Bump github/codeql-action from 3.30.3 to 4.31.3 #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Closed | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: [closed] | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| check-merge-or-workflow-dispatch: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| deploy: ${{ steps.check.outputs.deploy }} | |
| steps: | |
| - name: Check if PR was merged or workflow is triggered by workflow_dispatch | |
| id: check | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| echo "deploy=true" >> $GITHUB_OUTPUT | |
| echo "Job triggered by workflow_dispatch - running 'deploy-main'" | |
| elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.merged }}" == "true" ]]; then | |
| echo "deploy=true" >> $GITHUB_OUTPUT | |
| echo "Job triggered by Merged PR - running 'deploy-main'" | |
| else | |
| echo "deploy=false" >> $GITHUB_OUTPUT | |
| echo "Job not triggered by workflow_dispatch or Merged PR - Skipping 'deploy-main'" | |
| fi | |
| check-event-schemas-version-change: | |
| name: Check for event schemas package version change | |
| needs: check-merge-or-workflow-dispatch | |
| if: needs.check-merge-or-workflow-dispatch.outputs.deploy == 'true' | |
| outputs: | |
| version_changed: ${{ steps.check-version.outputs.version_changed }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/[email protected] | |
| - name: Setup NodeJS | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ inputs.nodejs_version }} | |
| - name: check if local version differs from latest published version | |
| id: check-version | |
| run: | | |
| published_version=$(npm view @nhsdigital/nhs-notify-event-schemas-letter-rendering --json 2>/dev/null | jq -r '.["dist-tags"].latest // "null"') | |
| echo "Published version: $published_version" | |
| local_version=$(jq -r '.version' packages/events/package.json) | |
| echo "Local version: $local_version" | |
| if [[ $local_version = $published_version ]]; then | |
| echo "Local version is the same as the latest published version - skipping publish" | |
| echo "version_changed=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Local version is different to the latest published version - publishing new version" | |
| echo "version_changed=true" >> $GITHUB_OUTPUT | |
| fi | |
| test-contract: | |
| name: "Test contracts (provider)" | |
| needs: check-event-schemas-version-change | |
| if: needs.check-event-schemas-version-change.outputs.version_changed == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| steps: | |
| - name: "Checkout code" | |
| uses: actions/[email protected] | |
| - name: Setup NodeJS | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ inputs.nodejs_version }} | |
| - name: "Install dependencies" | |
| run: npm ci | |
| - name: "Run provider contract tests" | |
| run: make test-contract | |
| env: | |
| GITHUB_PACKAGES_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| publish-event-schemas: | |
| name: Publish event schemas package to GitHub package registry | |
| needs: | |
| - check-event-schemas-version-change | |
| - test-contract | |
| if: needs.check-event-schemas-version-change.outputs.version_changed == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/[email protected] | |
| - name: Setup NodeJS | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ inputs.nodejs_version }} | |
| registry-url: 'https://npm.pkg.github.com' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Publish to GitHub Packages | |
| run: npm publish --workspace packages/events | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |