Skip to content

chore(deps): Bump github/codeql-action from 2.22.0 to 2.22.3 #577

chore(deps): Bump github/codeql-action from 2.22.0 to 2.22.3

chore(deps): Bump github/codeql-action from 2.22.0 to 2.22.3 #577

# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: tests
on:
push:
branches: [main]
pull_request:
# The branches below must be a subset of the branches above
branches: [main]
workflow_dispatch:
permissions:
contents: read # Needed to check out the repo.
jobs:
# Unit tests for Go code
######################################
unit-tests:
name: unit tests
strategy:
matrix:
go-version: [1.20.x]
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
if: ${{ always() }}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ matrix.go-version }}
- name: unit tests
run: |
make go-test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage.out
fail_ci_if_error: true
# Unit tests for TypeScript code
######################################
ts-tests-matrix:
name: TypeScript unit tests
strategy:
matrix:
action:
- actions/issue-reopener
runs-on: ubuntu-latest
if: ${{ always() }}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version: 16
- name: unit tests
working-directory: ${{ matrix.action }}
run: |
make unit-test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: "${{ matrix.action }}/coverage/cobertura-coverage.xml"
fail_ci_if_error: true
# NOTE: needed for protected branch checks.
ts-tests:
runs-on: ubuntu-latest
needs: ts-tests-matrix
if: ${{ always() }}
env:
TS_TESTS_RESULT: ${{ needs.ts-tests-matrix.result }}
steps:
# exit 0 if checks were successful.
- run: |
[ "${TS_TESTS_RESULT}" == "success" ]
# autogen for license headers
###############################
autogen:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
repository: mbrukman/autogen
ref: 9026b78e17573b5dda4bff79033c352443551dc5
path: autogen
- run: |
echo "${GITHUB_WORKSPACE}/autogen" >> "${GITHUB_PATH}"
- run: make autogen
- name: check diff
run: |
set -euo pipefail
if [ "$(GIT_PAGER="cat" git diff --ignore-space-at-eol | wc -l)" -gt "0" ]; then
echo "Detected license header changes. See status below:"
GIT_PAGER="cat" git diff
exit 1
fi
# linters
###############################
actionlint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: actionlint
env:
SHELLCHECK_VERSION: "0.8.0"
SHELLCHECK_CHECKSUM: "ab6ee1b178f014d1b86d1e24da20d1139656c8b0ed34d2867fbb834dad02bf0a"
ACTIONLINT_VERSION: "1.6.24"
ACTIONLINT_CHECKSUM: "3c5818744143a5d6754edd3dcc4c2b32c9dfcdd3bb30e0e108fb5e5c505262d4"
run: |
set -euo pipefail
# Install shellcheck
curl -sSLo shellcheck.tar.gz "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz"
echo "shellcheck checksum is $(sha256sum shellcheck.tar.gz | awk '{ print $1 }')"
echo "expected checksum is $SHELLCHECK_CHECKSUM"
echo "$SHELLCHECK_CHECKSUM shellcheck.tar.gz" | sha256sum --strict --check --status || exit 1
tar xf shellcheck.tar.gz
mv "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/local/bin
# Install actionlint
curl -sSLo actionlint.tar.gz "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz"
echo "actionlint checksum is $(sha256sum actionlint.tar.gz | awk '{ print $1 }')"
echo "expected checksum is $ACTIONLINT_CHECKSUM"
echo "$ACTIONLINT_CHECKSUM actionlint.tar.gz" | sha256sum --strict --check --status || exit 1
tar xf actionlint.tar.gz
mv ./actionlint /usr/local/bin
make actionlint
markdownlint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version: 16
- run: make markdownlint
golangci-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: "go.mod"
- env:
GOLANGCI_LINT_VERSION: "1.53.1"
GOLANGCI_LINT_CHECKSUM: "6c2f261ca50f54fe06e7be599e7ff7f2f57751175e413944ebcdf67a61ec54ea"
run: |
