rename PhishingDetection to MaliciousSiteProtection #2923
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Checks | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
jobs: | |
swiftlint: | |
name: Run SwiftLint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: SwiftLint | |
uses: docker://norionomura/swiftlint:0.54.0_swift-5.9.0 | |
with: | |
args: swiftlint --reporter github-actions-logging --strict --quiet | |
unit-tests: | |
name: Run unit tests (macOS) | |
runs-on: macos-15 | |
timeout-minutes: 30 | |
outputs: | |
commit_author: ${{ steps.fetch_commit_author.outputs.commit_author }} | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set cache key hash | |
run: | | |
has_only_tags=$(jq '[ .pins[].state | has("version") ] | all' Package.resolved) | |
if [[ "$has_only_tags" == "true" ]]; then | |
echo "cache_key_hash=${{ hashFiles('Package.resolved') }}" >> $GITHUB_ENV | |
else | |
echo "Package.resolved contains dependencies specified by branch or commit, skipping cache." | |
fi | |
- name: Cache SPM | |
if: env.cache_key_hash | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.build/artifacts | |
.build/checkouts | |
.build/repositories | |
.build/workspace-state.json | |
key: ${{ runner.os }}-spm-${{ env.cache_key_hash }} | |
restore-keys: | | |
${{ runner.os }}-spm- | |
- name: Select Xcode | |
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | |
- name: Build BSK | |
run: set -o pipefail && swift build | tee build-log.txt | xcbeautify | |
- name: Run tests | |
run: set -o pipefail && swift test | tee -a build-log.txt | xcbeautify --report junit --report-path . --junit-report-filename tests.xml | |
- name: Publish Unit Tests Report | |
uses: mikepenz/action-junit-report@v4 | |
if: always() | |
with: | |
check_name: Test Report (macOS) | |
report_paths: tests.xml | |
require_tests: true | |
check_retries: true | |
- name: Update Asana with failed unit tests | |
if: always() # always run even if the previous step fails | |
env: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }} | |
run: | | |
# Extract failed tests from the junit report | |
# Only keep failures unique by classname and name (column 1 and 2 of the yq output) | |
yq < tests.xml -p xml -o json -r \ | |
$'[.testsuites.testsuite[].testcase] | flatten | map(select(.failure) | .+@classname + " " + .+@name + " \'" + .failure.+@message + "\' ${{ env.WORKFLOW_URL }}") | .[]' \ | |
| sort -u -k 1,2 \ | |
| xargs -L 1 ./scripts/report-failed-unit-test.sh -s ${{ vars.APPLE_CI_FAILING_TESTS_FAILED_TESTS_SECTION_ID }} | |
- name: Upload logs | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: build-log.txt | |
path: build-log.txt | |
- name: Fetch latest commit author | |
if: always() && github.ref_name == 'main' | |
id: fetch_commit_author | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
head_commit=$(git rev-parse HEAD) | |
author=$(gh api https://api.github.com/repos/${{ github.repository }}/commits/${head_commit} --jq .author.login) | |
echo "commit_author=${author}" >> $GITHUB_OUTPUT | |
unit-tests-ios: | |
name: Run unit tests (iOS) | |
runs-on: macos-15 | |
timeout-minutes: 30 | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set cache key hash | |
run: | | |
has_only_tags=$(jq '[ .pins[].state | has("version") ] | all' Package.resolved) | |
if [[ "$has_only_tags" == "true" ]]; then | |
echo "cache_key_hash=${{ hashFiles('Package.resolved') }}" >> $GITHUB_ENV | |
else | |
echo "Package.resolved contains dependencies specified by branch or commit, skipping cache." | |
fi | |
- name: Cache SPM | |
if: env.cache_key_hash | |
uses: actions/cache@v4 | |
with: | |
path: DerivedData/SourcePackages | |
key: ${{ runner.os }}-spm-ios-${{ env.cache_key_hash }} | |
restore-keys: | | |
${{ runner.os }}-spm-ios- | |
- name: Select Xcode | |
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | |
- name: Resolve package dependencies | |
run: | | |
while xcodebuild -resolvePackageDependencies \ | |
-scheme BrowserServicesKit-Package \ | |
-destination 'platform=iOS Simulator,name=iPhone 16,OS=18.1' \ | |
-derivedDataPath DerivedData \ | |
2>&1 | grep Error; do :; done | |
# you just can't have good things | |
# set -o pipefail && swift package resolve | tee ios-build-log.txt | xcbeautify | |
# mkdir -p DerivedData/SourcePackages | |
# mv .build/* DerivedData/SourcePackages | |
- name: Run tests | |
run: | | |
set -o pipefail && xcodebuild test \ | |
-scheme BrowserServicesKit \ | |
-destination 'platform=iOS Simulator,name=iPhone 16,OS=18.1' \ | |
-derivedDataPath DerivedData \ | |
-skipPackagePluginValidation \ | |
-skipMacroValidation \ | |
-test-iterations 3 \ | |
-retry-tests-on-failure \ | |
CODE_SIGNING_ALLOWED=NO \ | |
| tee -a ios-build-log.txt \ | |
| xcbeautify --report junit --report-path . --junit-report-filename ios-unittests.xml | |
- name: Publish Unit Tests Report | |
uses: mikepenz/action-junit-report@v4 | |
if: always() | |
with: | |
check_name: Test Report (iOS) | |
report_paths: ios-unittests.xml | |
require_tests: true | |
- name: Update Asana with failed unit tests | |
if: always() # always run even if the previous step fails | |
env: | |
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }} | |
run: | | |
# Extract failed tests from the junit report | |
# Only keep failures unique by classname and name (column 1 and 2 of the yq output) | |
yq < ios-unittests.xml -p xml -o json -r \ | |
$'[.testsuites.testsuite[].testcase] | flatten | map(select(.failure) | .+@classname + " " + .+@name + " \'" + .failure.+@message + "\' ${{ env.WORKFLOW_URL }}") | .[]' \ | |
| sort -u -k 1,2 \ | |
| xargs -L 1 ./scripts/report-failed-unit-test.sh -s ${{ vars.APPLE_CI_FAILING_TESTS_FAILED_TESTS_SECTION_ID }} | |
- name: Upload logs | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: ios-build-log.txt | |
path: ios-build-log.txt | |
create-asana-task: | |
name: Create Asana Task | |
needs: [swiftlint, unit-tests, unit-tests-ios] | |
if: failure() && github.ref_name == 'main' && github.run_attempt == 1 | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
- name: Create Asana Task | |
uses: ./.github/actions/asana-failed-pr-checks | |
with: | |
action: create-task | |
asana-access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
asana-section-id: ${{ vars.APPLE_CI_FAILING_TESTS_BSK_POST_MERGE_SECTION_ID }} | |
commit-author: ${{ needs.unit-tests.outputs.commit_author }} | |
close-asana-task: | |
name: Close Asana Task | |
needs: [swiftlint, unit-tests, unit-tests-ios] | |
if: success() && github.ref_name == 'main' && github.run_attempt > 1 | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v4 | |
- name: Close Asana Task | |
uses: ./.github/actions/asana-failed-pr-checks | |
with: | |
action: close-task | |
asana-access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} | |
asana-section-id: ${{ vars.APPLE_CI_FAILING_TESTS_BSK_POST_MERGE_SECTION_ID }} |