Skip to content

Commit 8b31e65

Browse files
ScriptedAlchemyScriptedAlchemy
authored
ci: restore build workflow permissions and add actionlint guard (#4158)
1 parent 4cada54 commit 8b31e65

18 files changed

+110
-48
lines changed

.github/actions/android-e2e/action.yaml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,13 +30,21 @@ runs:
3030
- name: Set up Node
3131
uses: actions/setup-node@v4
3232
with:
33-
node-version: 22
33+
node-version: 18
3434
cache: 'pnpm'
3535

36+
- name: Set SKIP_DEVTOOLS_POSTINSTALL
37+
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> "$GITHUB_ENV"
38+
shell: bash
39+
3640
- name: Install dependencies
3741
run: pnpm install --frozen-lockfile
3842
shell: bash
3943

44+
- name: Build metro packages
45+
run: npx nx run-many --targets=build --projects=tag:type:metro --parallel=3 --skip-nx-cache
46+
shell: bash
47+
4048
- name: Install Maestro CLI
4149
run: |
4250
curl -Ls "https://get.maestro.mobile.dev" | bash

.github/actions/ios-e2e/action.yaml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,13 +28,21 @@ runs:
2828
- name: Set up Node
2929
uses: actions/setup-node@v4
3030
with:
31-
node-version: 22
31+
node-version: 18
3232
cache: 'pnpm'
3333

34+
- name: Set SKIP_DEVTOOLS_POSTINSTALL
35+
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> "$GITHUB_ENV"
36+
shell: bash
37+
3438
- name: Install dependencies
3539
run: pnpm install --frozen-lockfile
3640
shell: bash
3741

42+
- name: Build metro packages
43+
run: npx nx run-many --targets=build --projects=tag:type:metro --parallel=3 --skip-nx-cache
44+
shell: bash
45+
3846
- name: Install Maestro CLI and iOS Utilities
3947
run: |
4048
curl -Ls "https://get.maestro.mobile.dev" | bash

.github/workflows/actionlint.yml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
name: Lint GitHub Workflows
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches: [main]
7+
8+
permissions:
9+
contents: read
10+
11+
jobs:
12+
actionlint:
13+
runs-on: ubuntu-latest
14+
steps:
15+
- name: Checkout repository
16+
uses: actions/checkout@v4
17+
18+
- name: Run actionlint
19+
uses: raven-actions/actionlint@v2
20+
with:
21+
matcher: true

.github/workflows/build-and-test.yml

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
fetch-depth: 0
2121

2222
- name: Cache Tool Downloads
23-
uses: actions/cache@v3
23+
uses: actions/cache@v4
2424
with:
2525
path: ~/.cache
2626
key: ${{ runner.os }}-toolcache-${{ hashFiles('pnpm-lock.yaml') }}
@@ -41,9 +41,9 @@ jobs:
4141
- name: Set Playwright cache status
4242
run: |
4343
if [ -d "$HOME/.cache/ms-playwright" ] || [ -d "$HOME/.cache/Cypress" ]; then
44-
echo "PLAYWRIGHT_CACHE_HIT=true" >> $GITHUB_ENV
44+
echo "PLAYWRIGHT_CACHE_HIT=true" >> "$GITHUB_ENV"
4545
else
46-
echo "PLAYWRIGHT_CACHE_HIT=false" >> $GITHUB_ENV
46+
echo "PLAYWRIGHT_CACHE_HIT=false" >> "$GITHUB_ENV"
4747
fi
4848
4949
- name: Set Nx SHA
@@ -139,11 +139,17 @@ jobs:
139139
secrets: inherit
140140

141141
e2e-metro:
142-
needs: checkout-install
142+
permissions:
143+
contents: read
144+
actions: read
145+
checks: write
146+
pull-requests: write
147+
needs:
148+
- checkout-install
149+
- build-metro
143150
uses: ./.github/workflows/e2e-metro.yml
144151
secrets: inherit
145152

