File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -20,13 +20,13 @@ concurrency:
2020 cancel-in-progress : ${{ github.ref != 'refs/heads/main' }}
2121
2222jobs :
23- assemble :
23+ assemble-components :
2424 name : Assemble all components
2525 runs-on : ubuntu-latest
2626 timeout-minutes : 90
2727
2828 steps :
29- - name : Checkout the repo
29+ - name : Checkout
3030 uses : actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
3131 with :
3232 fetch-depth : 1
@@ -51,11 +51,11 @@ jobs:
5151 - name : Show disk usage
5252 uses : ./.github/actions/disk-usage
5353
54- test-junit :
55- name : Run JUnit tests for all components
54+ quality-unit-test :
55+ name : Quality - Unit tests
5656 runs-on : ubuntu-latest
5757 timeout-minutes : 90
58- needs : [assemble]
58+ needs : [assemble-components ]
5959
6060 steps :
6161 - name : Checkout the repo
Original file line number Diff line number Diff line change 77 pull_request_target :
88 types : [review_requested]
99
10+ permissions :
11+ contents : none
12+
1013jobs :
11- assign-reviewer :
14+ pr-auto-assign-reviewer :
15+ permissions :
16+ pull-requests : write
1217 runs-on : ubuntu-latest
13- environment : botmobile
1418 steps :
15- - name : App token generate
16- uses : actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
17- if : ${{ vars.BOT_CLIENT_ID }}
18- id : app-token
19- with :
20- app-id : ${{ vars.BOT_CLIENT_ID }}
21- private-key : ${{ secrets.BOT_PRIVATE_KEY }}
22-
2319 - name : Assign reviewer to PR
2420 if : ${{ github.event.requested_reviewer }}
2521 env :
22+ GH_TOKEN : ${{ github.token }}
2623 PR_REVIEWER : ${{ github.event.requested_reviewer.login }}
2724 PR_NUMBER : ${{ github.event.pull_request.number }}
28- GH_TOKEN : ${{ steps.app-token.outputs.token || github.token }}
2925 run : |
3026 gh pr edit $PR_NUMBER --repo $GITHUB_REPOSITORY --add-assignee "$PR_REVIEWER"
Original file line number Diff line number Diff line change 1- name : Quality checks
1+ name : Quality - Checks
22
33on :
44 push :
Original file line number Diff line number Diff line change 1- name : Markdown CI
1+ name : Quality - Check Markdown
22
33on :
44 pull_request :
55 paths :
66 - ' **.md'
7- - ' .github/workflows/markdown.yml'
7+ - ' .github/workflows/quality- markdown.yml'
88
99permissions :
1010 contents : read
1111
1212jobs :
13- markdown_quality :
13+ quality-markdown :
1414 runs-on : ubuntu-latest
1515 steps :
1616 - name : Checkout
Original file line number Diff line number Diff line change 1- name : Security - CodeQL Scan
1+ name : Security - CodeQL
22
33on :
44 schedule :
@@ -9,7 +9,7 @@ permissions:
99 contents : read
1010
1111jobs :
12- security-codeql-scan :
12+ security-codeql :
1313 name : Security - CodeQL Scan
1414
1515 permissions :
Original file line number Diff line number Diff line change 1- name : Security - Scorecard supply-chain security
1+ name : Security - Scorecard
2+
23on :
3- # For Branch-Protection check. Only the default branch is supported. See
4- # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
54 branch_protection_rule :
6- # To guarantee Maintained check is occasionally updated. See
7- # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
85 schedule :
96 - cron : ' 19 22 * * 3'
107 push :
118 branches : [ "main" ]
129 workflow_dispatch :
1310
14- permissions :
15- contents : read
11+ permissions : read-all
1612
1713jobs :
18- analysis :
14+ security-scorecard :
1915 name : Scorecard analysis
2016 runs-on : ubuntu-latest
2117 permissions :
@@ -35,25 +31,15 @@ jobs:
3531 with :
3632 results_file : results.sarif
3733 results_format : sarif
38-
39- # Public repositories:
40- # - Publish results to OpenSSF REST API for easy access by consumers
41- # - Allows the repository to include the Scorecard badge.
42- # - See https://github.com/ossf/scorecard-action#publishing-results.
43- # For private repositories:
44- # - `publish_results` will always be set to `false`, regardless
45- # of the value entered here.
4634 publish_results : true
4735
48- # Upload the results as artifacts.
4936 - name : " Upload artifact"
5037 uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
5138 with :
5239 name : SARIF file
5340 path : results.sarif
5441 retention-days : 5
5542
56- # Upload the results to GitHub's code scanning dashboard.
5743 - name : " Upload to code-scanning"
5844 uses : github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
5945 with :
You can’t perform that action at this time.
0 commit comments