Skip to content
This repository has been archived by the owner on Aug 13, 2024. It is now read-only.

chore(deps): bump github/codeql-action from 2.13.4 to 3.25.14 #3632

chore(deps): bump github/codeql-action from 2.13.4 to 3.25.14

chore(deps): bump github/codeql-action from 2.13.4 to 3.25.14 #3632

Workflow file for this run

name: Build
on:
pull_request:
branches: [main]
push:
branches: [main]
schedule:
- cron: '32 13 * * 5'
permissions:
contents: read
concurrency:
# only run a single build wf per PR, cancel any existing (preceding) runs
# for this PR.
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
lint:
name: 'Lint'
if: "!contains(github.event.head_commit.message, 'skip ci')
&& github.event_name != 'schedule'
"
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
codeload.github.com:443
github.com:443
registry.yarnpkg.com:443
registry.npmjs.org:443
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: 'lts/*'
cache: yarn
- name: Install
run: yarn install --immutable
- name: Lint
run: yarn run lint
testprojects:
name: 'Determine test projects'
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, 'skip ci')
&& github.event_name != 'schedule'
"
outputs:
projects: ${{ steps.set-projects.outputs.projects }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
codeload.github.com:443
github.com:443
registry.yarnpkg.com:443
registry.npmjs.org:443
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: 'lts/*'
cache: yarn
- name: Install
run: yarn install --immutable
- id: set-projects
name: Determine jest project names
run: |
PROJECTS=$(yarn run jest --showConfig | jq -c '.globalConfig.projects | map(.displayName)')
echo "projects=${PROJECTS}" >> $GITHUB_OUTPUT
test:
name: Test ${{ matrix.project }}
if: "!contains(github.event.head_commit.message, 'skip ci')
&& github.event_name != 'schedule'
"
needs: testprojects
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
project: ${{ fromJSON( needs.testprojects.outputs.projects ) }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
codeload.github.com:443
github.com:443
registry.yarnpkg.com:443
registry.npmjs.org:443
uploader.codecov.io:443
codecov.io:443
storage.googleapis.com:443
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: 'lts/*'
cache: yarn
- name: Install
run: yarn install --immutable
- name: Run tests
run: yarn test --coverage --selectProjects "${{ matrix.project }}"
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3.1.6
with:
directory: coverage
flags: ${{ matrix.project }}
token: ${{ secrets.CODECOV_TOKEN }}
test-summary:
name: Test matrix status
runs-on: ubuntu-latest
needs: [test]
if: "always()
&& !contains(github.event.head_commit.message, 'skip ci')
&& github.event_name != 'schedule'
"
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
codeload.github.com:443
github.com:443
uploads.github.com:443
objects.githubusercontent.com:443
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
with:
category: "/language:javascript"
release:
name: Release
if: "!contains(github.event.head_commit.message, 'skip ci')
&& github.event_name == 'push'
"
needs:
- lint
- test-summary
- analyze
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
codeload.github.com:443
github.com:443
registry.yarnpkg.com:443
registry.npmjs.org:443
uploads.github.com:443
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.DEPLOY_TOKEN }}
ref: ${{ github.event.workflow_run.head_branch }}
- name: Setup
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: 'lts/*'
cache: yarn
- name: Install
run: yarn install --immutable
- name: Release
env:
GH_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
HUSKY: 0
run: yarn run release