146153
build-metro:
147-
needs: checkout-install
148154
uses: ./.github/workflows/build-metro.yml
149155
secrets: inherit

.github/workflows/build-metro.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
fetch-depth: 0
1818

1919
- name: Cache Tool Downloads
20-
uses: actions/cache@v3
20+
uses: actions/cache@v4
2121
with:
2222
path: ~/.cache
2323
key: ${{ runner.os }}-toolcache-${{ hashFiles('pnpm-lock.yaml') }}

.github/workflows/devtools.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
fetch-depth: 0
2222

2323
- name: Cache Tool Downloads
24-
uses: actions/cache@v3
24+
uses: actions/cache@v4
2525
with:
2626
path: ~/.cache
2727
key: ${{ runner.os }}-toolcache-${{ hashFiles('pnpm-lock.yaml') }}
@@ -42,9 +42,9 @@ jobs:
4242
- name: Set Playwright cache status
4343
run: |
4444
if [ -d "$HOME/.cache/ms-playwright" ] || [ -d "$HOME/.cache/Cypress" ]; then
45-
echo "PLAYWRIGHT_CACHE_HIT=true" >> $GITHUB_ENV
45+
echo "PLAYWRIGHT_CACHE_HIT=true" >> "$GITHUB_ENV"
4646
else
47-
echo "PLAYWRIGHT_CACHE_HIT=false" >> $GITHUB_ENV
47+
echo "PLAYWRIGHT_CACHE_HIT=false" >> "$GITHUB_ENV"
4848
fi
4949
5050
- name: Set Nx SHA

.github/workflows/e2e-manifest.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
fetch-depth: 0
1616

1717
- name: Cache Tool Downloads
18-
uses: actions/cache@v3
18+
uses: actions/cache@v4
1919
with:
2020
path: ~/.cache
2121
key: ${{ runner.os }}-toolcache-${{ hashFiles('pnpm-lock.yaml') }}
@@ -25,9 +25,9 @@ jobs:
2525
- name: Set Playwright cache status
2626
run: |
2727
if [ -d "$HOME/.cache/ms-playwright" ] || [ -d "$HOME/.cache/Cypress" ]; then
28-
echo "PLAYWRIGHT_CACHE_HIT=true" >> $GITHUB_ENV
28+
echo "PLAYWRIGHT_CACHE_HIT=true" >> "$GITHUB_ENV"
2929
else
30-
echo "PLAYWRIGHT_CACHE_HIT=false" >> $GITHUB_ENV
30+
echo "PLAYWRIGHT_CACHE_HIT=false" >> "$GITHUB_ENV"
3131
fi
3232
3333
- name: Install Pnpm
@@ -45,7 +45,7 @@ jobs:
4545
uses: nrwl/nx-set-shas@v3
4646

4747
- name: Set SKIP_DEVTOOLS_POSTINSTALL environment variable
48-
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> $GITHUB_ENV
48+
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> "$GITHUB_ENV"
4949

5050
- name: Install Dependencies
5151
run: pnpm install

.github/workflows/e2e-metro.yml

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ permissions:
88
contents: read
99
checks: write
1010
pull-requests: write
11-
id-token: write
1211

1312
concurrency:
1413
group: e2e-tests-${{ github.workflow }}-${{ github.ref }}
@@ -33,7 +32,17 @@ jobs:
3332
- name: Checkout repository
3433
uses: actions/checkout@v4
3534

35+
- name: Determine whether metro apps are affected
36+
id: check-ci
37+
run: |
38+
if node tools/scripts/ci-is-affected.mjs --appName=${{ matrix.app_name }}; then
39+
echo "run-e2e=true" >> "$GITHUB_OUTPUT"
40+
else
41+
echo "run-e2e=false" >> "$GITHUB_OUTPUT"
42+
fi
43+
3644
- name: Android E2E Tests
45+
if: steps.check-ci.outputs.run-e2e == 'true'
3746
uses: ./.github/actions/android-e2e
3847
with:
3948
app_name: ${{ matrix.app_name }}
@@ -52,7 +61,17 @@ jobs:
5261
- name: Checkout repository
5362
uses: actions/checkout@v4
5463

