github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-01 12:10:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b06d32585026d970f28d3f3604a67ddf4c314f9e
codeql-action/.github/workflows/pr-checks.yml
Henry Mercer 9dfbcfd29f Merge pull request #3025 from github/dependabot/github_actions/actions-b7431406fe 
Bump the actions group with 3 updates
2025-08-12 12:24:05 +01:00

139 lines
4.1 KiB
YAML
Raw Blame History

name: PR Checks
on:
push:
pull_request:
# Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
# by other workflows.
types: [opened, synchronize, reopened, ready_for_review]
workflow_dispatch:
jobs:
check-js:
name: Check JS
runs-on: ubuntu-latest
timeout-minutes: 45
permissions:
contents: read
security-events: write # needed to upload ESLint results
strategy:
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Lint
id: lint
run: npm run-script lint-ci
- name: Upload sarif
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: eslint.sarif
category: eslint
- name: Check generated JS
run: .github/workflows/script/check-js.sh
check-node-modules:
if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
name: Check modules up to date
permissions:
contents: read
runs-on: macos-latest
timeout-minutes: 45
steps:
- uses: actions/checkout@v5
- name: Check node modules up to date
run: .github/workflows/script/check-node-modules.sh
check-file-contents:
if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
name: Check file contents
permissions:
contents: read
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11
# Ensure the generated PR check workflows are up to date.
- name: Verify PR checks up to date
run: .github/workflows/script/verify-pr-checks.sh
npm-test:
if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
name: Unit Test
needs: [check-js, check-node-modules]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
permissions:
contents: read
runs-on: ${{ matrix.os }}
timeout-minutes: 45
steps:
- uses: actions/checkout@v5
- name: npm test
run: |
# Run any commands referenced in package.json using Bash, otherwise
# we won't be able to find them on Windows.
npm config set script-shell bash
npm test
check-node-version:
if: github.event.pull_request
name: Check Action Node versions
runs-on: ubuntu-latest
timeout-minutes: 45
env:
BASE_REF: ${{ github.base_ref }}
permissions:
contents: read
steps:
- uses: actions/checkout@v5
- id: head-version
name: Verify all Actions use the same Node version
run: |
NODE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
echo "NODE_VERSION: ${NODE_VERSION}"
if [[ $(echo "$NODE_VERSION" | wc -l) -gt 1 ]]; then
echo "::error::More than one node version used in 'action.yml' files."
exit 1
fi
echo "node_version=${NODE_VERSION}" >> $GITHUB_OUTPUT
- id: checkout-base
name: 'Backport: Check out base ref'
if: ${{ startsWith(github.head_ref, 'backport-') }}
uses: actions/checkout@v5
with:
ref: ${{ env.BASE_REF }}
- name: 'Backport: Verify Node versions unchanged'
if: steps.checkout-base.outcome == 'success'
env:
HEAD_VERSION: ${{ steps.head-version.outputs.node_version }}
run: |
BASE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
echo "HEAD_VERSION: ${HEAD_VERSION}"
echo "BASE_VERSION: ${BASE_VERSION}"
if [[ "$BASE_VERSION" != "$HEAD_VERSION" ]]; then
echo "::error::Cannot change the Node version of an Action in a backport PR."
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink