Skip to content

chore(deps): bump github/codeql-action from 3.24.9 to 3.25.0 #325

chore(deps): bump github/codeql-action from 3.24.9 to 3.25.0

chore(deps): bump github/codeql-action from 3.24.9 to 3.25.0 #325

Workflow file for this run

name: CI
on:
pull_request: {}
merge_group: {}
push:
branches:
- main
- 'releases/*'
jobs:
lint-code:
name: "Check: Lint"
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
statuses: write
steps:
- name: "Setup: Harden Runner"
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Setup: PNPM"
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0
with:
version: 8.9.0
- name: "Setup: Node"
id: setup-node
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
with:
node-version: 20
cache: pnpm
- name: "Setup: Install Dependencies"
id: install
run: pnpm install && pnpm run gen
- name: "Check: Linter"
id: super-linter
uses: super-linter/super-linter/slim@a8150b40c89574adb5f68bf9502b890a236a06b3 # v5.7.2
env:
FILTER_REGEX_EXCLUDE: 'dist/.*'
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TYPESCRIPT_DEFAULT_STYLE: prettier
VALIDATE_BASH: false
VALIDATE_JSCPD: false
VALIDATE_GITHUB_ACTIONS: false
VALIDATE_NATURAL_LANGUAGE: false
VALIDATE_MARKDOWN: false
VALIDATE_YAML: false
lint-action:
name: "Check: Action Lint"
permissions:
contents: read
checks: write
pull-requests: read
id-token: write
uses: elide-dev/build-infra/.github/workflows/lint.action.yml@main
check-codeql:
name: "Check: CodeQL"
permissions:
contents: read
actions: read
checks: write
security-events: write
uses: ./.github/workflows/check.codeql-analysis.yml
secrets: inherit
dependency-review:
name: "Check: Dependency Review"
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
permissions:
contents: read
steps:
- name: "Setup: Harden Runner"
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Check: Dependency Review"
uses: actions/dependency-review-action@733dd5d4a5203f238c33806593ec0f5fc5343d8c # v4.2.4
test-typescript:
name: "Test: Unit Tests"
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Setup: PNPM"
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0
with:
version: 8.9.0
- name: "Setup: Node"
id: setup-node
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
with:
node-version: 20
cache: pnpm
- name: "Setup: Install Dependencies"
id: install
run: pnpm install && pnpm install -g turbo && pnpm run gen
- name: Check Format
id: npm-format-check
run: pnpm run format:check
- name: Lint
id: npm-lint
run: pnpm run lint
- name: Test
id: npm-ci-test
run: turbo test --token ${{ secrets.BUILDLESS_APIKEY }} --no-daemon --remote-only
- name: "Test: Sonar"
uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # master
continue-on-error: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.organization=buildless
-Dsonar.projectKey=buildless_setup
-Dsonar.sources=src/
-Dsonar.tests=__tests__/
-Dsonar.verbose=true
-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
-Dsonar.testExecutionReportPaths=test-report.xml
- name: "Report: Coverage"
uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
test-debug:
name: "Test: Basic"
runs-on: ubuntu-latest
env:
ACTIONS_STEP_DEBUG: 'true'
ACTIONS_RUNNER_DEBUG: 'true'
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Test: Buildless Action"
id: test-action
uses: ./
- name: "Test: Print Output"
id: output
run: |
echo "Binary path:"
echo "${{ steps.test-action.outputs.path }}"
echo ""
echo "Agent status:"
buildless agent status || (echo "Failed to check agent status" && exit 1)
echo ""
echo "Agent output:"
cat /var/tmp/buildless-agent.out || (echo "Failed to read agent output" && exit 1)
test-debug-noagent:
name: "Test: Basic (No Agent)"
runs-on: ubuntu-latest
env:
ACTIONS_STEP_DEBUG: 'true'
ACTIONS_RUNNER_DEBUG: 'true'
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Test: Buildless Action"
