chore(deps): update dependency js-yaml to v4.2.0 [security] #5755
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Bazel CI | |
| permissions: | |
| contents: read | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| request: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| run: ${{ steps.filter.outputs.run }} | |
| steps: | |
| - uses: envoyproxy/toolshed/actions/github/should-run@5171ddd579f53dcef432bc54e16e2d2c90864968 # actions-v0.4.13 | |
| id: filter | |
| with: | |
| config: | | |
| paths: | |
| - BINS_VERSION.txt | |
| - bazel/* | |
| - bazel/** | |
| - .github/workflows/bazel.yml | |
| - .github/workflows/_bazel.yml | |
| test: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: request | |
| if: >- | |
| always() | |
| && fromJSON(needs.request.outputs.run || 'false') | |
| uses: ./.github/workflows/_bazel.yml | |
| with: | |
| action: test | |
| bazel-args: >- | |
| --config=ci | |
| ${{ matrix.mode == 'bzlmod' | |
| && '--enable_bzlmod' | |
| || '' }} | |
| bazel-mode: ${{ matrix.mode }} | |
| bazel-path: bazel | |
| rbe: true | |
| targets: >- | |
| //... | |
| //sysroot:sysroots | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mode: | |
| - workspace | |
| - bzlmod | |
| build: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: request | |
| if: >- | |
| always() | |
| && fromJSON(needs.request.outputs.run || 'false') | |
| uses: ./.github/workflows/_bazel.yml | |
| with: | |
| action: build | |
| artifacts: | | |
| compile/libcxx-llvm18.1.8-aarch64.tar.xz | |
| compile/libcxx-llvm18.1.8-x86_64.tar.xz | |
| compile/msan-llvm18.1.8-x86_64.tar.xz | |
| compile/tsan-llvm18.1.8-x86_64.tar.xz | |
| sysroot/sysroot-*.tar.xz | |
| # Note: macOS sysroot + darwin libcxx are packaged separately | |
| # in the package-macos-cross-libs job (runs on Linux) | |
| bazel-args: >- | |
| --config=ci | |
| ${{ matrix.mode == 'bzlmod' | |
| && '--enable_bzlmod' | |
| || '' }} | |
| bazel-path: bazel | |
| bazel-mode: ${{ matrix.mode }} | |
| rbe: true | |
| targets: >- | |
| //... | |
| //sysroot:sysroots | |
| upload: ${{ matrix.mode == 'workspace' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mode: | |
| - workspace | |
| - bzlmod | |
| test-gcc: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: request | |
| if: >- | |
| always() | |
| && fromJSON(needs.request.outputs.run || 'false') | |
| uses: ./.github/workflows/_bazel.yml | |
| with: | |
| action: build | |
| bazel-args: >- | |
| --config=ci | |
| --config=gcc | |
| ${{ matrix.mode == 'bzlmod' | |
| && '--enable_bzlmod' | |
| || '' }} | |
| bazel-mode: ${{ matrix.mode }}-gcc | |
| bazel-path: bazel | |
| rbe: true | |
| targets: >- | |
| //... | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mode: | |
| - workspace | |
| - bzlmod | |
| test-macos: | |
| permissions: | |
| contents: read | |
| packages: read | |
| runs-on: macos-14 | |
| needs: request | |
| if: >- | |
| always() | |
| && fromJSON(needs.request.outputs.run || 'false') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mode: | |
| - workspace | |
| - bzlmod | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Bazel | |
| uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3 | |
| - name: RBE auth check | |
| id: rbe | |
| if: github.event_name == 'pull_request' | |
| uses: envoyproxy/toolshed/actions/github/container/auth@f3c0acc8c3799305101f5669042b388edfb070c7 | |
| with: | |
| container: hello-world | |
| - name: Configure repo Bazel settings | |
| if: vars.TOOLSHED_CI_BAZELRC | |
| shell: bash | |
| run: | | |
| echo "${BAZELRC_CONTENT}" > repo.bazelrc | |
| working-directory: ${{ inputs.bazel-path }} | |
| env: | |
| BAZELRC_CONTENT: ${{ vars.TOOLSHED_CI_BAZELRC }} | |
| - name: Bazel targets (build/${{ matrix.mode }}-macos) | |
| run: >- | |
| exec bazel build | |
| --config=ci | |
| --config=macos | |
| ${{ (steps.rbe.outputs.authorized == 'true' || github.event_name != 'pull_request') && '--config=rbe-cache-only' || '' }} | |
| ${{ matrix.mode == 'bzlmod' && '--enable_bzlmod' || '' }} | |
| //... | |
| working-directory: bazel | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| status: | |
| runs-on: ubuntu-24.04 | |
| if: >- | |
| always() | |
| && github.event_name == 'pull_request' | |
| name: Bazel | |
| needs: | |
| - request | |
| - test | |
| - build | |
| - test-gcc | |
| - test-macos | |
| steps: | |
| - run: | | |
| if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" || "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then | |
| echo "One or more jobs failed or were cancelled" | |
| exit 1 | |
| fi | |
| echo "All required jobs passed or were skipped" |