Skip to content

chore(deps): update dependency js-yaml to v4.2.0 [security] #5755

chore(deps): update dependency js-yaml to v4.2.0 [security]

chore(deps): update dependency js-yaml to v4.2.0 [security] #5755

Workflow file for this run

name: Bazel CI
permissions:
contents: read
on:
pull_request:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
request:
runs-on: ubuntu-24.04
outputs:
run: ${{ steps.filter.outputs.run }}
steps:
- uses: envoyproxy/toolshed/actions/github/should-run@5171ddd579f53dcef432bc54e16e2d2c90864968 # actions-v0.4.13
id: filter
with:
config: |
paths:
- BINS_VERSION.txt
- bazel/*
- bazel/**
- .github/workflows/bazel.yml
- .github/workflows/_bazel.yml
test:
permissions:
contents: read
packages: read
needs: request
if: >-
always()
&& fromJSON(needs.request.outputs.run || 'false')
uses: ./.github/workflows/_bazel.yml
with:
action: test
bazel-args: >-
--config=ci
${{ matrix.mode == 'bzlmod'
&& '--enable_bzlmod'
|| '' }}
bazel-mode: ${{ matrix.mode }}
bazel-path: bazel
rbe: true
targets: >-
//...
//sysroot:sysroots
strategy:
fail-fast: false
matrix:
mode:
- workspace
- bzlmod
build:
permissions:
contents: read
packages: read
needs: request
if: >-
always()
&& fromJSON(needs.request.outputs.run || 'false')
uses: ./.github/workflows/_bazel.yml
with:
action: build
artifacts: |
compile/libcxx-llvm18.1.8-aarch64.tar.xz
compile/libcxx-llvm18.1.8-x86_64.tar.xz
compile/msan-llvm18.1.8-x86_64.tar.xz
compile/tsan-llvm18.1.8-x86_64.tar.xz
sysroot/sysroot-*.tar.xz
# Note: macOS sysroot + darwin libcxx are packaged separately
# in the package-macos-cross-libs job (runs on Linux)
bazel-args: >-
--config=ci
${{ matrix.mode == 'bzlmod'
&& '--enable_bzlmod'
|| '' }}
bazel-path: bazel
bazel-mode: ${{ matrix.mode }}
rbe: true
targets: >-
//...
//sysroot:sysroots
upload: ${{ matrix.mode == 'workspace' }}
strategy:
fail-fast: false
matrix:
mode:
- workspace
- bzlmod
test-gcc:
permissions:
contents: read
packages: read
needs: request
if: >-
always()
&& fromJSON(needs.request.outputs.run || 'false')
uses: ./.github/workflows/_bazel.yml
with:
action: build
bazel-args: >-
--config=ci
--config=gcc
${{ matrix.mode == 'bzlmod'
&& '--enable_bzlmod'
|| '' }}
bazel-mode: ${{ matrix.mode }}-gcc
bazel-path: bazel
rbe: true
targets: >-
//...
strategy:
fail-fast: false
matrix:
mode:
- workspace
- bzlmod
test-macos:
permissions:
contents: read
packages: read
runs-on: macos-14
needs: request
if: >-
always()
&& fromJSON(needs.request.outputs.run || 'false')
strategy:
fail-fast: false
matrix:
mode:
- workspace
- bzlmod
steps:
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Bazel
uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3
- name: RBE auth check
id: rbe
if: github.event_name == 'pull_request'
uses: envoyproxy/toolshed/actions/github/container/auth@f3c0acc8c3799305101f5669042b388edfb070c7
with:
container: hello-world
- name: Configure repo Bazel settings
if: vars.TOOLSHED_CI_BAZELRC
shell: bash
run: |
echo "${BAZELRC_CONTENT}" > repo.bazelrc
working-directory: ${{ inputs.bazel-path }}
env:
BAZELRC_CONTENT: ${{ vars.TOOLSHED_CI_BAZELRC }}
- name: Bazel targets (build/${{ matrix.mode }}-macos)
run: >-
exec bazel build
--config=ci
--config=macos
${{ (steps.rbe.outputs.authorized == 'true' || github.event_name != 'pull_request') && '--config=rbe-cache-only' || '' }}
${{ matrix.mode == 'bzlmod' && '--enable_bzlmod' || '' }}
//...
working-directory: bazel
env:
GITHUB_TOKEN: ${{ github.token }}
status:
runs-on: ubuntu-24.04
if: >-
always()
&& github.event_name == 'pull_request'
name: Bazel
needs:
- request
- test
- build
- test-gcc
- test-macos
steps:
- run: |
if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" || "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
echo "One or more jobs failed or were cancelled"
exit 1
fi
echo "All required jobs passed or were skipped"