chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 #931
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # Budget-friendly trigger surface. Branch protection on `main` forces | |
| # all changes through a PR, so PR-time CI is sufficient — post-merge | |
| # `push: main` CI was pure duplication and is dropped here. Run a full | |
| # matrix on-demand via the workflow_dispatch trigger, or weekly via | |
| # `ci-full.yml`. | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: [opened, reopened, synchronize, ready_for_review] | |
| paths-ignore: | |
| - '**/*.md' | |
| - 'docs/**' | |
| - 'openspec/**' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - '.github/PULL_REQUEST_TEMPLATE.md' | |
| - '.changeset/**' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| # One in-flight run per ref. Rapid pushes to an agent PR cancel the | |
| # prior run instead of letting both finish on Actions minutes. | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| name: test (node 20) | |
| # Draft PRs skip CI to save minutes during in-flight agent work. | |
| # CI auto-fires on `ready_for_review`. | |
| if: github.event_name != 'pull_request' || github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: 20 | |
| - name: Install | |
| run: npm install --ignore-scripts | |
| - name: Unit tests | |
| run: npm test | |
| - name: Static check CLI entrypoint | |
| run: node --check bin/multiagent-safety.js | |
| - name: Check scripts/ ↔ templates/scripts/ symlink parity | |
| run: bash scripts/check-script-symlinks.sh | |
| - name: Package dry run | |
| run: npm pack --dry-run |