Skip to content

chore: update github/codeql-action action to v3.27.9 #1523

chore: update github/codeql-action action to v3.27.9

chore: update github/codeql-action action to v3.27.9 #1523

name: Continuous Integration
on:
push:
branches: [master]
pull_request:
# The branches below must be a subset of the branches above
branches: [master]
schedule:
- cron: '0 2 * * 1' # At 02:00 on Monday
permissions: {}
jobs:
test:
name: Test
timeout-minutes: 5
strategy:
matrix:
os: [ubuntu-latest]
node-version:
- 16
- 18
- 20
- 21
include:
- os: macos-latest
node-version: 20 # LTS
- os: windows-latest
node-version: 20 # LTS
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
if: ${{ matrix.os == 'ubuntu-latest' }}
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
nodejs.org:443
registry.npmjs.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
- name: Bootstrap project
run: npm ci --ignore-scripts --prefer-offline
- uses: Yuri6037/Action-FakeTTY@1abc69c7d530815855caedcd73842bae5687c1a6 # v1.1
- name: Run tests
run: faketty npm test --ignore-scripts
code-lint:
name: Code Lint
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
nodejs.org:443
registry.npmjs.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Use Node.js 20
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 20
cache: 'npm'
- name: Bootstrap project
run: |
npm ci \
--ignore-scripts \
--prefer-offline
- name: Verify code linting
run: npm run lint --ignore-scripts
commit-lint:
name: Commit Lint
runs-on: ubuntu-latest
if: ${{ github.event.pull_request }}
steps:
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
registry.npmjs.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
persist-credentials: false
- name: Use Node.js 20
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 20
cache: npm
- name: Bootstrap project
run: |
npm ci \
--ignore-scripts \
--prefer-offline
- name: Verify commit linting
run: |
npm exec \
--no-install \
--package=@commitlint/cli \
-- \
commitlint \
--from=origin/master \
--to=HEAD \
--verbose
lockfile-lint:
name: Lockfile Lint
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
registry.npmjs.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Use Node.js 20
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 20
cache: npm
- name: Bootstrap project
run: |
npm ci \
--ignore-scripts \
--prefer-offline
- name: Verify commit linting
run: |
npm exec \
--no-install \
--package=lockfile-lint \
-- \
lockfile-lint \
--path=package-lock.json \
--allowed-hosts=npm \
--validate-https \
--validate-integrity \
--validate-package-names