0631\u0641\u0639 \u0623\u0635\u0644 \u0625\u0635\u062f\u0627\u0631\u060c \u0633\u062a\u0645\u0646\u062d\u0647 contents: write<\/code> \u0639\u0644\u0649 \u0630\u0644\u0643 \u0627\u0644\u0640 job \u0641\u0642\u0637 \u2014 \u0648\u0644\u064a\u0633 \u0623\u0628\u062f\u064b\u0627 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644.<\/p>\n\u0642\u0628\u0644 \u0648\u0628\u0639\u062f<\/h3>\n
\u0642\u0628\u0644 (\u063a\u064a\u0631 \u0622\u0645\u0646):<\/strong><\/p>\nname: Build\non:\n push:\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@v4\n - run: npm install\n<\/code><\/pre>\n\u0628\u0639\u062f (\u0645\u064f\u0639\u0632\u064e\u0651\u0632):<\/strong><\/p>\nname: Build\non:\n push:\n branches: [main]\n\npermissions:\n contents: read\n\njobs:\n build:\n runs-on: ubuntu-latest\n permissions:\n contents: read\n actions: read\n steps:\n - uses: actions\/checkout@v4\n - run: npm install\n<\/code><\/pre>\n\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0641\u0639\u0644\u064a\u0629<\/h3>\n
\u0628\u0639\u062f \u062a\u0634\u063a\u064a\u0644 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644\u060c \u0627\u0641\u062a\u062d \u0627\u0644\u0640 job \u0641\u064a \u062a\u0628\u0648\u064a\u0628 Actions. \u0627\u0646\u0642\u0631 \u0639\u0644\u0649 \u0623\u064a\u0642\u0648\u0646\u0629 \u0627\u0644\u062a\u0631\u0633 \u0641\u064a \u0623\u0639\u0644\u0649 \u064a\u0645\u064a\u0646 \u0633\u062c\u0644 \u0627\u0644\u0640 job \u0648\u0627\u062e\u062a\u0631 “Set up job”<\/strong>. \u0648\u0633\u0651\u0639 \u0647\u0630\u0627 \u0627\u0644\u0642\u0633\u0645 \u0644\u0631\u0624\u064a\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a GITHUB_TOKEN<\/code> \u0627\u0644\u062f\u0642\u064a\u0642\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0645\u0646\u062d\u0647\u0627. \u062a\u0623\u0643\u062f \u0623\u0646 contents: read<\/code> \u0648actions: read<\/code> \u0641\u0642\u0637 \u062a\u0638\u0647\u0631\u0627\u0646.<\/p>\n\u064a\u0645\u0643\u0646\u0643 \u0623\u064a\u0636\u064b\u0627 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0639\u0646 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u064b\u0627 \u062f\u0627\u062e\u0644 \u062e\u0637\u0648\u0629:<\/p>\n
- name: Print token permissions\n run: |\n curl -s -H \"Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}\" \\\n https:\/\/api.github.com\/repos\/${{ github.repository }} \\\n | jq '.permissions'\n<\/code><\/pre>\n\u0627\u0644\u062a\u0645\u0631\u064a\u0646 2: \u062a\u062b\u0628\u064a\u062a Actions \u0628\u0648\u0627\u0633\u0637\u0629 SHA<\/h2>\n\u0644\u0645\u0627\u0630\u0627 \u062a\u064f\u0639\u062f Tags \u062e\u0637\u064a\u0631\u0629<\/h3>\n
\u0639\u0646\u062f\u0645\u0627 \u062a\u0643\u062a\u0628 uses: actions\/checkout@v4<\/code>\u060c \u0641\u0623\u0646\u062a \u062a\u0634\u064a\u0631 \u0625\u0644\u0649 Git tag. \u0627\u0644\u0640 Tags \u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u062a\u063a\u064a\u064a\u0631 \u2014 \u064a\u0645\u0643\u0646 \u0644\u0645\u0634\u0631\u0641 \u0627\u0644\u0640 action (\u0623\u0648 \u0645\u0647\u0627\u062c\u0645 \u064a\u062e\u062a\u0631\u0642 \u062d\u0633\u0627\u0628\u0647) \u062d\u0630\u0641 \u0648\u0625\u0639\u0627\u062f\u0629 \u0625\u0646\u0634\u0627\u0621 \u0627\u0644\u0640 tag \u0644\u064a\u0634\u064a\u0631 \u0625\u0644\u0649 \u0634\u0641\u0631\u0629 \u0645\u062e\u062a\u0644\u0641\u0629 \u062a\u0645\u0627\u0645\u064b\u0627. \u0633\u064a\u0642\u0648\u0645 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u062e\u0627\u0635 \u0628\u0643 \u0628\u0639\u062f \u0630\u0644\u0643 \u0628\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0634\u0641\u0631\u0629 \u0627\u0644\u062c\u062f\u064a\u062f\u0629 \u0628\u0635\u0645\u062a \u0641\u064a \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u062a\u0627\u0644\u064a. \u064a\u0632\u064a\u0644 \u062a\u062b\u0628\u064a\u062a SHA \u0647\u0630\u0627 \u0627\u0644\u062e\u0637\u0631 \u0644\u0623\u0646 SHA \u0627\u0644\u062e\u0627\u0635 \u0628\u0627\u0644\u0640 commit \u062b\u0627\u0628\u062a \u0648\u0644\u0627 \u064a\u0645\u0643\u0646 \u062a\u063a\u064a\u064a\u0631\u0647.<\/p>\n\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u0625\u064a\u062c\u0627\u062f SHA \u0627\u0644\u062e\u0627\u0635 \u0628\u0640 Action<\/h3>\n
\u0627\u0633\u062a\u062e\u062f\u0645 gh<\/code> CLI \u0644\u062a\u062d\u0648\u064a\u0644 tag \u0625\u0644\u0649 SHA \u0627\u0644\u062e\u0627\u0635 \u0628\u0627\u0644\u0640 commit:<\/p>\n# \u062a\u062d\u0648\u064a\u0644 actions\/checkout@v4 \u0625\u0644\u0649 SHA \u0627\u0644\u062e\u0627\u0635 \u0628\u0627\u0644\u0640 commit\ngh api repos\/actions\/checkout\/git\/ref\/tags\/v4 --jq '.object.sha'<\/code><\/pre>\n\u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0640 tag \u0645\u064f\u0634\u0631\u0648\u062d\u064b\u0627 (\u0645\u0639\u0638\u0645\u0647\u0627 \u0643\u0630\u0644\u0643)\u060c \u064a\u064f\u0631\u062c\u0639 \u0627\u0644\u0623\u0645\u0631 \u0623\u0639\u0644\u0627\u0647 SHA \u0627\u0644\u062e\u0627\u0635 \u0628\u0643\u0627\u0626\u0646 \u0627\u0644\u0640 tag. \u062a\u062d\u062a\u0627\u062c \u0644\u0625\u0644\u063a\u0627\u0621 \u0645\u0631\u062c\u0639\u064a\u062a\u0647 \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0640 commit:<\/p>\n
