mirror of
https://github.com/kemko/nomad.git
synced 2026-01-05 01:45:44 +03:00
b17c0f7ff9
Trusted Supply Chain Component Registry (TSCCR) enforcement starts Monday and an internal report shows our semgrep action is pinned to a version that's not currently permitted. Update all the action versions to whatever's the new hotness to maximum the time-to-live on these until we have automated pinning setup. Also version bumps our chromedriver action, which randomly broke upstream today.
88 lines
3.3 KiB
YAML
88 lines
3.3 KiB
YAML
name: Ember test audit comparison
|
||
on:
|
||
pull_request:
|
||
paths:
|
||
- '.github/workflows/ember*'
|
||
- 'ui/**'
|
||
|
||
defaults:
|
||
run:
|
||
working-directory: ui
|
||
|
||
# There’s currently no way to share steps between jobs so there’s a lot of duplication
|
||
# for running the audit for the base and PR.
|
||
jobs:
|
||
time-base:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
||
with:
|
||
ref: ${{ github.event.pull_request.base.sha }}
|
||
- uses: nanasess/setup-chromedriver@6fb8f5ffa6b7dc11e631ff695fbd2fec0b04bb52 # v2.1.1
|
||
- name: Use Node.js
|
||
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
|
||
with:
|
||
node-version: '18'
|
||
- run: yarn --frozen-lockfile
|
||
- run: mkdir -p /tmp/test-reports
|
||
- run: npx ember-test-audit 1 --json --output ../base-audit.json
|
||
- name: Upload result
|
||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||
with:
|
||
name: base-audit
|
||
path: base-audit.json
|
||
time-pr:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
||
- uses: nanasess/setup-chromedriver@6fb8f5ffa6b7dc11e631ff695fbd2fec0b04bb52 # v2.1.1
|
||
- name: Use Node.js
|
||
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
|
||
with:
|
||
node-version: '18'
|
||
- run: yarn --frozen-lockfile
|
||
- run: mkdir -p /tmp/test-reports
|
||
- run: npx ember-test-audit 1 --json --output ../pr-audit.json
|
||
- name: Upload result
|
||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||
with:
|
||
name: pr-audit
|
||
path: pr-audit.json
|
||
compare:
|
||
needs: [time-base, time-pr]
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||
with:
|
||
name: base-audit
|
||
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||
with:
|
||
name: pr-audit
|
||
- uses: backspace/ember-test-audit-comparison-action@21e9492d0033bc7e84b6189ae94537a6ed045cfa # v2
|
||
with:
|
||
base-report-path: base-audit.json
|
||
comparison-report-path: pr-audit.json
|
||
base-identifier: ${{ github.event.pull_request.base.ref }}
|
||
comparison-identifier: ${{ github.event.pull_request.head.sha }}
|
||
timing-output-path: audit-diff.md
|
||
flakiness-output-path: flakiness-report.md
|
||
- uses: marocchino/sticky-pull-request-comment@f61b6cf21ef2fcc468f4345cdfcc9bda741d2343 # v2.6.2
|
||
with:
|
||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||
path: audit-diff.md
|
||
- name: Check for existence of flakiness report
|
||
id: check_file
|
||
uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2.0.0
|
||
with:
|
||
files: "flakiness-report.md"
|
||
- name: comment PR
|
||
if: steps.check_file.outputs.files_exists == 'true'
|
||
uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
|
||
env:
|
||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||
with:
|
||
message_path: flakiness-report.md
|
||
permissions:
|
||
contents: read
|
||
pull-requests: write
|