id: test-action
uses: ./
with:
agent: false
- name: "Test: Print Output"
id: output
run: |
echo "Binary path:"
echo "${{ steps.test-action.outputs.path }}"
test-no-token:
name: "Test: No Token"
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
permissions:
id-token: none
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Test: Buildless Action"
id: test-action
uses: ./
- name: "Test: Print Output"
id: output
run: echo "${{ steps.test-action.outputs.path }}"
test-action:
name: "Test: Install (${{ matrix.label }})"
runs-on: ${{ matrix.os }}
if: github.event.pull_request.draft == false
permissions:
id-token: write
strategy:
fail-fast: false
matrix:
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"]
include:
- os: ubuntu-latest
label: "Ubuntu"
- os: macos-13-xlarge
label: "macOS M1"
- os: macos-13
label: "macOS x86"
- os: windows-latest
label: "Windows"
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Test: Buildless Action"
id: test-action
uses: ./
- name: "Test: Print Output"
id: output
run: echo "${{ steps.test-action.outputs.path }}"
test-path:
name: "Test: Path (${{ matrix.label }})"
runs-on: ${{ matrix.os }}
if: github.event.pull_request.draft == false
strategy:
fail-fast: false
matrix:
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"]
include:
- os: ubuntu-latest
label: "Ubuntu"
- os: macos-13-xlarge
label: "macOS M1"
- os: macos-13
label: "macOS x86"
- os: windows-latest
label: "Windows"
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Test: Buildless Action"
id: test-action
uses: ./
- name: "Test: Print Output"
id: output
run: echo "${{ steps.test-action.outputs.path }}"
- name: "Test: Binary on PATH"
run: buildless --help
test-smoketest:
name: "Test: Smoke Test (${{ matrix.label }})"
runs-on: ${{ matrix.os }}
if: github.event.pull_request.draft == false
strategy:
fail-fast: false
matrix:
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"]
include:
- os: ubuntu-latest
label: "Ubuntu"
- os: macos-13-xlarge
label: "macOS M1"
- os: macos-13
label: "macOS x86"
- os: windows-latest
label: "Windows"
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Test: Buildless Action"
id: test-action
uses: ./
with:
agent: false
- name: "Test: Print Output"
id: output
run: echo "${{ steps.test-action.outputs.path }}"
- name: "Test: Help"
run: buildless --help
- name: "Test: Version"
run: buildless --version
- name: "Test: Show"
run: buildless --verbose=true show
- name: "Test: Status"
run: buildless --verbose=true status
- name: "Test: Agent Status"
run: buildless --verbose=true status
- name: "Test: Legal"
run: buildless legal
test-noagent:
name: "Test: No Agent (${{ matrix.label }})"
runs-on: ${{ matrix.os }}
if: false
strategy:
fail-fast: false
matrix:
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"]
include:
- os: ubuntu-latest
label: "Ubuntu"
- os: macos-13-xlarge
label: "macOS M1"
- os: macos-13
label: "macOS x86"
- os: windows-latest
label: "Windows"
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Test: Buildless Action"
id: test-action
uses: ./
with:
agent: false
- name: "Test: Print Output"
id: output
run: echo "${{ steps.test-action.outputs.path }}"
- name: "Test: Agent Not Installed"
run: test "Agent is not installed." = "$(buildless agent status)"
test-agent:
name: "Test: Agent (${{ matrix.label }})"
runs-on: ${{ matrix.os }}
if: github.event.pull_request.draft == false
timeout-minutes: 5
strategy:
fail-fast: false
matrix:
label: ["Ubuntu", "macOS M1", "macOS x86"]
include:
- os: ubuntu-latest
label: "Ubuntu"
- os: macos-13-xlarge
label: "macOS M1"
- os: macos-13
label: "macOS x86"
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
id: checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: "Fixup: Directory (Linux/macOS)"