TAG_SHA=$(gh api repos\/actions\/checkout\/git\/ref\/tags\/v4 --jq '.object.sha')\ngh api repos\/actions\/checkout\/git\/tags\/$TAG_SHA --jq '.object.sha'<\/code><\/pre>\n\u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0630\u0644\u0643\u060c \u0642\u0645 \u0628\u0632\u064a\u0627\u0631\u0629 \u0645\u0633\u062a\u0648\u062f\u0639 \u0627\u0644\u0640 action \u0639\u0644\u0649 GitHub\u060c \u0627\u0646\u0642\u0631 \u0639\u0644\u0649 \u0627\u0644\u0640 tag\u060c \u0648\u0627\u0646\u0633\u062e SHA \u0627\u0644\u0643\u0627\u0645\u0644 \u0644\u0644\u0640 commit \u0645\u0646 \u0627\u0644\u0631\u0627\u0628\u0637 \u0623\u0648 \u0631\u0623\u0633 \u0627\u0644\u0640 commit.<\/p>\n
\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u062a\u062b\u0628\u064a\u062a Actions \u0627\u0644\u0634\u0627\u0626\u0639\u0629<\/h3>\n
\u0627\u0633\u062a\u0628\u062f\u0644 \u0643\u0644 tag \u0642\u0627\u0628\u0644 \u0644\u0644\u062a\u063a\u064a\u064a\u0631 \u0628\u0640 SHA \u0627\u0644\u0643\u0627\u0645\u0644 \u0627\u0644\u0645\u0643\u0648\u0646 \u0645\u0646 40 \u062d\u0631\u0641\u064b\u0627. \u0623\u0636\u0641 \u062f\u0627\u0626\u0645\u064b\u0627 \u062a\u0639\u0644\u064a\u0642\u064b\u0627 \u0641\u064a \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u064a\u062d\u062a\u0648\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0644\u0633\u0647\u0648\u0644\u0629 \u0627\u0644\u0642\u0631\u0627\u0621\u0629:<\/p>\n
steps:\n - uses: actions\/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2\n - uses: actions\/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0\n with:\n node-version: 20\n - uses: actions\/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3\n with:\n path: ~\/.npm\n key: ${{ runner.os }}-node-${{ hashFiles('**\/package-lock.json') }}\n - uses: actions\/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2\n with:\n name: build-output\n path: dist\/\n<\/code><\/pre>\n\u0627\u0644\u062e\u0637\u0648\u0629 3 \u2014 \u0623\u062a\u0645\u062a\u0629 \u062a\u062d\u062f\u064a\u062b\u0627\u062a SHA \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 Dependabot<\/h3>\n
\u0627\u0644\u062a\u062b\u0628\u064a\u062a \u0628\u0648\u0627\u0633\u0637\u0629 SHA \u064a\u0639\u0646\u064a \u0623\u0646\u0643 \u0644\u0646 \u062a\u062d\u0635\u0644 \u0639\u0644\u0649 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u062a\u0644\u0642\u0627\u0626\u064a\u0629 \u0642\u0627\u0626\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u0640 tags. \u064a\u062d\u0644 Dependabot \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0628\u0641\u062a\u062d pull requests \u0639\u0646\u062f\u0645\u0627 \u064a\u0646\u0634\u0631 action \u0645\u062b\u0628\u062a \u0625\u0635\u062f\u0627\u0631\u064b\u0627 \u062c\u062f\u064a\u062f\u064b\u0627.<\/p>\n
\u0623\u0646\u0634\u0626 \u0627\u0644\u0645\u0644\u0641 .github\/dependabot.yml<\/code>:<\/p>\nversion: 2\nupdates:\n - package-ecosystem: \"github-actions\"\n directory: \"\/\"\n schedule:\n interval: \"weekly\"\n commit-message:\n prefix: \"ci\"\n<\/code><\/pre>\n\u0628\u0639\u062f \u062f\u0641\u0639 \u0647\u0630\u0627 \u0627\u0644\u0645\u0644\u0641\u060c \u0633\u064a\u0642\u0648\u0645 Dependabot \u0628\u0641\u062d\u0635 \u0633\u064a\u0631 \u0639\u0645\u0644\u0643 \u0623\u0633\u0628\u0648\u0639\u064a\u064b\u0627 \u0648\u0641\u062a\u062d PRs \u0644\u062a\u062d\u062f\u064a\u062b SHA \u0627\u0644\u0645\u062b\u0628\u062a\u0629. \u064a\u064f\u0638\u0647\u0631 \u0643\u0644 PR \u0627\u0644\u0641\u0631\u0642 \u0641\u064a \u0634\u0641\u0631\u0629 \u0627\u0644\u0640 action\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d\u0643 \u0641\u0631\u0635\u0629 \u0644\u0644\u0645\u0631\u0627\u062c\u0639\u0629 \u0642\u0628\u0644 \u0627\u0644\u062f\u0645\u062c.<\/p>\n
\u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u0641\u0636\u0644 Renovate \u0639\u0644\u0649 Dependabot\u060c \u0623\u0636\u0641 \u0645\u0644\u0641 renovate.json<\/code> \u0641\u064a \u062c\u0630\u0631 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639:<\/p>\n{\n \"$schema\": \"https:\/\/docs.renovatebot.com\/renovate-schema.json\",\n \"extends\": [\"config:recommended\"],\n \"github-actions\": {\n \"enabled\": true\n }\n}\n<\/code><\/pre>\n\u0627\u0644\u062a\u0645\u0631\u064a\u0646 3: \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0623\u0633\u0631\u0627\u0631<\/h2>\n\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u0645\u0642\u0627\u0628\u0644 \u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0628\u064a\u0626\u0629<\/h3>\n
\u064a\u0648\u0641\u0631 GitHub \u0645\u0633\u062a\u0648\u064a\u064a\u0646 \u0644\u062a\u062e\u0632\u064a\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631:<\/p>\n
\n- \u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639<\/strong> \u2014 \u0645\u062a\u0627\u062d\u0629 \u0644\u0643\u0644 \u0633\u064a\u0631 \u0639\u0645\u0644 \u0648\u0643\u0644 job \u0641\u064a \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639. \u0645\u0631\u064a\u062d\u0629 \u0644\u0643\u0646\u0647\u0627 \u0648\u0627\u0633\u0639\u0629 \u0627\u0644\u0646\u0637\u0627\u0642 \u0628\u0634\u0643\u0644 \u0645\u0641\u0631\u0637.<\/li>\n
