chore(deps): bump github/codeql-action from 3.24.9 to 3.25.5 #337
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: {} | |
merge_group: {} | |
push: | |
branches: | |
- main | |
- 'releases/*' | |
jobs: | |
lint-code: | |
name: "Check: Lint" | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: read | |
statuses: write | |
steps: | |
- name: "Setup: Harden Runner" | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Setup: PNPM" | |
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 | |
with: | |
version: 8.9.0 | |
- name: "Setup: Node" | |
id: setup-node | |
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 | |
with: | |
node-version: 20 | |
cache: pnpm | |
- name: "Setup: Install Dependencies" | |
id: install | |
run: pnpm install && pnpm run gen | |
- name: "Check: Linter" | |
id: super-linter | |
uses: super-linter/super-linter/slim@a8150b40c89574adb5f68bf9502b890a236a06b3 # v5.7.2 | |
env: | |
FILTER_REGEX_EXCLUDE: 'dist/.*' | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TYPESCRIPT_DEFAULT_STYLE: prettier | |
VALIDATE_BASH: false | |
VALIDATE_JSCPD: false | |
VALIDATE_GITHUB_ACTIONS: false | |
VALIDATE_NATURAL_LANGUAGE: false | |
VALIDATE_MARKDOWN: false | |
VALIDATE_YAML: false | |
lint-action: | |
name: "Check: Action Lint" | |
permissions: | |
contents: read | |
checks: write | |
pull-requests: read | |
id-token: write | |
uses: elide-dev/build-infra/.github/workflows/lint.action.yml@main | |
check-codeql: | |
name: "Check: CodeQL" | |
permissions: | |
contents: read | |
actions: read | |
checks: write | |
security-events: write | |
uses: ./.github/workflows/check.codeql-analysis.yml | |
secrets: inherit | |
dependency-review: | |
name: "Check: Dependency Review" | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
permissions: | |
contents: read | |
steps: | |
- name: "Setup: Harden Runner" | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Check: Dependency Review" | |
uses: actions/dependency-review-action@733dd5d4a5203f238c33806593ec0f5fc5343d8c # v4.2.4 | |
test-typescript: | |
name: "Test: Unit Tests" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Setup: PNPM" | |
uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 | |
with: | |
version: 8.9.0 | |
- name: "Setup: Node" | |
id: setup-node | |
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 | |
with: | |
node-version: 20 | |
cache: pnpm | |
- name: "Setup: Install Dependencies" | |
id: install | |
run: pnpm install && pnpm install -g turbo && pnpm run gen | |
- name: Check Format | |
id: npm-format-check | |
run: pnpm run format:check | |
- name: Lint | |
id: npm-lint | |
run: pnpm run lint | |
- name: Test | |
id: npm-ci-test | |
run: turbo test --token ${{ secrets.BUILDLESS_APIKEY }} --no-daemon --remote-only | |
- name: "Test: Sonar" | |
uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # master | |
continue-on-error: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
with: | |
args: > | |
-Dsonar.organization=buildless | |
-Dsonar.projectKey=buildless_setup | |
-Dsonar.sources=src/ | |
-Dsonar.tests=__tests__/ | |
-Dsonar.verbose=true | |
-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info | |
-Dsonar.testExecutionReportPaths=test-report.xml | |
- name: "Report: Coverage" | |
uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
test-debug: | |
name: "Test: Basic" | |
runs-on: ubuntu-latest | |
env: | |
ACTIONS_STEP_DEBUG: 'true' | |
ACTIONS_RUNNER_DEBUG: 'true' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
- name: "Test: Print Output" | |
id: output | |
run: | | |
echo "Binary path:" | |
echo "${{ steps.test-action.outputs.path }}" | |
echo "" | |
echo "Agent status:" | |
buildless agent status || (echo "Failed to check agent status" && exit 1) | |
echo "" | |
echo "Agent output:" | |
cat /var/tmp/buildless-agent.out || (echo "Failed to read agent output" && exit 1) | |
test-debug-noagent: | |
name: "Test: Basic (No Agent)" | |
runs-on: ubuntu-latest | |
env: | |
ACTIONS_STEP_DEBUG: 'true' | |
ACTIONS_RUNNER_DEBUG: 'true' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
with: | |
agent: false | |
- name: "Test: Print Output" | |
