Bump step-security/harden-runner from 2.19.1 to 2.19.4 #181
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: codegen | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - '.github/workflows/codegen.yml' | |
| - 'codegen/**' | |
| - 'api/*.yml' | |
| - '!**/*.md' | |
| pull_request: | |
| paths: | |
| - '.github/workflows/codegen.yml' | |
| - 'codegen/**' | |
| - 'api/*.yml' | |
| - '!**/*.md' | |
| release: | |
| types: [published] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| tests: | |
| if: | | |
| ${{ github.event_name == 'pull_request' || github.event_name == 'release' }} | |
| timeout-minutes: 15 | |
| runs-on: ubuntu-latest | |
| name: 'Test codegen' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout csolution-rpc repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: 'lts/*' | |
| - name: Install dependencies | |
| run: npm ci | |
| working-directory: codegen | |
| - name: Run linter | |
| run: npm run lint | |
| working-directory: codegen | |
| - name: Run tests | |
| run: npm test | |
| working-directory: codegen | |
| - name: Archive test report | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: codegen-test | |
| path: codegen/reports/junit/testreport.xml | |
| retention-days: 1 | |
| if-no-files-found: error | |
| - name: Archive generated interface files | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: codegen-rpc-interfaces | |
| path: codegen/generated/* | |
| retention-days: 1 | |
| if-no-files-found: error | |
| release: | |
| if: ${{ github.event_name == 'release' }} | |
| needs: [ tests ] | |
| timeout-minutes: 15 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Download generated files | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: codegen-rpc-interfaces | |
| path: generated | |
| - name: Check release version tag | |
| run: | | |
| version=$(grep -oP 'RPC_API_VERSION\s*=\s*"\K[^"]+' RpcInterface.h) | |
| tag=${{ github.event.release.tag_name }} | |
| tag="${tag#v}" | |
| if [ "$tag" != "$version" ]; then | |
| echo "Release version does not match the version in generated interfaces. Update csolution-openapi.yml" | |
| exit 1 | |
| fi | |
| working-directory: generated | |
| - name: ZIP generated files | |
| run: zip -r csolution-rpc.zip RpcInterface.h rpc-interface.ts | |
| working-directory: generated | |
| - name: TAR generated files | |
| run: tar -czf csolution-rpc.tar.gz RpcInterface.h rpc-interface.ts | |
| working-directory: generated | |
| - name: Attach files to release assets | |
| id: release_assets | |
| uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: generated/csolution-rpc.* | |
| tag: ${{ github.ref }} | |
| overwrite: true | |
| file_glob: true |