- \u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0628\u064a\u0626\u0629<\/strong> \u2014 \u0645\u062a\u0627\u062d\u0629 \u0641\u0642\u0637 \u0644\u0644\u0640 jobs \u0627\u0644\u062a\u064a \u062a\u064f\u0639\u0644\u0646 \u0635\u0631\u0627\u062d\u0629 \u0639\u0646
environment: <name><\/code>. \u0647\u0630\u0627 \u0647\u0648 \u0627\u0644\u0646\u0647\u062c \u0627\u0644\u0645\u0648\u0635\u0649 \u0628\u0647 \u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u062d\u0633\u0627\u0633\u0629.<\/li>\n<\/ul>\n\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u0625\u0646\u0634\u0627\u0621 \u0628\u064a\u0626\u0629 \u0645\u0639 \u0642\u0648\u0627\u0639\u062f \u062d\u0645\u0627\u064a\u0629<\/h3>\n
\u0641\u064a \u0645\u0633\u062a\u0648\u062f\u0639\u0643\u060c \u0627\u0646\u062a\u0642\u0644 \u0625\u0644\u0649 Settings → Environments<\/strong> \u0648\u0623\u0646\u0634\u0626 \u0628\u064a\u0626\u0629 \u062a\u0633\u0645\u0649 production<\/code>. \u0642\u0645 \u0628\u062a\u0645\u0643\u064a\u0646 \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629:<\/p>\n\n- \u0627\u0644\u0645\u0631\u0627\u062c\u0639\u0648\u0646 \u0627\u0644\u0645\u0637\u0644\u0648\u0628\u0648\u0646<\/strong> \u2014 \u0623\u0636\u0641 \u0639\u0636\u0648\u064b\u0627 \u0648\u0627\u062d\u062f\u064b\u0627 \u0639\u0644\u0649 \u0627\u0644\u0623\u0642\u0644 \u0645\u0646 \u0627\u0644\u0641\u0631\u064a\u0642 \u064a\u062c\u0628 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0627\u0641\u0642\u0629 \u0639\u0644\u0649 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0646\u0634\u0631.<\/li>\n
- \u0645\u0624\u0642\u062a \u0627\u0644\u0627\u0646\u062a\u0638\u0627\u0631<\/strong> \u2014 \u0623\u0636\u0641 \u0627\u062e\u062a\u064a\u0627\u0631\u064a\u064b\u0627 \u062a\u0623\u062e\u064a\u0631\u064b\u0627 (\u0645\u062b\u0644\u0627\u064b 5 \u062f\u0642\u0627\u0626\u0642) \u0644\u0645\u0646\u062d \u0627\u0644\u0645\u0631\u0627\u062c\u0639\u064a\u0646 \u0648\u0642\u062a\u064b\u0627.<\/li>\n
- \u0641\u0631\u0648\u0639 \u0627\u0644\u0646\u0634\u0631<\/strong> \u2014 \u0642\u064a\u0651\u062f \u0628\u0641\u0631\u0639
main<\/code> \u0641\u0642\u0637.<\/li>\n<\/ol>\n\u0627\u0644\u0622\u0646 \u0623\u0636\u0641 DEPLOY_TOKEN<\/code> \u0627\u0644\u062e\u0627\u0635 \u0628\u0643 \u0643\u0633\u0631 \u062f\u0627\u062e\u0644 \u0647\u0630\u0647 \u0627\u0644\u0628\u064a\u0626\u0629\u060c \u0648\u0644\u064a\u0633 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/p>\n\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u0627\u0644\u0625\u0634\u0627\u0631\u0629 \u0625\u0644\u0649 \u0627\u0644\u0628\u064a\u0626\u0629 \u0641\u064a \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644<\/h3>\njobs:\n deploy:\n runs-on: ubuntu-latest\n environment: production\n permissions:\n contents: read\n steps:\n - uses: actions\/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2\n - name: Deploy\n run: .\/deploy.sh\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n<\/code><\/pre>\n\u0625\u0639\u0644\u0627\u0646 environment: production<\/code> \u064a\u0639\u0646\u064a \u0623\u0646 \u0647\u0630\u0627 \u0627\u0644\u0640 job \u0633\u064a\u062a\u0648\u0642\u0641 \u0648\u064a\u0646\u062a\u0638\u0631 \u0645\u0648\u0627\u0641\u0642\u0629 \u0645\u0631\u0627\u062c\u0639 \u0642\u0628\u0644 \u062a\u0634\u063a\u064a\u0644 \u0623\u064a \u062e\u0637\u0648\u0629. \u0633\u0631 DEPLOY_TOKEN<\/code> \u0645\u062a\u0627\u062d \u0641\u0642\u0637 \u062f\u0627\u062e\u0644 \u0647\u0630\u0647 \u0627\u0644\u0628\u064a\u0626\u0629 \u2014 \u0644\u0627 \u064a\u0645\u0643\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u064a\u0647 \u0645\u0646 jobs \u0623\u0648 \u0633\u064a\u0631 \u0639\u0645\u0644 \u0623\u062e\u0631\u0649 \u0644\u0627 \u062a\u064f\u0639\u0644\u0646 \u0639\u0646 \u0647\u0630\u0647 \u0627\u0644\u0628\u064a\u0626\u0629.<\/p>\n\u0627\u0644\u062e\u0637\u0648\u0629 3 \u2014 \u0641\u0647\u0645 \u0633\u0644\u0648\u0643 \u0627\u0644\u0640 Forks<\/h3>\n
\u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u063a\u064a\u0631<\/strong> \u0645\u062a\u0627\u062d\u0629 \u0644\u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u064f\u062d\u0641\u064e\u0651\u0632 \u0628\u0623\u062d\u062f\u0627\u062b pull_request<\/code> \u0645\u0646 \u0627\u0644\u0640 forks. \u0647\u0630\u0627 \u062d\u062f \u0623\u0645\u0646\u064a \u062d\u0627\u0633\u0645. \u0625\u0630\u0627 \u0623\u0646\u0634\u0623\u062a \u0633\u064a\u0631 \u0639\u0645\u0644 \u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0623\u062b\u0646\u0627\u0621 \u0641\u062d\u0648\u0635\u0627\u062a PR\u060c \u0633\u064a\u0641\u0634\u0644 \u0644\u0644\u0645\u0633\u0627\u0647\u0645\u064a\u0646 \u0627\u0644\u062e\u0627\u0631\u062c\u064a\u064a\u0646:<\/p>\n# \u0647\u0630\u0647 \u0627\u0644\u062e\u0637\u0648\u0629 \u0633\u062a\u0641\u0634\u0644 \u0644\u0640 PRs \u0645\u0646 \u0627\u0644\u0640 forks \u0644\u0623\u0646 DEPLOY_TOKEN \u0641\u0627\u0631\u063a\n- name: Authenticated API call\n run: |\n curl -H \"Authorization: Bearer $DEPLOY_TOKEN\" https:\/\/api.example.com\/health\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n<\/code><\/pre>\n\u0647\u0630\u0627 \u0628\u0627\u0644\u062a\u0635\u0645\u064a\u0645<\/strong> \u2014 \u0625\u0646\u0647 \u064a\u0645\u0646\u0639 \u0627\u0644\u0640 forks \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0645\u0646 \u062a\u0633\u0631\u064a\u0628 \u0623\u0633\u0631\u0627\u0631\u0643.<\/p>\n\u0627\u0644\u062e\u0637\u0648\u0629 4 \u2014 \u062e\u0637\u0631 pull_request_target<\/h3>\n