id: output | |
run: | | |
echo "Binary path:" | |
echo "${{ steps.test-action.outputs.path }}" | |
test-no-token: | |
name: "Test: No Token" | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.draft == false | |
permissions: | |
id-token: none | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
- name: "Test: Print Output" | |
id: output | |
run: echo "${{ steps.test-action.outputs.path }}" | |
test-action: | |
name: "Test: Install (${{ matrix.label }})" | |
runs-on: ${{ matrix.os }} | |
if: github.event.pull_request.draft == false | |
permissions: | |
id-token: write | |
strategy: | |
fail-fast: false | |
matrix: | |
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"] | |
include: | |
- os: ubuntu-latest | |
label: "Ubuntu" | |
- os: macos-13-xlarge | |
label: "macOS M1" | |
- os: macos-13 | |
label: "macOS x86" | |
- os: windows-latest | |
label: "Windows" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
- name: "Test: Print Output" | |
id: output | |
run: echo "${{ steps.test-action.outputs.path }}" | |
test-path: | |
name: "Test: Path (${{ matrix.label }})" | |
runs-on: ${{ matrix.os }} | |
if: github.event.pull_request.draft == false | |
strategy: | |
fail-fast: false | |
matrix: | |
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"] | |
include: | |
- os: ubuntu-latest | |
label: "Ubuntu" | |
- os: macos-13-xlarge | |
label: "macOS M1" | |
- os: macos-13 | |
label: "macOS x86" | |
- os: windows-latest | |
label: "Windows" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
- name: "Test: Print Output" | |
id: output | |
run: echo "${{ steps.test-action.outputs.path }}" | |
- name: "Test: Binary on PATH" | |
run: buildless --help | |
test-smoketest: | |
name: "Test: Smoke Test (${{ matrix.label }})" | |
runs-on: ${{ matrix.os }} | |
if: github.event.pull_request.draft == false | |
strategy: | |
fail-fast: false | |
matrix: | |
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"] | |
include: | |
- os: ubuntu-latest | |
label: "Ubuntu" | |
- os: macos-13-xlarge | |
label: "macOS M1" | |
- os: macos-13 | |
label: "macOS x86" | |
- os: windows-latest | |
label: "Windows" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
with: | |
agent: false | |
- name: "Test: Print Output" | |
id: output | |
run: echo "${{ steps.test-action.outputs.path }}" | |
- name: "Test: Help" | |
run: buildless --help | |
- name: "Test: Version" | |
run: buildless --version | |
- name: "Test: Show" | |
run: buildless --verbose=true show | |
- name: "Test: Status" | |
run: buildless --verbose=true status | |
- name: "Test: Agent Status" | |
run: buildless --verbose=true status | |
- name: "Test: Legal" | |
run: buildless legal | |
test-noagent: | |
name: "Test: No Agent (${{ matrix.label }})" | |
runs-on: ${{ matrix.os }} | |
if: false | |
strategy: | |
fail-fast: false | |
matrix: | |
label: ["Ubuntu", "macOS M1", "macOS x86", "Windows"] | |
include: | |
- os: ubuntu-latest | |
label: "Ubuntu" | |
- os: macos-13-xlarge | |
label: "macOS M1" | |
- os: macos-13 | |
label: "macOS x86" | |
- os: windows-latest | |
label: "Windows" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
with: | |
agent: false | |
- name: "Test: Print Output" | |
id: output | |
run: echo "${{ steps.test-action.outputs.path }}" | |
- name: "Test: Agent Not Installed" | |
run: test "Agent is not installed." = "$(buildless agent status)" | |
test-agent: | |
name: "Test: Agent (${{ matrix.label }})" | |
runs-on: ${{ matrix.os }} | |
if: github.event.pull_request.draft == false | |
timeout-minutes: 5 | |
strategy: | |
fail-fast: false | |
matrix: | |
label: ["Ubuntu", "macOS M1", "macOS x86"] | |
include: | |
- os: ubuntu-latest | |
label: "Ubuntu" | |
- os: macos-13-xlarge | |
label: "macOS M1" | |
- os: macos-13 | |
label: "macOS x86" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: "Setup: Checkout" | |
id: checkout | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
- name: "Fixup: Directory (Linux/macOS)" | |
shell: bash | |
if: matrix.os != 'windows-latest' | |
run: rm -fr /var/tmp/buildless && mkdir -p /var/tmp/buildless | |
- name: "Fixup: Directory (Windows)" | |
