Bump isomorphic-git from 1.36.3 to 1.38.3 #104
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| # merge queue is required so all commits on target branches trigger this workflow | |
| # despite lack of the push event trigger here | |
| merge_group: | |
| branches: | |
| - main | |
| - next | |
| # merge group rulesets don't allow wildcards so in settings each maintenance branch needs to be added separately | |
| - "maintenance/v*" # branch rulesets don't support v[0-9]+ | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.sha }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint-workflows: | |
| name: Lint workflows | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read # only required in private repos | |
| security-events: write # allow writing security events | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run zizmor | |
| uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 | |
| with: | |
| persona: pedantic | |
| annotations: true | |
| advanced-security: false | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| # Integration tests push to the repo, which requires a token with write | |
| # access. Fork PRs only get a read-only GITHUB_TOKEN, so skip them here | |
| # and rely on merge_group to gate the merge. | |
| if: >- | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| permissions: | |
| contents: write # integration tests create and push temporary branches | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 2 # integration tests read the two most recent local commits | |
| persist-credentials: false | |
| - uses: ./.github/actions/ci-setup | |
| with: | |
| skip-cache: true # avoid cache poisoning from this only job with write access, just in case | |
| - name: Build | |
| run: pnpm build | |
| - name: Integration tests | |
| run: pnpm test:integration | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| typecheck: | |
| name: Typecheck | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/ci-setup | |
| - name: Codegen | |
| run: pnpm codegen:github | |
| - name: Typecheck | |
| run: pnpm typecheck | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/ci-setup | |
| - name: Codegen | |
| run: pnpm codegen:github | |
| - name: Lint | |
| run: pnpm lint | |
| - name: Format | |
| run: pnpm format | |
| ci-ok: | |
| name: CI OK | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: [lint-workflows, test, typecheck, lint] | |
| steps: | |
| - name: Exit with error if some jobs are not successful | |
| run: exit 1 | |
| if: ${{ always() && (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) }} |