\u064a\u0639\u0645\u0644 \u0645\u062d\u0641\u0632 pull_request_target<\/code> \u0641\u064a \u0633\u064a\u0627\u0642 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u0627\u0644\u0623\u0633\u0627\u0633\u064a<\/strong>\u060c \u0645\u0645\u0627 \u064a\u0639\u0646\u064a \u0623\u0646\u0647 \u064a\u0645\u0644\u0643<\/em> \u062d\u0642 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0623\u0633\u0631\u0627\u0631. \u0647\u0630\u0627 \u062e\u0637\u064a\u0631 \u0644\u0644\u063a\u0627\u064a\u0629 \u0625\u0630\u0627 \u0642\u0645\u062a \u0623\u064a\u0636\u064b\u0627 \u0628\u0633\u062d\u0628 \u0634\u0641\u0631\u0629 \u0631\u0623\u0633 \u0627\u0644\u0640 PR:<\/p>\n# \u062e\u0637\u064a\u0631 \u2014 \u0644\u0627 \u062a\u0641\u0639\u0644 \u0647\u0630\u0627\non:\n pull_request_target:\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2\n with:\n ref: ${{ github.event.pull_request.head.sha }} # \u064a\u0633\u062d\u0628 \u0634\u0641\u0631\u0629 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629\n - run: npm install # \u064a\u0646\u0641\u0630 \u0634\u0641\u0631\u0629 \u064a\u062a\u062d\u0643\u0645 \u0628\u0647\u0627 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0639 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0623\u0633\u0631\u0627\u0631\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n<\/code><\/pre>\n\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u0639\u062f\u064a\u0644 package.json<\/code> \u0644\u064a\u062a\u0636\u0645\u0646 \u0633\u0643\u0631\u064a\u0628\u062a postinstall<\/code> \u064a\u0633\u0631\u0651\u0628 DEPLOY_TOKEN<\/code>. \u0644\u0627 \u062a\u062c\u0645\u0639 \u0623\u0628\u062f\u064b\u0627 \u0628\u064a\u0646 pull_request_target<\/code> \u0648\u0633\u062d\u0628 \u0631\u0623\u0633 \u0627\u0644\u0640 PR \u0625\u0644\u0627 \u0625\u0630\u0627 \u0642\u0645\u062a \u0628\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0634\u0641\u0631\u0629 \u0648\u0639\u0632\u0644\u0647\u0627 \u0635\u0631\u0627\u062d\u0629.<\/p>\n\u0627\u0644\u0628\u062f\u064a\u0644 \u0627\u0644\u0622\u0645\u0646:<\/strong> \u0627\u0633\u062a\u062e\u062f\u0645 \u0645\u062d\u0641\u0632 pull_request<\/code> \u0627\u0644\u0642\u064a\u0627\u0633\u064a \u0644\u0633\u064a\u0631 \u0639\u0645\u0644 \u0627\u0644\u0628\u0646\u0627\u0621 \u0648\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631. \u0627\u062d\u062a\u0641\u0638 \u0628\u0640 pull_request_target<\/code> \u0641\u0642\u0637 \u0644\u0633\u064a\u0631 \u0639\u0645\u0644 \u0627\u0644\u062a\u0635\u0646\u064a\u0641 \u0623\u0648 \u0627\u0644\u062a\u0639\u0644\u064a\u0642 \u0627\u0644\u062a\u064a \u0644\u0627 \u062a\u0646\u0641\u0630 \u0623\u0628\u062f\u064b\u0627 \u0634\u0641\u0631\u0629 \u0627\u0644\u0640 PR.<\/p>\n\u0645\u0644\u062e\u0635 \u0623\u0641\u0636\u0644 \u0627\u0644\u0645\u0645\u0627\u0631\u0633\u0627\u062a<\/h3>\n\n- \u062e\u0632\u0651\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0641\u064a \u0627\u0644\u0628\u064a\u0626\u0627\u062a\u060c \u0648\u0644\u064a\u0633 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/li>\n
- \u0623\u0636\u0641 \u0645\u0631\u0627\u062c\u0639\u064a\u0646 \u0645\u0637\u0644\u0648\u0628\u064a\u0646 \u0648\u0642\u064a\u0648\u062f \u0641\u0631\u0648\u0639 \u0644\u0643\u0644 \u0628\u064a\u0626\u0629 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0625\u0646\u062a\u0627\u062c.<\/li>\n
- \u0627\u0633\u062a\u062e\u062f\u0645 \u0645\u062d\u0641\u0632
pull_request<\/code> \u0644\u0640 CI. \u062a\u062c\u0646\u0628 pull_request_target<\/code> \u0625\u0644\u0627 \u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u0641\u0647\u0645 \u062a\u0645\u0627\u0645\u064b\u0627 \u0622\u062b\u0627\u0631 \u0627\u0644\u062b\u0642\u0629.<\/li>\n- \u0635\u0645\u0651\u0645 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0628\u062d\u064a\u062b \u062a\u0643\u0648\u0646 \u0627\u0644\u0640 jobs \u0627\u0644\u062a\u064a \u062a\u062d\u062a\u0627\u062c \u0623\u0633\u0631\u0627\u0631\u064b\u0627 \u0645\u0646\u0641\u0635\u0644\u0629 \u0639\u0646 \u0627\u0644\u0640 jobs \u0627\u0644\u062a\u064a \u062a\u0634\u063a\u0644 \u0634\u0641\u0631\u0629 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.<\/li>\n<\/ul>\n
\u0627\u0644\u062a\u0645\u0631\u064a\u0646 4: \u062a\u0639\u0632\u064a\u0632 \u0625\u0636\u0627\u0641\u064a<\/h2>\n\u0645\u0646\u0639 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u0627\u062a \u0627\u0644\u0645\u0643\u0631\u0631\u0629 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 Concurrency<\/h3>\n
