build: update github/codeql-action action to v3.29.3 (#31573) #6200
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- '[0-9]+.[0-9]+.x' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: {} | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Checking package externals | |
run: | | |
bazel build //:package_externals | |
pnpm check-package-externals $(bazel info bazel-bin)/package_externals.json | |
- name: Checking entry-points configuration | |
run: | | |
bazel build //:entry_points_manifest | |
pnpm check-entry-point-setup $(bazel info bazel-bin)/entry_points_manifest.json | |
- name: Check OWNERS file | |
run: pnpm ownerslint | |
- name: Check for component id collisions | |
run: pnpm detect-component-id-collisions | |
- name: Check style lint | |
run: pnpm stylelint | |
- name: Check code lint | |
run: pnpm tslint | |
- name: Check for circular dependencies | |
run: pnpm -s ts-circular-deps:check | |
api_golden_checks: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Bazel RBE | |
uses: angular/dev-infra/github-actions/bazel/configure-remote@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }} | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Check API Goldens | |
run: pnpm bazel test goldens/... | |
e2e: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Bazel RBE | |
uses: angular/dev-infra/github-actions/bazel/configure-remote@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }} | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Run e2e tests | |
run: pnpm e2e --flaky_test_attempts=2 | |
integration: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Bazel RBE | |
uses: angular/dev-infra/github-actions/bazel/configure-remote@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }} | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Run integration tests | |
run: pnpm integration-tests | |
continue-on-error: true | |
test: | |
runs-on: ubuntu-latest-16core | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Bazel RBE | |
uses: angular/dev-infra/github-actions/bazel/configure-remote@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }} | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Run tests | |
run: bazel test --build_tag_filters=-e2e --test_tag_filters=-e2e --build_tests_only --test_env="DEBUG=puppeteer:*" -- src/... | |
build: | |
runs-on: ubuntu-latest-16core | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Bazel RBE | |
uses: angular/dev-infra/github-actions/bazel/configure-remote@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
google_credential: ${{ secrets.RBE_TRUSTED_BUILDS_USER }} | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Run tests | |
run: bazel build --build_tag_filters=-docs-package,-release-package -- src/... | |
publish_snapshots: | |
runs-on: ubuntu-latest-4core | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Bazel RBE | |
uses: angular/dev-infra/github-actions/bazel/configure-remote@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Build and Verify Release Output | |
run: pnpm build-and-check-release-output | |
- name: Verify tooling setup | |
run: pnpm check-tooling-setup | |
- name: Build Docs Content | |
run: pnpm build-docs-content | |
- name: Build Docs Content | |
run: pnpm build-docs-content | |
- name: Publish Snapshots | |
run: ./scripts/circleci/publish-snapshots.sh | |
env: | |
SNAPSHOT_BUILDS_GITHUB_TOKEN: ${{ secrets.SNAPSHOT_BUILDS_GITHUB_TOKEN }} | |
deploy_doc_site: | |
runs-on: ubuntu-latest-4core | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
# See: https://github.com/puppeteer/puppeteer/pull/13196 and | |
# https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. | |
- name: Disable AppArmor | |
run: echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Bazel RBE | |
uses: angular/dev-infra/github-actions/bazel/configure-remote@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Build and Verify Release Output | |
run: pnpm build-and-check-release-output | |
- name: Verify tooling setup | |
run: pnpm check-tooling-setup | |
- name: Deploy the docs app | |
run: pnpm ci-push-deploy-docs-app | |
env: | |
CIRCLE_BRANCH: ${{ github.ref_name }} | |
CIRCLE_SHA1: ${{ github.sha }} | |
DOCS_SITE_GCP_SERVICE_KEY: ${{ secrets.DOCS_SITE_GCP_SERVICE_KEY }} | |
DOCS_DEPLOY_GITHUB_TOKEN: ${{ secrets.DOCS_DEPLOY_GITHUB_TOKEN }} | |
browserstack: | |
runs-on: ubuntu-latest | |
env: | |
CI_NODE_INDEX: 0 | |
CI_NODE_TOTAL: 1 | |
CI_RUNNER_NUMBER: ${{ github.run_id }} | |
steps: | |
- name: Initialize environment | |
uses: angular/dev-infra/github-actions/npm/checkout-and-setup-node@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
with: | |
cache-node-modules: true | |
- name: Install node modules | |
run: pnpm install --frozen-lockfile | |
- name: Setup Bazel | |
uses: angular/dev-infra/github-actions/bazel/setup@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Setup Browserstack Variables | |
uses: angular/dev-infra/github-actions/browserstack@64e129b9b9b27fc54b1e6e08d012d0d4fd2ed798 | |
- name: Run tests on Browserstack | |
run: ./scripts/circleci/run-browserstack-tests.sh |