chore: improves security by updating all find containers with user scope #7450
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
name: Test | |
jobs: | |
typecheck: | |
name: Typecheck | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
name: Install Node | |
with: | |
node-version: latest | |
- run: corepack enable | |
- run: pnpm --version | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: latest | |
cache: "pnpm" | |
cache-dependency-path: "**/pnpm-lock.yaml" | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --prefer-offline | |
- name: Run Typecheck | |
run: pnpm run typecheck | |
npm-test: | |
name: JavaScript Tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
name: Install Node | |
with: | |
node-version: latest | |
- run: corepack enable | |
- run: pnpm --version | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: latest | |
cache: "pnpm" | |
cache-dependency-path: "**/pnpm-lock.yaml" | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --prefer-offline | |
- name: Run Tests | |
run: pnpm run test -- --outputTruncateLength=500 | |
go-test: | |
name: Go Tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23" | |
check-latest: true | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Protoc | |
uses: arduino/setup-protoc@v3 | |
with: | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install gRPC and Go | |
run: | | |
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest | |
go install google.golang.org/protobuf/cmd/protoc-gen-go@latest | |
- name: Run Go Tests with Coverage | |
run: make test | |
staticcheck: | |
runs-on: ubuntu-latest | |
name: Go Staticcheck | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23" | |
check-latest: true | |
- name: Generate dependencies | |
run: make fake_assets shared_key.pem shared_cert.pem | |
- name: Stactic checker | |
uses: dominikh/[email protected] | |
with: | |
install-go: false | |
int-test: | |
name: Integration Tests | |
timeout-minutes: 60 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
name: Install Node | |
with: | |
node-version: latest | |
- run: corepack enable | |
- run: pnpm --version | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: latest | |
cache: "pnpm" | |
cache-dependency-path: "**/pnpm-lock.yaml" | |
- name: Install dependencies | |
run: pnpm install | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Generate certs | |
run: make shared_key.pem shared_cert.pem | |
- name: Build | |
uses: docker/bake-action@v5 | |
with: | |
load: true | |
set: | | |
*.cache-from=type=gha | |
*.cache-to=type=gha,mode=max | |
- name: Run Playwright tests | |
run: docker compose up --exit-code-from playwright | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: playwright-report | |
path: playwright-report/ | |
retention-days: 30 |