\u0628\u062f\u0648\u0646 \u0633\u064a\u0627\u0633\u0629 concurrency\u060c \u064a\u0624\u062f\u064a \u062f\u0641\u0639 \u0639\u062f\u0629 commits \u0628\u062a\u062a\u0627\u0628\u0639 \u0633\u0631\u064a\u0639 \u0625\u0644\u0649 \u062a\u0634\u063a\u064a\u0644 \u0639\u062f\u0629 \u0639\u0645\u0644\u064a\u0627\u062a \u0633\u064a\u0631 \u0639\u0645\u0644 \u062a\u0647\u062f\u0631 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0648\u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0633\u0628\u0628 \u062d\u0627\u0644\u0627\u062a \u0633\u0628\u0627\u0642 \u0623\u062b\u0646\u0627\u0621 \u0627\u0644\u0646\u0634\u0631. \u0623\u0636\u0641 \u0643\u062a\u0644\u0629 concurrency<\/code> \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644:<\/p>\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n<\/code><\/pre>\n\u0647\u0630\u0627 \u064a\u0644\u063a\u064a \u0623\u064a \u062a\u0634\u063a\u064a\u0644 \u062c\u0627\u0631\u064d \u0644\u0646\u0641\u0633 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0648\u0627\u0644\u0641\u0631\u0639 \u0639\u0646\u062f \u062f\u0641\u0639 commit \u062c\u062f\u064a\u062f.<\/p>\n
\u062a\u0639\u064a\u064a\u0646 \u062d\u062f\u0648\u062f \u0627\u0644\u0645\u0647\u0644\u0629 \u0627\u0644\u0632\u0645\u0646\u064a\u0629<\/h3>\n
\u064a\u0645\u0643\u0646 \u0644\u0640 job \u0645\u0639\u0644\u0651\u0642 \u0623\u0646 \u064a\u0633\u062a\u0647\u0644\u0643 \u062f\u0642\u0627\u0626\u0642 \u0627\u0644\u0645\u0634\u063a\u0651\u0644 \u0625\u0644\u0649 \u0623\u062c\u0644 \u063a\u064a\u0631 \u0645\u0633\u0645\u0649. \u0639\u064a\u0651\u0646 \u062f\u0627\u0626\u0645\u064b\u0627 \u0645\u0647\u0644\u0629 \u0632\u0645\u0646\u064a\u0629 \u0635\u0631\u064a\u062d\u0629:<\/p>\n
jobs:\n build:\n runs-on: ubuntu-latest\n timeout-minutes: 15\n<\/code><\/pre>\n\u0627\u062e\u062a\u0631 \u0642\u064a\u0645\u0629 \u062a\u0645\u0646\u062d \u0628\u0646\u0627\u0621\u0643 \u0647\u0627\u0645\u0634\u064b\u0627 \u0643\u0627\u0641\u064a\u064b\u0627 \u0644\u0643\u0646 \u062a\u0645\u0646\u0639 \u0627\u0644\u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u062c\u0627\u0645\u062d\u0629. \u0644\u0645\u0639\u0638\u0645 \u0628\u0646\u0627\u0621\u0627\u062a Node.js \u0623\u0648 Go\u060c \u062a\u0639\u062f 10 \u0625\u0644\u0649 20 \u062f\u0642\u064a\u0642\u0629 \u0643\u0627\u0641\u064a\u0629.<\/p>\n
\u062a\u0642\u064a\u064a\u062f \u0645\u062d\u0641\u0632\u0627\u062a \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644<\/h3>\n
\u062a\u062c\u0646\u0628 \u0627\u0644\u0645\u062d\u0641\u0632\u0627\u062a \u0627\u0644\u0645\u062c\u0631\u062f\u0629 \u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0643\u0644 \u0641\u0631\u0639:<\/p>\n
# \u0648\u0627\u0633\u0639 \u062c\u062f\u064b\u0627 \u2014 \u064a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0643\u0644 push \u0644\u0643\u0644 \u0641\u0631\u0639\non:\n push:\n<\/code><\/pre>\n\u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0630\u0644\u0643\u060c \u062d\u062f\u062f \u0646\u0637\u0627\u0642 \u0627\u0644\u0645\u062d\u0641\u0632\u0627\u062a \u0644\u0644\u0641\u0631\u0648\u0639 \u0627\u0644\u0645\u0647\u0645\u0629:<\/p>\n
on:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n<\/code><\/pre>\n\u0647\u0630\u0627 \u064a\u0642\u0644\u0644 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u0627\u062a \u063a\u064a\u0631 \u0627\u0644\u0636\u0631\u0648\u0631\u064a\u0629 \u0648\u064a\u062d\u062f \u0645\u0646 \u0633\u0637\u062d \u0627\u0644\u0647\u062c\u0648\u0645 \u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u062d\u0642\u0646 \u0627\u0644\u0642\u0627\u0626\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u0641\u0631\u0648\u0639.<\/p>\n
\u0627\u0644\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0645\u0634\u0631\u0648\u0637 \u0644\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629<\/h3>\n
\u0627\u0633\u062a\u062e\u062f\u0645 \u0634\u0631\u0648\u0637 if:<\/code> \u0644\u0645\u0646\u0639 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0645\u0646 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0641\u064a \u0633\u064a\u0627\u0642\u0627\u062a \u0644\u0627 \u064a\u0646\u0628\u063a\u064a \u0623\u0646 \u062a\u0639\u0645\u0644 \u0641\u064a\u0647\u0627:<\/p>\n- name: Deploy to production\n if: github.ref == 'refs\/heads\/main' && github.event_name == 'push'\n run: .\/deploy.sh\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n<\/code><\/pre>\n\u0647\u0630\u0627 \u064a\u0636\u0645\u0646 \u0623\u0646 \u062e\u0637\u0648\u0629 \u0627\u0644\u0646\u0634\u0631 \u062a\u0639\u0645\u0644 \u0641\u0642\u0637 \u0639\u0646\u062f \u0627\u0644\u062f\u0641\u0639 \u0625\u0644\u0649 main<\/code>\u060c \u0648\u0644\u064a\u0633 \u0623\u0628\u062f\u064b\u0627 \u0639\u0644\u0649 pull requests \u0623\u0648 \u0641\u0631\u0648\u0639 \u0623\u062e\u0631\u0649\u060c \u062d\u062a\u0649 \u0644\u0648 \u062a\u0645 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0640 job \u0646\u0641\u0633\u0647.<\/p>\n\u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u064f\u0639\u0632\u064e\u0651\u0632 \u0627\u0644\u0646\u0647\u0627\u0626\u064a<\/h2>\n
\u0641\u064a\u0645\u0627 \u064a\u0644\u064a \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u064f\u0639\u0632\u064e\u0651\u0632 \u0627\u0644\u0643\u0627\u0645\u0644 \u0625\u0644\u0649 \u062c\u0627\u0646\u0628 \u0627\u0644\u0623\u0635\u0644\u064a. \u0643\u0644 \u062a\u062d\u0633\u064a\u0646 \u0623\u0645\u0646\u064a \u0645\u064f\u0634\u0631\u0648\u062d \u0628\u062a\u0639\u0644\u064a\u0642.<\/p>\n