shell: bash
if: matrix.os != 'windows-latest'
run: rm -fr /var/tmp/buildless && mkdir -p /var/tmp/buildless
- name: "Fixup: Directory (Windows)"
shell: bash
if: matrix.os == 'windows-latest'
run: rmdir /c/ProgramData/buildless && mkdir /c/ProgramData/buildless
- name: "Test: Install CLI"
id: test-action-install
uses: ./
with:
agent: false
- name: "Test: Agent Not Installed"
run: |
ls -la /tmp/ /var/tmp/buildless/
test "Agent is not installed." = "$(buildless agent status)" || buildless --verbose=true agent status
- name: "Test: Buildless Action"
id: test-action
uses: ./
with:
agent: true
- name: "Test: Print Output"
id: output
run: |
echo "Binary path:"
echo "${{ steps.test-action.outputs.path }}"
echo ""
echo "Agent status:"
buildless agent status || (echo "Failed to check agent status" && exit 1)
echo ""
echo "Agent output:"
cat /var/tmp/buildless-agent.out || (echo "Failed to read agent output" && exit 1)
- name: "Test: Agent Running"
run: |
ls -la /tmp/ /var/tmp/buildless/
test "Agent is installed, running, and ready." = "$(buildless agent status)" || buildless --verbose=true agent status
echo "Test passed: agent is running."
buildless --verbose=true agent status
- name: "Diagnostic: Agent Failure (Linux)"
if: failure() && matrix.os == 'ubuntu-latest'
run: |
echo "Agent processes:"
ps aux | pgrep buildless
echo ''
echo "Agent output:"
cat /var/tmp/buildless-agent.out || echo "Failed to read agent output"
echo ''
echo "Trying to run in foreground:"
buildless --verbose=true agent run --no-background
- name: "Diagnostic: Agent Failure (macOS)"
if: failure() && matrix.os == 'macos-13-xlarge'
run: |
echo "Agent processes:"
ps -A | pgrep buildless
echo ''
echo "Agent output:"
cat /var/tmp/buildless-agent.out || echo "Failed to read agent output"
echo ''
echo "Trying to run in foreground:"
buildless --verbose=true agent run --no-background
- name: "Diagnostic: Agent Failure (Windows)"
if: failure() && matrix.os == 'ubuntu-latest'
run: |
echo "Agent processes:"
ps aux | pgrep buildless
echo ''
echo "Agent output:"
cat C:\\ProgramData\\buildless\\buildless-agent.out
echo ''
echo "Trying to run in foreground:"
buildless --verbose=true agent run --no-background
- name: "Report: Agent State (Linux)"
if: (success() || failure()) && matrix.os == 'ubuntu-latest'
run: |
if [ -f "/var/tmp/buildless/buildless-agent.json" ]; then
echo 'Agent configuration:' && jq < /var/tmp/buildless/buildless-agent.json
echo ''
echo 'Contents of tmp path:'
ls -la /var/tmp/buildless
echo ''
echo 'Agent process:'
ps aux | pgrep buildless
else
echo 'No agent configuration found. Contents of tmp path:'
ls -la /var/tmp/buildless
fi
- name: "Report: Agent State (macOS)"
if: (success() || failure()) && matrix.os == 'macos-13-xlarge'
run: |
if [ -f "/var/tmp/buildless/buildless-agent.json" ]; then
echo 'Agent configuration:' && jq < /var/tmp/buildless/buildless-agent.json
echo ''
echo 'Contents of tmp path:'
ls -la /var/tmp/buildless
echo ''
echo 'Agent process:'
ps -A | pgrep buildless
else
echo 'No agent configuration found. Contents of tmp path:'
ls -la /var/tmp/buildless
fi
- name: "Report: Agent State (Windows)"
if: (success() || failure()) && matrix.os == 'windows-latest'
shell: bash
run: |
if [ -f "/c/ProgramData/buildless/buildless-agent.json" ]; then
echo 'Agent configuration:' && jq < /var/tmp/buildless/buildless-agent.json
echo ''
echo 'Contents of tmp path:'
ls -la /c/ProgramData/buildless
echo ''
echo 'Agent process:'
ps aux | pgrep buildless
else
echo 'No agent configuration found. Contents of tmp path:'
ls -la /c/ProgramData/buildless
echo ''
echo 'Agent process:'
ps aux | pgrep buildless
fi
check-dist:
name: "Test: Dist"
uses: ./.github/workflows/check.dist.yml
secrets: inherit
permissions:
contents: read
statuses: write