diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5569b2f9..1945fa4f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,14 +1,20 @@ -# .github/workflows/ci.yml - -name: Gemini CLI CI +name: 'Gemini CLI CI' on: push: - branches: [main, release] + branches: + - 'main' + - 'release' pull_request: - branches: [main, release] + branches: + - 'main' + - 'release' merge_group: +concurrency: + group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' + cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/heads/release/') }} + jobs: lint: name: Lint @@ -51,112 +57,126 @@ jobs: run: npm run typecheck test: - name: Test - runs-on: ${{ matrix.os }} - needs: lint + name: 'Test' + runs-on: '${{ matrix.os }}' + needs: 'lint' permissions: - contents: read - checks: write - pull-requests: write + contents: 'read' + checks: 'write' + pull-requests: 'write' strategy: fail-fast: false # So we can see all test failures matrix: - os: [ubuntu-latest, windows-latest, macos-latest] - node-version: [20.x, 22.x, 24.x] + os: + - 'macos-latest' + - 'ubuntu-latest' + - 'windows-latest' + node-version: + - '20.x' + - '22.x' + - '24.x' steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: 'Checkout' + uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5 - - name: Set up Node.js ${{ matrix.node-version }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + - name: 'Set up Node.js ${{ matrix.node-version }}' + uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' # ratchet:actions/setup-node@v4 with: - node-version: ${{ matrix.node-version }} + node-version: '${{ matrix.node-version }}' cache: 'npm' - - name: Build project - run: npm run build + - name: 'Build project' + run: |- + npm run build - - name: Install dependencies for testing - run: npm ci # Install fresh dependencies using the downloaded package-lock.json + - name: 'Install dependencies for testing' + run: |- + npm ci - - name: Run tests and generate reports - run: npm run test:ci + - name: 'Run tests and generate reports' env: NO_COLOR: true + run: 'npm run test:ci' - - name: Publish Test Report (for non-forks) - if: always() && (github.event.pull_request.head.repo.full_name == github.repository) - uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2 + - name: 'Publish Test Report (for non-forks)' + if: |- + ${{ always() && (github.event.pull_request.head.repo.full_name == github.repository) }} + uses: 'dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3' # ratchet:dorny/test-reporter@v2 with: - name: Test Results (Node ${{ matrix.node-version }}) - path: packages/*/junit.xml - reporter: java-junit + name: 'Test Results (Node ${{ matrix.node-version }})' + path: 'packages/*/junit.xml' + reporter: 'java-junit' fail-on-error: 'false' - - name: Upload Test Results Artifact (for forks) - if: always() && (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + - name: 'Upload Test Results Artifact (for forks)' + if: |- + ${{ always() && (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) }} + uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02' # ratchet:actions/upload-artifact@v4 with: - name: test-results-fork-${{ matrix.node-version }}-${{ matrix.os }} - path: packages/*/junit.xml + name: 'test-results-fork-${{ matrix.node-version }}-${{ matrix.os }}' + path: 'packages/*/junit.xml' - - name: Upload coverage reports - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - if: always() + - name: 'Upload coverage reports' + if: |- + ${{ always() }} + uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02' # ratchet:actions/upload-artifact@v4 with: - name: coverage-reports-${{ matrix.node-version }}-${{ matrix.os }} - path: packages/*/coverage + name: 'coverage-reports-${{ matrix.node-version }}-${{ matrix.os }}' + path: 'packages/*/coverage' post_coverage_comment: - name: Post Coverage Comment - runs-on: ubuntu-latest - needs: test - if: always() && github.event_name == 'pull_request' && (github.event.pull_request.head.repo.full_name == github.repository) + name: 'Post Coverage Comment' + runs-on: 'ubuntu-latest' + needs: 'test' + if: |- + ${{ always() && github.event_name == 'pull_request' && (github.event.pull_request.head.repo.full_name == github.repository) }} continue-on-error: true permissions: - contents: read # For checkout - pull-requests: write # For commenting + contents: 'read' # For checkout + pull-requests: 'write' # For commenting strategy: matrix: # Reduce noise by only posting the comment once - os: [ubuntu-latest] - node-version: [22.x] + os: + - 'ubuntu-latest' + node-version: + - '22.x' steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: 'Checkout' + uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5 - - name: Download coverage reports artifact - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + - name: 'Download coverage reports artifact' + uses: 'actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0' # ratchet:actions/download-artifact@v5 with: - name: coverage-reports-${{ matrix.node-version }}-${{ matrix.os }} - path: coverage_artifact # Download to a specific directory + name: 'coverage-reports-${{ matrix.node-version }}-${{ matrix.os }}' + path: 'coverage_artifact' # Download to a specific directory - - name: Post Coverage Comment using Composite Action - uses: ./.github/actions/post-coverage-comment # Path to the composite action directory + - name: 'Post Coverage Comment using Composite Action' + uses: './.github/actions/post-coverage-comment' # Path to the composite action directory with: - cli_json_file: coverage_artifact/cli/coverage/coverage-summary.json - core_json_file: coverage_artifact/core/coverage/coverage-summary.json - cli_full_text_summary_file: coverage_artifact/cli/coverage/full-text-summary.txt - core_full_text_summary_file: coverage_artifact/core/coverage/full-text-summary.txt - node_version: ${{ matrix.node-version }} - os: ${{ matrix.os }} - github_token: ${{ secrets.GITHUB_TOKEN }} + cli_json_file: 'coverage_artifact/cli/coverage/coverage-summary.json' + core_json_file: 'coverage_artifact/core/coverage/coverage-summary.json' + cli_full_text_summary_file: 'coverage_artifact/cli/coverage/full-text-summary.txt' + core_full_text_summary_file: 'coverage_artifact/core/coverage/full-text-summary.txt' + node_version: '${{ matrix.node-version }}' + os: '${{ matrix.os }}' + github_token: '${{ secrets.GITHUB_TOKEN }}' codeql: - name: CodeQL - runs-on: ubuntu-latest + name: 'CodeQL' + runs-on: 'ubuntu-latest' permissions: - actions: read - contents: read - security-events: write + actions: 'read' + contents: 'read' + security-events: 'write' steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: 'Checkout' + uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5 - - name: Initialize CodeQL - uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3 + - name: 'Initialize CodeQL' + uses: 'github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2' # ratchet:github/codeql-action/init@v3 with: - languages: javascript + languages: 'javascript' - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3 + - name: 'Perform CodeQL Analysis' + uses: 'github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2' # ratchet:github/codeql-action/analyze@v3