\u0627\u0644\u0623\u0635\u0644\u064a (\u063a\u064a\u0631 \u0627\u0644\u0622\u0645\u0646)<\/h3>\nname: Build\n\non:\n push:\n pull_request_target:\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - uses: actions\/checkout@v4\n - uses: actions\/setup-node@v4\n with:\n node-version: 20\n - run: npm install\n - run: npm test\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n - uses: actions\/upload-artifact@v4\n with:\n name: build-output\n path: .\n<\/code><\/pre>\n\u0627\u0644\u0645\u064f\u0639\u0632\u064e\u0651\u0632<\/h3>\nname: Build\n\n# \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u0645\u062d\u0641\u0632\u0627\u062a \u0645\u062d\u062f\u062f\u0629 \u0627\u0644\u0646\u0637\u0627\u0642 \u2014 \u0641\u0631\u0639 main \u0641\u0642\u0637\u060c \u0645\u062d\u0641\u0632 PR \u0622\u0645\u0646\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n\n# \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0645\u0642\u064a\u0651\u062f\u0629 \u0644\u062c\u0645\u064a\u0639 \u0627\u0644\u0640 jobs\npermissions:\n contents: read\n\n# \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u0625\u0644\u063a\u0627\u0621 \u0627\u0644\u062a\u0634\u063a\u064a\u0644\u0627\u062a \u0627\u0644\u0645\u0643\u0631\u0631\u0629\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\njobs:\n build:\n runs-on: ubuntu-latest\n # \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u0645\u0647\u0644\u0629 \u0632\u0645\u0646\u064a\u0629 \u0635\u0631\u064a\u062d\u0629\n timeout-minutes: 15\n # \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0644\u0643\u0644 job (\u0627\u0644\u062d\u062f \u0627\u0644\u0623\u062f\u0646\u0649 \u0645\u0646 \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a)\n permissions:\n contents: read\n actions: read\n steps:\n # \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u062c\u0645\u064a\u0639 \u0627\u0644\u0640 actions \u0645\u062b\u0628\u062a\u0629 \u0628\u0648\u0627\u0633\u0637\u0629 SHA\n - uses: actions\/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2\n - uses: actions\/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0\n with:\n node-version: 20\n - run: npm install\n - run: npm test\n # \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u0644\u0627 \u0623\u0633\u0631\u0627\u0631 \u0645\u0643\u0634\u0648\u0641\u0629 \u0641\u064a job \u0627\u0644\u0628\u0646\u0627\u0621\/\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631\n - uses: actions\/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2\n with:\n name: build-output\n path: dist\/\n\n deploy:\n needs: build\n runs-on: ubuntu-latest\n # \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u064a\u0639\u0645\u0644 \u0641\u0642\u0637 \u0639\u0646\u062f \u0627\u0644\u062f\u0641\u0639 \u0625\u0644\u0649 main\n if: github.ref == 'refs\/heads\/main' && github.event_name == 'push'\n # \u0645\u064f\u0639\u0632\u064e\u0651\u0632: \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0645\u062d\u0645\u064a\u0629 \u062e\u0644\u0641 \u0628\u064a\u0626\u0629 \u0645\u0639 \u0645\u0631\u0627\u062c\u0639\u064a\u0646 \u0645\u0637\u0644\u0648\u0628\u064a\u0646\n environment: production\n timeout-minutes: 10\n permissions:\n contents: read\n steps:\n - uses: actions\/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2\n - name: Deploy\n run: .\/deploy.sh\n env:\n DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}\n<\/code><\/pre>\n\u0643\u0633\u0631 \u0627\u0644\u0639\u0645\u0644 (\u0627\u0644\u0641\u0634\u0644 \u0627\u0644\u0645\u062a\u0639\u0645\u062f)<\/h2>\n
\u0644\u062a\u0631\u0633\u064a\u062e \u0641\u0647\u0645\u0643\u060c \u0642\u0645 \u0628\u0643\u0633\u0631 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u064f\u0639\u0632\u064e\u0651\u0632 \u0639\u0645\u062f\u064b\u0627 \u0648\u0631\u0627\u0642\u0628 \u0627\u0644\u0639\u0648\u0627\u0642\u0628.<\/p>\n
\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631 1 \u2014 \u0625\u0632\u0627\u0644\u0629 \u0643\u062a\u0644\u0629 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a<\/h3>\n
\u0627\u062d\u0630\u0641 \u0645\u0641\u062a\u0627\u062d permissions:<\/code> \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0623\u0639\u0644\u0649 \u0648\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0643\u0644 job. \u0627\u062f\u0641\u0639 \u0648\u0634\u063a\u0651\u0644 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644. \u0633\u064a\u0633\u062a\u0645\u0631 \u0628\u0627\u0644\u0646\u062c\u0627\u062d\u060c \u0644\u0643\u0646 \u0625\u0630\u0627 \u0641\u062d\u0635\u062a \u062e\u0637\u0648\u0629 \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0640 job\u060c \u0633\u062a\u0631\u0649 \u0623\u0646 \u0627\u0644\u0631\u0645\u0632 \u0627\u0644\u0645\u0645\u064a\u0632 \u0644\u062f\u064a\u0647 \u0627\u0644\u0622\u0646 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0648\u0627\u0644\u0643\u062a\u0627\u0628\u0629<\/strong> \u0644\u0643\u0644 \u0646\u0637\u0627\u0642. \u064a\u0645\u0643\u0646 \u0644\u062e\u0637\u0648\u0629 \u0645\u062e\u062a\u0631\u0642\u0629 \u062f\u0641\u0639 \u0634\u0641\u0631\u0629 \u0623\u0648 \u062d\u0630\u0641 \u0641\u0631\u0648\u0639 \u0623\u0648 \u062a\u0639\u062f\u064a\u0644 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.<\/p>\n\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631 2 \u2014 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 Action \u063a\u064a\u0631 \u0645\u062b\u0628\u062a<\/h3>\n