set -euo pipefail
#Install golangci-lint
curl -sSLo golangci-lint.tar.gz "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz"
echo "golangci-lint checksum is $(sha256sum golangci-lint.tar.gz | awk '{ print $1 }')"
echo "expected checksum is $GOLANGCI_LINT_CHECKSUM"
echo "$GOLANGCI_LINT_CHECKSUM golangci-lint.tar.gz" | sha256sum --strict --check --status || exit 1
tar xf golangci-lint.tar.gz
mv "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" /usr/local/bin
# Run golangci-lint
make golangci-lint
eslint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version: 16
- run: make eslint
yamllint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- env:
YAMLLINT_VERSION: "1.26.3"
run: |
set -euo pipefail
# Install yamllint
pip install -r requirements.txt --require-hashes
# Run yamllint
make yamllint
# check-dist for actions
###############################
check-dist-matrix:
runs-on: ubuntu-latest
strategy:
matrix:
action:
- ./actions/issue-reopener
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version: 16
- name: Rebuild the dist/ directory
working-directory: ${{ matrix.action }}
run: make clean package
- name: Compare the expected and actual dist/ directories
working-directory: ${{ matrix.action }}
id: diff
run: |
set -euo pipefail
if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
echo "Detected uncommitted changes after build. See status below:"
git diff
exit 1
fi
# If dist/ was different from expected, upload the expected version as an artifact
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
with:
name: dist
path: ${{ matrix.action }}/dist/
# NOTE: needed for protected branch checks.
check-dist:
runs-on: ubuntu-latest
needs: check-dist-matrix
if: ${{ always() }}
env:
CHECK_DIST_RESULT: ${{ needs.check-dist-matrix.result }}
steps:
# exit 0 if checks were successful.
- run: |
[ "${CHECK_DIST_RESULT}" == "success" ]
# issue-reopener e2e tests.
###############################
issue-reopener-basic:
runs-on: ubuntu-latest
# NOTE: Don't run on release since the binaries haven't been created yet.
if: ${{ ! startsWith(github.event.pull_request.title, 'chore(release):') }}
outputs:
issue-url: ${{ steps.create-issue.outputs.url }}
permissions:
issues: write
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- id: create-issue
env:
GH_TOKEN: ${{ github.token }}
PR_URL: ${{ github.event.pull_request.html_url }}
run: |
body=""
if [ "${PR_URL}" != "" ]; then
body="Test issue for commit $PR ${PR_URL}"
else
body="Test issue for commit ${GITHUB_SHA}"
fi
body="${body}
- [Workflow run](https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/attempts/${GITHUB_RUN_ATTEMPT})"
url=$(gh issue create -R "${GITHUB_REPOSITORY}" --title "issue-reopener-basic pre-submit test issue" --body "${body}")
echo "${url}"
gh issue close "${url}"
mkdir test
echo "// TODO(${url}): still open" > test/test.go
echo "url=${url}" >> "${GITHUB_OUTPUT}"
- uses: ./actions/issue-reopener/
with:
path: "test/"
- env:
GH_TOKEN: ${{ github.token }}
ISSUE_URL: ${{ steps.create-issue.outputs.url }}
run: |
# Ensure the issue was reopened.
state=$(gh issue view "${ISSUE_URL}" --json state | jq -r '.state')
[ "${state}" == "OPEN" ]
# Check that the body contains the right path
# NOTE: Need to get text output in order to get issue comments.
body=$(gh issue view "${ISSUE_URL}" -c)
[[ "${body}" == *"1. [test/test.go:1]"* ]]
issue-reopener-basic-cleanup:
runs-on: ubuntu-latest
needs: issue-reopener-basic
if: ${{ always() }}
permissions:
issues: write
steps:
- env:
ISSUE_URL: ${{ needs.issue-reopener-basic.outputs.issue-url }}
GH_TOKEN: ${{ github.token }}
run: |
# Close the test issue.
gh issue close "${ISSUE_URL}" || true
issue-reopener-dry-run:
runs-on: ubuntu-latest
# NOTE: Don't run on release since the binaries haven't been created yet.
if: ${{ ! startsWith(github.event.pull_request.title, 'chore(release):') }}
outputs:
issue-url: ${{ steps.create-issue.outputs.url }}
permissions:
issues: write
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- id: create-issue
env:
GH_TOKEN: ${{ github.token }}
PR_URL: ${{ github.event.pull_request.html_url }}
run: |
body=""
if [ "${PR_URL}" != "" ]; then
body="Test issue for commit $PR ${PR_URL}"
else
body="Test issue for commit ${GITHUB_SHA}"
fi
body="${body}
- [Workflow run](https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/attempts/${GITHUB_RUN_ATTEMPT})"
url=$(gh issue create --title "issue-reopener-dry-run pre-submit test issue" --body "${body}")
echo "${url}"
gh issue close "${url}"
mkdir test
echo "// TODO(${url}): still open" > test/test.go
echo "url=${url}" >> "${GITHUB_OUTPUT}"
- uses: ./actions/issue-reopener/
with:
path: "test/"
dry-run: true
- env:
GH_TOKEN: ${{ github.token }}
ISSUE_URL: ${{ steps.create-issue.outputs.url }}
run: |
# Ensure the issue was not reopened.
state=$(gh issue view "${ISSUE_URL}" --json state | jq -r '.state')
[ "${state}" == "CLOSED" ]
issue-reopener-dry-run-cleanup:
runs-on: ubuntu-latest
needs: issue-reopener-dry-run
if: ${{ always() }}
permissions:
issues: write
steps:
- env:
ISSUE_URL: ${{ needs.issue-reopener-dry-run.outputs.issue-url }}
GH_TOKEN: ${{ github.token }}
run: |
# Ensure the the test issue is closed even if test fails.
gh issue close "${ISSUE_URL}" || true
issue-reopener-subdir:
runs-on: ubuntu-latest
# NOTE: Don't run on release since the binaries haven't been created yet.
if: ${{ ! startsWith(github.event.pull_request.title, 'chore(release):') }}
outputs:
issue-url: ${{ steps.create-issue.outputs.url }}
permissions:
issues: write
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
path: "repo"
- id: create-issue
env:
GH_TOKEN: ${{ github.token }}
PR_URL: ${{ github.event.pull_request.html_url }}
run: |
body=""
if [ "${PR_URL}" != "" ]; then
body="Test issue for commit $PR ${PR_URL}"
else
body="Test issue for commit ${GITHUB_SHA}"
fi
body="${body}
- [Workflow run](https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/attempts/${GITHUB_RUN_ATTEMPT})"
url=$(gh issue create -R "${GITHUB_REPOSITORY}" --title "issue-reopener-subdir pre-submit test issue" --body "${body}")
echo "${url}"
gh issue close "${url}"
mkdir -p repo/test
echo "// TODO(${url}): still open" > repo/test/test.go
echo "url=${url}" >> "${GITHUB_OUTPUT}"
- uses: ./repo/actions/issue-reopener/
with:
path: "repo/test"
- env:
GH_TOKEN: ${{ github.token }}
ISSUE_URL: ${{ steps.create-issue.outputs.url }}
run: |
# Ensure the issue was reopened.
state=$(gh issue view "${ISSUE_URL}" --json state | jq -r '.state')
[ "${state}" == "OPEN" ]
# Check that the body contains the right path
# NOTE: Need to get text output in order to get issue comments.
body=$(gh issue view "${ISSUE_URL}" -c)
[[ "${body}" == *"1. [test/test.go:1]"* ]]
issue-reopener-subdir-cleanup:
runs-on: ubuntu-latest
needs: issue-reopener-subdir
if: ${{ always() }}
permissions:
issues: write
steps:
- env:
ISSUE_URL: ${{ needs.issue-reopener-subdir.outputs.issue-url }}
GH_TOKEN: ${{ github.token }}
run: |
# Close the test issue.
gh issue close "${ISSUE_URL}" || true