name: PR Checks on: push: pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. types: [opened, synchronize, reopened, ready_for_review] workflow_dispatch: jobs: check-js: name: Check JS runs-on: ubuntu-latest timeout-minutes: 45 permissions: contents: read security-events: write # needed to upload ESLint results strategy: fail-fast: false steps: - name: Checkout uses: actions/checkout@v4 - name: Lint id: lint run: npm run-script lint-ci - name: Upload sarif uses: github/codeql-action/upload-sarif@v3 with: sarif_file: eslint.sarif category: eslint - name: Check generated JS run: .github/workflows/script/check-js.sh check-node-modules: if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v') name: Check modules up to date permissions: contents: read runs-on: macos-latest timeout-minutes: 45 steps: - uses: actions/checkout@v4 - name: Check node modules up to date run: .github/workflows/script/check-node-modules.sh check-file-contents: if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v') name: Check file contents permissions: contents: read runs-on: ubuntu-latest timeout-minutes: 45 steps: - name: Checkout uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: 3.11 - name: Install dependencies run: | python -m pip install --upgrade pip # When updating this, update the autogenerated code header in `sync.py` too. pip install ruamel.yaml==0.17.31 # Ensure the generated PR check workflows are up to date. - name: Verify PR checks up to date run: .github/workflows/script/verify-pr-checks.sh npm-test: if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v') name: Unit Test needs: [check-js, check-node-modules] strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] permissions: contents: read runs-on: ${{ matrix.os }} timeout-minutes: 45 steps: - uses: actions/checkout@v4 - name: npm test run: | # Run any commands referenced in package.json using Bash, otherwise # we won't be able to find them on Windows. npm config set script-shell bash npm test check-node-version: if: github.event.pull_request name: Check Action Node versions runs-on: ubuntu-latest timeout-minutes: 45 env: BASE_REF: ${{ github.base_ref }} permissions: contents: read steps: - uses: actions/checkout@v4 - id: head-version name: Verify all Actions use the same Node version run: | NODE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq) echo "NODE_VERSION: ${NODE_VERSION}" if [[ $(echo "$NODE_VERSION" | wc -l) -gt 1 ]]; then echo "::error::More than one node version used in 'action.yml' files." exit 1 fi echo "node_version=${NODE_VERSION}" >> $GITHUB_OUTPUT - id: checkout-base name: 'Backport: Check out base ref' if: ${{ startsWith(github.head_ref, 'backport-') }} uses: actions/checkout@v4 with: ref: ${{ env.BASE_REF }} - name: 'Backport: Verify Node versions unchanged' if: steps.checkout-base.outcome == 'success' env: HEAD_VERSION: ${{ steps.head-version.outputs.node_version }} run: | BASE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq) echo "HEAD_VERSION: ${HEAD_VERSION}" echo "BASE_VERSION: ${BASE_VERSION}" if [[ "$BASE_VERSION" != "$HEAD_VERSION" ]]; then echo "::error::Cannot change the Node version of an Action in a backport PR." exit 1 fi