\u063a\u064a\u0651\u0631 \u0623\u062d\u062f \u0627\u0644\u0640 actions \u0645\u0631\u0629 \u0623\u062e\u0631\u0649 \u0625\u0644\u0649 \u0645\u0631\u062c\u0639 tag:<\/p>\n
- uses: actions\/checkout@v4\n<\/code><\/pre>\n\u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0644\u0627 \u064a\u0632\u0627\u0644 \u064a\u0639\u0645\u0644. \u0644\u0643\u0646 \u0625\u0630\u0627 \u062a\u0645 \u0646\u0642\u0644 tag v4<\/code> \u0625\u0644\u0649 commit \u062e\u0628\u064a\u062b\u060c \u0633\u064a\u0642\u0648\u0645 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0628\u062a\u0646\u0641\u064a\u0630 \u062a\u0644\u0643 \u0627\u0644\u0634\u0641\u0631\u0629 \u062f\u0648\u0646 \u062a\u062d\u0630\u064a\u0631. \u0644\u0627 \u064a\u0648\u062c\u062f \u0633\u062c\u0644 \u062a\u062f\u0642\u064a\u0642 \u2014 \u0627\u0644\u0640 tag \u0628\u0628\u0633\u0627\u0637\u0629 \u064a\u0634\u064a\u0631 \u0625\u0644\u0649 SHA \u0645\u062e\u062a\u0644\u0641. \u0623\u0639\u062f \u062a\u062b\u0628\u064a\u062a\u0647 \u0625\u0644\u0649 SHA \u0628\u0639\u062f \u0647\u0630\u0627 \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631.<\/p>\n\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631 3 \u2014 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u0645\u0646 PR<\/h3>\n
\u0623\u0646\u0634\u0626 \u0641\u0631\u0639 \u0645\u064a\u0632\u0629 \u0648\u0627\u0641\u062a\u062d pull request. \u0644\u0646 \u064a\u0639\u0645\u0644 job deploy<\/code> \u0628\u0633\u0628\u0628 \u0634\u0631\u0637 if:<\/code>. \u062d\u062a\u0649 \u0644\u0648 \u0623\u0632\u0644\u062a \u0627\u0644\u0634\u0631\u0637\u060c \u0641\u0625\u0646 \u0633\u0631 \u0627\u0644\u0628\u064a\u0626\u0629 DEPLOY_TOKEN<\/code> \u0645\u062d\u0645\u064a \u062e\u0644\u0641 \u0628\u064a\u0626\u0629 production<\/code>\u060c \u0627\u0644\u062a\u064a \u062a\u0642\u064a\u0651\u062f \u0627\u0644\u0646\u0634\u0631 \u0628\u0641\u0631\u0639 main<\/code> \u0648\u062a\u062a\u0637\u0644\u0628 \u0645\u0648\u0627\u0641\u0642\u0629 \u0627\u0644\u0645\u0631\u0627\u062c\u0639. \u0633\u062a\u0643\u0648\u0646 \u0642\u064a\u0645\u0629 \u0627\u0644\u0633\u0631 \u0641\u0627\u0631\u063a\u0629 \u0641\u064a \u0633\u064a\u0627\u0642 PR.<\/p>\n\u0647\u0630\u0627 \u0647\u0648 \u0628\u0627\u0644\u0636\u0628\u0637 \u0627\u0644\u0633\u0644\u0648\u0643 \u0627\u0644\u0630\u064a \u062a\u0631\u064a\u062f\u0647 \u2014 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0644\u0627 \u062a\u0643\u0648\u0646 \u0645\u062a\u0627\u062d\u0629 \u0623\u0628\u062f\u064b\u0627 \u0641\u064a \u0633\u064a\u0627\u0642\u0627\u062a \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.<\/p>\n
\u0627\u0644\u062a\u0646\u0638\u064a\u0641<\/h2>\n
\u0639\u0646\u062f \u0627\u0644\u0627\u0646\u062a\u0647\u0627\u0621 \u0645\u0646 \u0627\u0644\u0645\u062e\u062a\u0628\u0631\u060c \u0627\u062d\u0630\u0641 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u0627\u0644\u062a\u062c\u0631\u064a\u0628\u064a \u0644\u062a\u062c\u0646\u0628 \u0627\u0632\u062f\u062d\u0627\u0645 \u062d\u0633\u0627\u0628\u0643:<\/p>\n
gh repo delete gha-hardening-lab --yes<\/code><\/pre>\n\u0625\u0630\u0627 \u0627\u0633\u062a\u062e\u062f\u0645\u062a fork \u0644\u0645\u0634\u0631\u0648\u0639 \u0645\u0648\u062c\u0648\u062f\u060c \u064a\u0645\u0643\u0646\u0643 \u0625\u0639\u0627\u062f\u0629 \u062a\u0639\u064a\u064a\u0646\u0647 \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0630\u0644\u0643:<\/p>\n
git checkout main\ngit reset --hard origin\/main\ngit push --force\n<\/code><\/pre>\n\u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629<\/h2>\n\n- \u0623\u0639\u0644\u0646 \u062f\u0627\u0626\u0645\u064b\u0627 \u0639\u0646 \u0643\u062a\u0644\u0629
permissions<\/code>.<\/strong> \u0639\u064a\u0651\u0646 \u0642\u064a\u0645\u0629 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0645\u0642\u064a\u0651\u062f\u0629 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0648\u0627\u0645\u0646\u062d \u0646\u0637\u0627\u0642\u0627\u062a \u0625\u0636\u0627\u0641\u064a\u0629 \u0644\u0643\u0644 job \u0641\u0642\u0637 \u062d\u0633\u0628 \u0627\u0644\u062d\u0627\u062c\u0629.<\/li>\n- \u062b\u0628\u0651\u062a \u0643\u0644 action \u062a\u0627\u0628\u0639 \u0644\u0637\u0631\u0641 \u062b\u0627\u0644\u062b \u0628\u0648\u0627\u0633\u0637\u0629 SHA \u0627\u0644\u0643\u0627\u0645\u0644.<\/strong> \u0627\u0644\u0640 Tags \u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u062a\u063a\u064a\u064a\u0631 \u0648\u064a\u0645\u0643\u0646 \u0625\u0639\u0627\u062f\u0629 \u062a\u0648\u062c\u064a\u0647\u0647\u0627 \u0628\u0635\u0645\u062a \u0625\u0644\u0649 \u0634\u0641\u0631\u0629 \u062e\u0628\u064a\u062b\u0629.<\/li>\n
- \u0627\u0633\u062a\u062e\u062f\u0645 Dependabot \u0623\u0648 Renovate<\/strong> \u0644\u0625\u0628\u0642\u0627\u0621 SHA \u0627\u0644\u0645\u062b\u0628\u062a\u0629 \u0645\u062d\u062f\u062b\u0629 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627.<\/li>\n
