Skip to content

XS✔ ◾ Bump github/codeql-action from 3.25.8 to 3.25.11 #2180

XS✔ ◾ Bump github/codeql-action from 3.25.8 to 3.25.11

XS✔ ◾ Bump github/codeql-action from 3.25.8 to 3.25.11 #2180

Workflow file for this run

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
---
name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
merge_group:
types:
- checks_requested
schedule:
- cron: 0 0 * * 1
workflow_dispatch: null
permissions: {}
jobs:
update-code:
name: Update Code
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
ref: ${{ github.HEAD_REF }}
# Fine-grained Personal Access Token (PAT) with the following permissions for microsoft/PR-Metrics:
# - Read access to Metadata
# - Read and Write access to Code (aka Contents)
token: ${{ secrets.BUILD_UPDATE_CODE_CHECKOUT }}
- name: Install Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 20.14.0
- name: npm – Install Dependencies
run: npm ci
- name: npm – Lint
run: npm run lint
- name: npm – Build Package
run: npm run build:package
- name: Git – Add Changed Files
run: git add -A
- name: Detect Changes
id: detect-changes
shell: pwsh
run: |-
$GitStatus = git status
Write-Output -InputObject $GitStatus
$NoChangesPresent = $GitStatus.Contains("nothing to commit, working tree clean")
Write-Output -InputObject $NoChangesPresent
Write-Output -InputObject "NO_CHANGES_PRESENT=$NoChangesPresent" >> $Env:GITHUB_OUTPUT
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Set Name
run: git config --global user.name "github-actions[bot]"
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Set Email
run: git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Commit Changed Files
run: git commit -m "Fixing linting, Updating dist folder"
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Push Changed Files
run: git push
build:
name: Build
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 20.14.0
- name: npm – Install Dependencies
run: npm ci
- name: npm – Test Clean
run: npm run clean
- name: npm – Build
run: npm run build
- name: npm – Test
run: npm run test
- name: Release – Create
run: npx tfx-cli extension create --manifest-globs vss-extension.json --output-path ../ms-omex.PRMetrics.vsix
working-directory: ${{ github.workspace }}/release
- name: Release – Upload
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: PRMetrics
path: ${{ github.workspace }}/ms-omex.PRMetrics.vsix
test-github-action:
name: Test GitHub Action
runs-on: ubuntu-latest
permissions:
pull-requests: write
statuses: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: PR Metrics
uses: ./
env:
PR_METRICS_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
file-matching-patterns: |
**/*
!dist/*
!package-lock.json
validate:
name: Validate
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Validate Markdown Links
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # 1.0.15
with:
config-file: .github/linters/markdown-link-check.json
- name: Initialize
uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
build-mode: none
config-file: .github/linters/codeql.yml
languages: javascript-typescript
queries: security-extended,security-and-quality
- name: Analyze
uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
category: TypeScript
validate-linter:
name: Validate – Linter
runs-on: ubuntu-latest
permissions:
statuses: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Super Linter
uses: github/super-linter@4e51915f4a812abf59fed160bb14595c0a38a9e7 # v6
env:
EDITORCONFIG_FILE_NAME: ../../.editorconfig
FILTER_REGEX_EXCLUDE: .*dist/.*
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_CONFIG_FILE: gitleaks.toml
MARKDOWN_CONFIG_FILE: ../../.markdownlint.json
VALIDATE_JAVASCRIPT_STANDARD: false
VALIDATE_JSON: false
VALIDATE_TYPESCRIPT_ES: false
VALIDATE_TYPESCRIPT_STANDARD: false
dependabot:
if: ${{ github.actor == 'dependabot[bot]' }}
name: Dependabot
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Enable Auto-Merge
run: gh pr merge --auto --delete-branch --squash "${{ github.event.pull_request.html_url }}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
...