shell: bash | |
if: matrix.os == 'windows-latest' | |
run: rmdir /c/ProgramData/buildless && mkdir /c/ProgramData/buildless | |
- name: "Test: Install CLI" | |
id: test-action-install | |
uses: ./ | |
with: | |
agent: false | |
- name: "Test: Agent Not Installed" | |
run: | | |
ls -la /tmp/ /var/tmp/buildless/ | |
test "Agent is not installed." = "$(buildless agent status)" || buildless --verbose=true agent status | |
- name: "Test: Buildless Action" | |
id: test-action | |
uses: ./ | |
with: | |
agent: true | |
- name: "Test: Print Output" | |
id: output | |
run: | | |
echo "Binary path:" | |
echo "${{ steps.test-action.outputs.path }}" | |
echo "" | |
echo "Agent status:" | |
buildless agent status || (echo "Failed to check agent status" && exit 1) | |
echo "" | |
echo "Agent output:" | |
cat /var/tmp/buildless-agent.out || (echo "Failed to read agent output" && exit 1) | |
- name: "Test: Agent Running" | |
run: | | |
ls -la /tmp/ /var/tmp/buildless/ | |
test "Agent is installed, running, and ready." = "$(buildless agent status)" || buildless --verbose=true agent status | |
echo "Test passed: agent is running." | |
buildless --verbose=true agent status | |
- name: "Diagnostic: Agent Failure (Linux)" | |
if: failure() && matrix.os == 'ubuntu-latest' | |
run: | | |
echo "Agent processes:" | |
ps aux | pgrep buildless | |
echo '' | |
echo "Agent output:" | |
cat /var/tmp/buildless-agent.out || echo "Failed to read agent output" | |
echo '' | |
echo "Trying to run in foreground:" | |
buildless --verbose=true agent run --no-background | |
- name: "Diagnostic: Agent Failure (macOS)" | |
if: failure() && matrix.os == 'macos-13-xlarge' | |
run: | | |
echo "Agent processes:" | |
ps -A | pgrep buildless | |
echo '' | |
echo "Agent output:" | |
cat /var/tmp/buildless-agent.out || echo "Failed to read agent output" | |
echo '' | |
echo "Trying to run in foreground:" | |
buildless --verbose=true agent run --no-background | |
- name: "Diagnostic: Agent Failure (Windows)" | |
if: failure() && matrix.os == 'ubuntu-latest' | |
run: | | |
echo "Agent processes:" | |
ps aux | pgrep buildless | |
echo '' | |
echo "Agent output:" | |
cat C:\\ProgramData\\buildless\\buildless-agent.out | |
echo '' | |
echo "Trying to run in foreground:" | |
buildless --verbose=true agent run --no-background | |
- name: "Report: Agent State (Linux)" | |
if: (success() || failure()) && matrix.os == 'ubuntu-latest' | |
run: | | |
if [ -f "/var/tmp/buildless/buildless-agent.json" ]; then | |
echo 'Agent configuration:' && jq < /var/tmp/buildless/buildless-agent.json | |
echo '' | |
echo 'Contents of tmp path:' | |
ls -la /var/tmp/buildless | |
echo '' | |
echo 'Agent process:' | |
ps aux | pgrep buildless | |
else | |
echo 'No agent configuration found. Contents of tmp path:' | |
ls -la /var/tmp/buildless | |
fi | |
- name: "Report: Agent State (macOS)" | |
if: (success() || failure()) && matrix.os == 'macos-13-xlarge' | |
run: | | |
if [ -f "/var/tmp/buildless/buildless-agent.json" ]; then | |
echo 'Agent configuration:' && jq < /var/tmp/buildless/buildless-agent.json | |
echo '' | |
echo 'Contents of tmp path:' | |
ls -la /var/tmp/buildless | |
echo '' | |
echo 'Agent process:' | |
ps -A | pgrep buildless | |
else | |
echo 'No agent configuration found. Contents of tmp path:' | |
ls -la /var/tmp/buildless | |
fi | |
- name: "Report: Agent State (Windows)" | |
if: (success() || failure()) && matrix.os == 'windows-latest' | |
shell: bash | |
run: | | |
if [ -f "/c/ProgramData/buildless/buildless-agent.json" ]; then | |
echo 'Agent configuration:' && jq < /var/tmp/buildless/buildless-agent.json | |
echo '' | |
echo 'Contents of tmp path:' | |
ls -la /c/ProgramData/buildless | |
echo '' | |
echo 'Agent process:' | |
ps aux | pgrep buildless | |
else | |
echo 'No agent configuration found. Contents of tmp path:' | |
ls -la /c/ProgramData/buildless | |
echo '' | |
echo 'Agent process:' | |
ps aux | pgrep buildless | |
fi | |
check-dist: | |
name: "Test: Dist" | |
uses: ./.github/workflows/check.dist.yml | |
secrets: inherit | |
permissions: | |
contents: read | |
statuses: write |