- \u062e\u0632\u0651\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0641\u064a \u0627\u0644\u0628\u064a\u0626\u0627\u062a<\/strong> \u0645\u0639 \u0645\u0631\u0627\u062c\u0639\u064a\u0646 \u0645\u0637\u0644\u0648\u0628\u064a\u0646 \u0648\u0642\u064a\u0648\u062f \u0641\u0631\u0648\u0639 \u2014 \u0648\u0644\u064a\u0633 \u0623\u0628\u062f\u064b\u0627 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/li>\n
- \u0627\u0633\u062a\u062e\u062f\u0645
pull_request<\/code> \u0648\u0644\u064a\u0633 pull_request_target<\/code><\/strong> \u0644\u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u062a\u064a \u062a\u0628\u0646\u064a \u0623\u0648 \u062a\u062e\u062a\u0628\u0631 \u0634\u0641\u0631\u0629 PR. \u0645\u062d\u0641\u0632 pull_request_target<\/code> \u064a\u0645\u0646\u062d \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0644\u0634\u0641\u0631\u0629 \u0642\u062f \u062a\u0643\u0648\u0646 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.<\/li>\n- \u0623\u0636\u0641
concurrency<\/code> \u0648timeout-minutes<\/code> \u0648\u0645\u062d\u0641\u0632\u0627\u062a \u0645\u062d\u062f\u062f\u0629 \u0627\u0644\u0641\u0631\u0648\u0639<\/strong> \u0644\u062a\u0642\u0644\u064a\u0644 \u0647\u062f\u0631 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0648\u062a\u0642\u0644\u064a\u0635 \u0633\u0637\u062d \u0627\u0644\u0647\u062c\u0648\u0645.<\/li>\n<\/ul>\n\u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629<\/h2>\n
\u0648\u0627\u0635\u0644 \u0628\u0646\u0627\u0621 \u0645\u0639\u0631\u0641\u062a\u0643 \u0628\u0623\u0645\u0627\u0646 CI\/CD \u0645\u0639 \u0647\u0630\u0647 \u0627\u0644\u0623\u062f\u0644\u0629 \u0630\u0627\u062a \u0627\u0644\u0635\u0644\u0629:<\/p>\n
\n- \u0646\u0645\u0627\u0630\u062c \u062a\u0646\u0641\u064a\u0630 CI\/CD \u0648\u0627\u0641\u062a\u0631\u0627\u0636\u0627\u062a \u0627\u0644\u062b\u0642\u0629<\/a> \u2014 \u0641\u0647\u0645 \u0643\u064a\u0641 \u062a\u064f\u0646\u0645\u0630\u062c \u0645\u0646\u0635\u0627\u062a CI\/CD \u0627\u0644\u0645\u062e\u062a\u0644\u0641\u0629 \u0627\u0644\u062b\u0642\u0629 \u0648\u0623\u064a\u0646 \u062a\u0646\u0647\u0627\u0631 \u0627\u0644\u062d\u062f\u0648\u062f.<\/li>\n
- \u0641\u0635\u0644 \u0627\u0644\u0645\u0647\u0627\u0645 \u0648\u0627\u0644\u062d\u062f \u0627\u0644\u0623\u062f\u0646\u0649 \u0645\u0646 \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD<\/a> \u2014 \u062a\u0635\u0645\u064a\u0645 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 \u062d\u064a\u062b \u0644\u0627 \u064a\u0645\u0644\u0643 \u0623\u064a \u0641\u0627\u0639\u0644 \u0623\u0648 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0645\u0646\u0641\u0631\u062f\u0629 \u0648\u0635\u0648\u0644\u0627\u064b \u0623\u0643\u062b\u0631 \u0645\u0646 \u0627\u0644\u0644\u0627\u0632\u0645.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629 \u0623\u0635\u0628\u062d GitHub Actions \u0645\u0646\u0635\u0629 CI\/CD \u0627\u0644\u0623\u0643\u062b\u0631 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u064b\u0627 \u0639\u0644\u0649 \u0646\u0637\u0627\u0642 \u0648\u0627\u0633\u0639 \u0644\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u062a\u062c\u0627\u0631\u064a\u0629 \u0639\u0644\u0649 \u062d\u062f \u0633\u0648\u0627\u0621. \u0647\u0630\u0647 \u0627\u0644\u0634\u0639\u0628\u064a\u0629 \u062a\u062c\u0639\u0644\u0647 \u0633\u0637\u062d \u0627\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u0623\u0648\u0644 \u0641\u064a \u0628\u064a\u0626\u0629 CI\/CD. \u062a\u0642\u0648\u0645 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u064f\u0639\u062f\u064e\u0651\u0629 \u0628\u0634\u0643\u0644 \u062e\u0627\u0637\u0626 \u0628\u062a\u0633\u0631\u064a\u0628 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0628\u0634\u0643\u0644 \u0645\u0646\u062a\u0638\u0645\u060c \u0648\u0645\u0646\u062d \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0645\u0641\u0631\u0637\u0629\u060c \u0648\u0633\u062d\u0628 \u0634\u0641\u0631\u0627\u062a \u0637\u0631\u0641 \u062b\u0627\u0644\u062b \u064a\u0645\u0643\u0646 \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u0647\u0627 \u0628\u0635\u0645\u062a. \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062e\u062a\u0628\u0631 \u0627\u0644\u0639\u0645\u0644\u064a \u0633\u062a\u0642\u0648\u0645 \u0628\u062a\u0639\u0632\u064a\u0632 … \u0627\u0642\u0631\u0623 \u0627\u0644\u0645\u0632\u064a\u062f<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,29,67],"tags":[],"post_folder":[],"class_list":["post-812","post","type-post","status-publish","format-standard","hentry","category-ci-cd-security","category-github-actions","category-labs"],"_links":{"self":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/comments?post=812"}],"version-history":[{"count":1,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/812\/revisions"}],"predecessor-version":[{"id":819,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/812\/revisions\/819"}],"wp:attachment":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/media?parent=812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/categories?post=812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/tags?post=812"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/post_folder?post=812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}