Skip to content
CI - Quality checks

🧺 chore(deps): Lock file maintenance #198

Sign in to view logs

🧺 chore(deps): Lock file maintenance

🧺 chore(deps): Lock file maintenance #198

Workflow file for this run

.github/workflows/ci-bun.yml at 671d1f4
name: CI - Quality checks
on:
workflow_call:
pull_request:
branches:
- main
- develop
push:
branches:
- main
- develop
permissions: {}
jobs:
quality:
name: ${{ matrix.name }}
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
strategy:
fail-fast: false
matrix:
include:
- name: Lint
command: bun scripts/biome-lint.ts ci --reporter=github
- name: Type Check
command: echo "::add-matcher::.github/matchers/tsc.json" && bun tsc --noEmit --skipLibCheck --pretty false
- name: Test
command: bun qa:test
steps:
- name: Harden runner
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
mise-versions.jdx.dev:443
mise.jdx.dev:443
registry.npmjs.org:443
release-assets.githubusercontent.com:443
tuf-repo-cdn.sigstore.dev:443
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup
uses: ./.github/actions/setup-env
- name: ${{ matrix.name }}
run: ${{ matrix.command }}
dependency-review:
name: Dependency Review
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Harden runner
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
api.securityscorecards.dev:443
github.com:443
api.deps.dev:443
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Dependency review
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0