Skip to content

chore(deps): update github/codeql-action action to v3.28.1 #806

chore(deps): update github/codeql-action action to v3.28.1

chore(deps): update github/codeql-action action to v3.28.1 #806

Workflow file for this run

# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
name: "Tests"
on: # yamllint disable-line rule:truthy
# eslint-disable-next-line yml/no-empty-mapping-value
pull_request: # yamllint disable-line rule:empty-values
types: ["opened", "synchronize", "reopened"]
merge_group: # yamllint disable-line rule:empty-values
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
permissions:
contents: "read" # to fetch code (actions/checkout)
env:
HEAD_REF: "${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref_name }}"
HEAD_REPOSITORY: "${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name || github.repository }}"
jobs:
files-changed:
name: "Detect what files changed"
runs-on: "ubuntu-22.04"
timeout-minutes: 3
# Map a step output to a job output
outputs:
packages: "${{ steps.changes.outputs.packages }}"
codecov: "${{ steps.changes.outputs.codecov }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142" # v2.7.0
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- name: "Check for file changes"
uses: "dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36" # v3.0.2
id: "changes"
with:
token: "${{ github.token }}"
filters: ".github/file-filters.yml"
test:
name: "Test (node-${{ matrix.node_version }}, ${{ matrix.os }})"
if: "needs.files-changed.outputs.packages == 'true'"
needs: "files-changed"
strategy:
max-parallel: 4
matrix:
os:
- "ubuntu-latest"
node_version: ["18", "20", "21", "22"]
# On the other platforms, we only test the lts node version
include:
- os: "macos-latest"
node_version: "20"
- os: "windows-latest"
node_version: "20.3.1" # https://github.com/nodejs/node/issues/48673
fail-fast: false
runs-on: "${{ matrix.os }}"
env:
NODE: "${{ matrix.node_version }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142" # v2.7.0
with:
egress-policy: "audit"
- name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}"
uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
with:
# Number of commits to fetch. 0 indicates all history for all branches and tags.
# Pulls all commits (needed for NX)
fetch-depth: 0
- name: "Setup resources and environment"
id: "setup"
uses: "anolilab/workflows/step/setup@main"
with:
enable-nx-cache: false
node-version: "${{ matrix.node_version }}"
- name: "Build"
shell: "bash"
run: "pnpm run build"
- name: "Run tests"
shell: "bash"
run: "pnpm run test:coverage"
# @TODO: Enable it later
# - name: "Upload code coverage to codecov"
# if: "matrix.os == 'ubuntu-latest' && matrix.node_version == 18"
# uses: "anolilab/workflows/step/codecov@main"
# with:
# run-lint: true
# codecov-token: "${{ secrets.CODECOV_TOKEN }}"
# use-affected: false
# This check runs once all dependant jobs have passed
# It symbolizes that all required checks have successfully passed (Or skipped)
# This check is the only required GitHub check
test-required-check:
needs: ["files-changed", "test"]
name: "Check Test Run"
# This is necessary since a failed/skipped dependent job would cause this job to be skipped
if: "always() && (needs.test.result == 'success' || needs.test.result == 'skipped')"
runs-on: "ubuntu-22.04"
steps:
# If any jobs we depend on fail, we will fail since this is a required check
# NOTE: A timeout is considered a failure
- name: "Harden Runner"
uses: "step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142" # v2.7.0
with:
egress-policy: "audit"
- name: "Check for failures"
if: "contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')"
run: |
echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1