64+
- name: Determine whether metro apps are affected
65+
id: check-ci
66+
run: |
67+
if node tools/scripts/ci-is-affected.mjs --appName=${{ matrix.app_name }}; then
68+
echo "run-e2e=true" >> "$GITHUB_OUTPUT"
69+
else
70+
echo "run-e2e=false" >> "$GITHUB_OUTPUT"
71+
fi
72+
5573
- name: iOS E2E Tests
74+
if: steps.check-ci.outputs.run-e2e == 'true'
5675
uses: ./.github/actions/ios-e2e
5776
with:
5877
app_name: ${{ matrix.app_name }}

.github/workflows/e2e-modern-ssr.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414
fetch-depth: 0
1515

1616
- name: Cache Tool Downloads
17-
uses: actions/cache@v3
17+
uses: actions/cache@v4
1818
with:
1919
path: ~/.cache
2020
key: ${{ runner.os }}-toolcache-${{ hashFiles('pnpm-lock.yaml') }}
@@ -24,9 +24,9 @@ jobs:
2424
- name: Set Playwright cache status
2525
run: |
2626
if [ -d "$HOME/.cache/ms-playwright" ] || [ -d "$HOME/.cache/Cypress" ]; then
27-
echo "PLAYWRIGHT_CACHE_HIT=true" >> $GITHUB_ENV
27+
echo "PLAYWRIGHT_CACHE_HIT=true" >> "$GITHUB_ENV"
2828
else
29-
echo "PLAYWRIGHT_CACHE_HIT=false" >> $GITHUB_ENV
29+
echo "PLAYWRIGHT_CACHE_HIT=false" >> "$GITHUB_ENV"
3030
fi
3131
3232
- name: Install Pnpm
@@ -44,7 +44,7 @@ jobs:
4444
uses: nrwl/nx-set-shas@v3
4545

4646
- name: Set SKIP_DEVTOOLS_POSTINSTALL environment variable
47-
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> $GITHUB_ENV
47+
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> "$GITHUB_ENV"
4848

4949
- name: Install Dependencies
5050
run: pnpm install

.github/workflows/e2e-modern.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
fetch-depth: 0
1616

1717
- name: Cache Tool Downloads
18-
uses: actions/cache@v3
18+
uses: actions/cache@v4
1919
with:
2020
path: ~/.cache
2121
key: ${{ runner.os }}-toolcache-${{ hashFiles('pnpm-lock.yaml') }}
@@ -25,9 +25,9 @@ jobs:
2525
- name: Set Playwright cache status
2626
run: |
2727
if [ -d "$HOME/.cache/ms-playwright" ] || [ -d "$HOME/.cache/Cypress" ]; then
28-
echo "PLAYWRIGHT_CACHE_HIT=true" >> $GITHUB_ENV
28+
echo "PLAYWRIGHT_CACHE_HIT=true" >> "$GITHUB_ENV"
2929
else
30-
echo "PLAYWRIGHT_CACHE_HIT=false" >> $GITHUB_ENV
30+
echo "PLAYWRIGHT_CACHE_HIT=false" >> "$GITHUB_ENV"
3131
fi
3232
3333
- name: Install Pnpm
@@ -45,7 +45,7 @@ jobs:
4545
uses: nrwl/nx-set-shas@v3
4646

4747
- name: Set SKIP_DEVTOOLS_POSTINSTALL environment variable
48-
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> $GITHUB_ENV
48+
run: echo "SKIP_DEVTOOLS_POSTINSTALL=true" >> "$GITHUB_ENV"
4949

5050
- name: Install Dependencies
5151
run: pnpm install

0 commit comments

Comments
 (0)