chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI (full matrix) | |
| # Weekly compatibility run across the supported Node versions | |
| # (engine `>=18`). PR-time CI only runs Node 20 for budget reasons; | |
| # this catches Node 18 / 22 regressions within seven days, can be | |
| # triggered on-demand via workflow_dispatch before a release, and can | |
| # be opted-into per-PR by applying the `needs-ci-full` label. | |
| on: | |
| schedule: | |
| - cron: '15 4 * * 1' | |
| workflow_dispatch: | |
| pull_request: | |
| types: [labeled, synchronize] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-full-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| name: test (node ${{ matrix.node }}) | |
| # PR runs only fire when the `needs-ci-full` label is present. | |
| # Schedule and workflow_dispatch always run. | |
| if: >- | |
| github.event_name != 'pull_request' || | |
| contains(github.event.pull_request.labels.*.name, 'needs-ci-full') || | |
| (github.event.action == 'labeled' && github.event.label.name == 'needs-ci-full') | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node: [18, 22] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: ${{ matrix.node }} | |
| - name: Install | |
| run: npm install --ignore-scripts | |
| - name: Unit tests | |
| run: npm test | |
| - name: Static check CLI entrypoint | |
| run: node --check bin/multiagent-safety.js | |
| - name: Check scripts/ ↔ templates/scripts/ symlink parity | |
| run: bash scripts/check-script-symlinks.sh | |
| - name: Package dry run | |
| run: npm pack --dry-run |