chore(deps): update sonarsource/sonarqube-scan-action action to v3 #1499
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pull-request-main | |
| on: | |
| merge_group: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| ci-lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: ci-lint | |
| uses: ./actions/ci-lint-ts | |
| with: | |
| # general inputs | |
| checkout-repo: "false" | |
| # grafana inputs | |
| metrics-job-name: ci-lint | |
| gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
| gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
| gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
| pnpm-version: "^9.0.0" | |
| ci-prettier: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: ci-prettier | |
| uses: ./actions/ci-prettier | |
| with: | |
| # general inputs | |
| checkout-repo: "false" | |
| # grafana inputs | |
| metrics-job-name: ci-prettier | |
| gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
| gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
| gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
| pnpm-version: "^9.0.0" | |
| ci-lint-misc: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: ci-lint-misc | |
| uses: ./actions/ci-lint-misc | |
| with: | |
| # general inputs | |
| checkout-repo: "false" | |
| # grafana inputs | |
| metrics-job-name: ci-lint-misc | |
| gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
| gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
| gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
| cd-signed-commits: | |
| # Disable this job until it's updated to be: | |
| # 1. More generalizable for all workspaces requiring build artifacts | |
| # 2. Have better attribution for the commits generated from this workflow | |
| if: false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| # Commit back any changes based on the commit that triggered this action | |
| # rather than merge commit of main into the PR branch | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Setup pnpm | |
| uses: ./actions/setup-nodejs | |
| with: | |
| pnpm-version: "^9.0.0" | |
| - name: Build signed-commits | |
| run: pnpm nx run signed-commits:build | |
| - name: Commit back any changes | |
| uses: planetscale/ghcommit-action@b68767a2e130a71926b365322e62b583404a5e09 # v0.1.43 | |
| with: | |
| commit_message: "🤖 Update build" | |
| repo: ${{ github.repository }} | |
| branch: ${{ github.head_ref || github.ref_name }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ci-signed-commits: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup pnpm | |
| uses: ./actions/setup-nodejs | |
| with: | |
| pnpm-version: "^9.0.0" | |
| - name: Run tests for signed-commits | |
| run: pnpm nx run signed-commits:test | |
| ci-test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Get GATI read-only test token | |
| uses: ./actions/setup-github-token | |
| id: setup-github-token | |
| with: | |
| aws-role-arn: | |
| ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} | |
| aws-lambda-url: ${{ secrets.AWS_LAMBDA_RELENG_GATI }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: ci-test | |
| uses: ./actions/ci-test-ts | |
| with: | |
| # Somewhat of a smell since we expose this token to _all_ tests that this action runs | |
| # But it's read-only. This was added in for the e2e tests inside the go-mod-validator action. | |
| # | |
| # We decided to keep the testing steps all in one place rather than split them out to handle this edge case. | |
| github-token: ${{ steps.setup-github-token.outputs.access-token }} | |
| # general inputs | |
| checkout-repo: "false" | |
| # grafana inputs | |
| metrics-job-name: ci-test | |
| gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
| gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
| gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
| pnpm-version: "^9.0.0" | |
| ci-build-artifacts: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: ci-build-artifacts | |
| uses: ./actions/cicd-build-publish-artifacts-ts | |
| with: | |
| # general inputs | |
| checkout-repo: "false" | |
| # grafana inputs | |
| metrics-job-name: ci-build-artifacts | |
| gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
| gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
| gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
| pnpm-version: "^9.0.0" | |
| ci-actions-dependencies-updater: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup pnpm | |
| uses: ./actions/setup-nodejs | |
| with: | |
| pnpm-version: "^9.0.0" | |
| - name: Run typecheck for actions-dependencies-updater | |
| shell: bash | |
| run: pnpm nx run actions-dependencies-updater:typecheck | |
| - name: Run unit tests for actions-dependencies-updater | |
| shell: bash | |
| run: pnpm nx run actions-dependencies-updater:test | |
| ci-gha-workflow-validator: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo (needed to reference local action) | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup pnpm | |
| uses: ./actions/setup-nodejs | |
| with: | |
| pnpm-version: "^9.0.0" | |
| - name: Run build for gha-workflow-validator | |
| shell: bash | |
| run: pnpm nx run gha-workflow-validator:build | |
| - name: Run unit tests for gha-workflow-validator | |
| shell: bash | |
| run: pnpm nx run gha-workflow-validator:test | |
| validate-worfklow-changes: | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: GHA Workflow Validator | |
| uses: smartcontractkit/.github/actions/gha-workflow-validator@d316f66b2990ea4daa479daa3de6fc92b00f863e # [email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| with: | |
| include-all-action-definitions: true |