diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index f88b981..63ca32f 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -2,6 +2,10 @@ name: Set up environment description: Set up the environment for building and testing the library on a given platform inputs: + ruby: + description: The version of Ruby to use + required: true + xcode: description: The version of Xcode to use required: true @@ -10,16 +14,16 @@ runs: using: composite steps: - - name: Set up Ruby - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # pinned to version v1.191.0 + uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # pin@v1.221.0 with: - ruby-version: '3.1.0' + ruby-version: ${{ inputs.ruby }} bundler-cache: true cache-version: 1 - name: Setup Xcode - uses: mxcl/xcodebuild@6e60022a0cbe8c89278be2dd1773a2f68e7c5c87 + uses: mxcl/xcodebuild@2cf0ec52b855fa777531c5c89b714caa7a3abd5e # pin@v3.4.0 with: xcode: ${{ inputs.xcode }} action: none + verbosity: xcbeautify diff --git a/.github/actions/test/action.yml b/.github/actions/test/action.yml index b106acf..6523895 100644 --- a/.github/actions/test/action.yml +++ b/.github/actions/test/action.yml @@ -5,9 +5,11 @@ inputs: xcode: description: The version of Xcode to use required: true + scheme: description: The Xcode scheme to use required: true + platform: description: The platform to build for required: true @@ -16,18 +18,15 @@ runs: using: composite steps: - - name: Install xcpretty - run: gem install xcpretty - shell: bash - - name: Save Xcode version run: xcodebuild -version | tee .xcode-version shell: bash - name: Run tests - uses: mxcl/xcodebuild@6e60022a0cbe8c89278be2dd1773a2f68e7c5c87 + uses: mxcl/xcodebuild@2cf0ec52b855fa777531c5c89b714caa7a3abd5e # pin@v3.4.0 with: xcode: ${{ inputs.xcode }} scheme: ${{ inputs.scheme }} platform: ${{ inputs.platform }} code-coverage: true + verbosity: xcbeautify diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9ddf265..a796f40 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,8 +8,26 @@ updates: ignore: - dependency-name: '*' update-types: [version-update:semver-major] + labels: + - dependencies - package-ecosystem: github-actions directory: / schedule: interval: daily + labels: + - dependencies + + - package-ecosystem: github-actions + directory: /.github/actions/setup + schedule: + interval: daily + labels: + - dependencies + + - package-ecosystem: github-actions + directory: /.github/actions/test + schedule: + interval: daily + labels: + - dependencies diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0a3aaab..dd6ce54 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,6 +12,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/master' }} +env: + ruby: '3.3.1' + jobs: authorize: name: Authorize @@ -40,11 +43,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@v4 - name: Set up environment uses: ./.github/actions/setup with: + ruby: ${{ env.ruby }} xcode: ${{ matrix.xcode }} - name: Run tests @@ -75,11 +79,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@v4 - name: Set up environment uses: ./.github/actions/setup with: + ruby: ${{ env.ruby }} xcode: ${{ matrix.xcode }} - name: Run tests @@ -96,11 +101,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@v4 - name: Set up environment uses: ./.github/actions/setup with: + ruby: ${{ env.ruby }} xcode: ${{ matrix.xcode }} - name: Run pod lib lint @@ -112,7 +118,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@v4 - name: Run SwiftLint run: swiftlint lint --reporter github-actions-logging diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index e902186..c5cabae 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -4,7 +4,7 @@ on: pull_request: {} push: - branches: ["master", "main"] + branches: [master, main] schedule: - cron: '30 0 1,15 * *' @@ -18,7 +18,7 @@ jobs: # Skip any PR created by dependabot to avoid permission issues if: (github.actor != 'dependabot[bot]') steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/checkout@v4 - run: semgrep ci env: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index 158a434..0000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Snyk - -on: - merge_group: - workflow_dispatch: - pull_request: - types: - - opened - - synchronize - push: - branches: - - main - schedule: - - cron: '30 0 1,15 * *' - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} - -jobs: - - check: - - name: Check for Vulnerabilities - runs-on: ubuntu-latest - - steps: - - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' - run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha || github.ref }} - - - uses: snyk/actions/ruby@b98d498629f1c368650224d6d212bf7dfa89e4bf # pin@0.4.0 - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}