ci: update workflows

electron · Apr 3, 2024 · 8c0e0e5 · 8c0e0e5
1 parent fb39add
commit 8c0e0e5
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 41 deletions.
diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
@@ -1,39 +1,37 @@
-# In TypeScript actions, `dist/index.js` is a special file. When you reference
-# an action with `uses:`, `dist/index.js` is the code that will be run. For this
-# project, the `dist/index.js` file is generated from other source files through
-# the build process. We need to make sure that the checked-in `dist/index.js`
-# file matches what is expected from the build.
+# In TypeScript actions, `dist/` is a special directory. When you reference
+# an action with the `uses:` property, `dist/index.js` is the code that will be
+# run. For this project, the `dist/index.js` file is transpiled from other
+# source files. This workflow ensures the `dist/` directory contains the
+# expected transpiled code.
 #
-# This workflow will fail if the checked-in `dist/index.js` file does not match
-# what is expected from the build.
-name: Check dist/
+# If this workflow is run from a feature branch, it will act as an additional CI
+# check and fail if the checked-in `dist/` directory does not match what is
+# expected from the build.
+name: Check Transpiled JavaScript
 
 on:
+  pull_request:
+    branches:
+      - main
   push:
     branches:
       - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
+
+permissions:
+  contents: read
 
 jobs:
   check-dist:
     name: Check dist/
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: read
-      statuses: write
-
     steps:
       - name: Checkout
         id: checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Setup Node.js
+        id: setup-node
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: 20
@@ -47,7 +45,8 @@ jobs:
         id: build
         run: npm run bundle
 
-      - name: Compare Expected and Actual Directories
+      # This will fail the workflow if the PR wasn't created by Dependabot.
+      - name: Compare Directories
         id: diff
         run: |
           if [ "$(git diff --ignore-space-at-eol --text dist/ | wc -l)" -gt "0" ]; then
@@ -56,10 +55,12 @@ jobs:
             exit 1
           fi
 
-      # If index.js was different than expected, upload the expected version as
-      # a workflow artifact.
-      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
-        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
+      # If `dist/` was different than expected, and this was not a Dependabot
+      # PR, upload the expected version as a workflow artifact.
+      - if: ${{ failure() && steps.diff.outcome == 'failure' }}
+        name: Upload Artifact
+        id: upload
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: dist
           path: dist/
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,10 +4,15 @@ on:
   schedule:
     - cron: '0 22 * * 3'
   pull_request:
+    branches:
+      - main
   push:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   test-typescript:
     name: TypeScript Tests

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,26 +1,26 @@
 name: CodeQL
 
 on:
-  push:
+  pull_request:
     branches:
       - main
-  pull_request:
+  push:
     branches:
       - main
   schedule:
     - cron: '31 7 * * 3'
 
+permissions:
+  actions: read
+  checks: write
+  contents: read
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
 
-    permissions:
-      actions: read
-      checks: write
-      contents: read
-      security-events: write
-
     strategy:
       fail-fast: false
       matrix:

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -1,27 +1,29 @@
-name: Lint Code Base
+name: Lint Codebase
 
 on:
   pull_request:
     branches:
       - main
   push:
-    branches-ignore:
+    branches:
       - main
 
+permissions:
+  contents: read
+  packages: read
+  statuses: write
+
 jobs:
   lint:
-    name: Lint Code Base
+    name: Lint Codebase
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: read
-      packages: read
-      statuses: write
-
     steps:
       - name: Checkout
         id: checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
 
       - name: Setup Node.js
         id: setup-node
@@ -34,12 +36,14 @@ jobs:
         id: install
         run: npm ci
 
-      - name: Lint Code Base
+      - name: Lint Codebase
         id: super-linter
         uses: super-linter/super-linter/slim@e0fc164bba85f4b58c6cd17ba1dfd435d01e8a06 # v6.3.0
         env:
           DEFAULT_BRANCH: main
+          FILTER_REGEX_EXCLUDE: dist/**/*
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TYPESCRIPT_DEFAULT_STYLE: prettier
-          VALIDATE_GITLEAKS: false
+          VALIDATE_ALL_CODEBASE: true
+          VALIDATE_JAVASCRIPT_STANDARD: false
           VALIDATE_JSCPD: false