Skip to content

chore(deps): update github/codeql-action action to v3.27.3 #12540

chore(deps): update github/codeql-action action to v3.27.3

chore(deps): update github/codeql-action action to v3.27.3 #12540

Workflow file for this run

name: Main CI
concurrency:
group: ci-${{ github.ref }}-main
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions:
contents: read
on:
push:
branches:
- main
- 'release/*'
pull_request:
branches:
- main
- 'release/*'
merge_group:
types: [checks_requested]
env:
YARN_ENABLE_HARDENED_MODE: 0
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
jobs:
# Check the integrity of yarn lock
yarn_lock_check:
runs-on: ubuntu-latest
env:
NX_SKIP_NX_CACHE: true
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./tools/github-actions/setup
env:
YARN_ENABLE_HARDENED_MODE: 1
build:
runs-on: ubuntu-latest
needs: [yarn_lock_check]
env:
NX_SKIP_NX_CACHE: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release') }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./tools/github-actions/setup
- uses: ./.github/actions/setup-java
with:
install-jdk: 'true'
- run: yarn build:swagger-gen
- run: yarn build
- uses: ./tools/github-actions/upload-build-output
version:
permissions:
# Needed to publish release on GitHub
contents: write
runs-on: ubuntu-latest
needs: [yarn_lock_check]
outputs:
nextVersionTag: ${{ steps.newVersion.outputs.nextVersionTag }}
isPreRelease: ${{ contains( steps.newVersion.outputs.nextVersionTag, '-' ) || github.event_name == 'pull_request' || github.event_name == 'merge_group'}}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 20
- name: New Version
if: github.event_name != 'merge_group'
id: newVersion
uses: ./tools/github-actions/new-version
with:
defaultBranch: main
defaultBranchPrereleaseName: prerelease
releaseBranchRegExp: 'release\/(0|[1-9]\d*)\.(0|[1-9]\d*)(\.0-(?:next|prerelease|rc))?$'
- name: Create release
if: github.event_name != 'pull_request' && github.event_name != 'merge_group'
uses: ./tools/github-actions/release
with:
version: ${{ steps.newVersion.outputs.nextVersionTag }}
target: ${{ github.ref_name }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
checks:
uses: ./.github/workflows/code-check.yml
secrets:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
needs: [yarn_lock_check]
with:
affected: ${{ github.event_name == 'pull_request' }}
skipNxCache: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release') }}
it-tests:
uses: ./.github/workflows/it-tests.yml
secrets:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
needs: [yarn_lock_check, build]
with:
skipNxCache: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release') }}
e2e-tests:
uses: ./.github/workflows/e2e-tests.yml
secrets:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
needs: [yarn_lock_check, build]
with:
skipNxCache: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release') }}
publish-packages:
uses: ./.github/workflows/publish.yml
if: ${{ github.event_name != 'pull_request' && github.event_name != 'merge_group' }}
permissions:
contents: read
# Needed to publish with provenance
id-token: write
secrets: inherit
needs: [yarn_lock_check, version, build, checks, it-tests]
with:
version: ${{ needs.version.outputs.nextVersionTag }}
prerelease: ${{ needs.version.outputs.isPreRelease == 'true' }}
isPullRequest: false
skipNxCache: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release') }}
documentation-main:
secrets: inherit
needs: [yarn_lock_check, version, build, checks]
if: ${{ github.event_name != 'pull_request' && github.event_name != 'merge_group' && github.ref_name == 'main' }}
uses: ./.github/workflows/documentation.yml
with:
version: ${{ needs.version.outputs.nextVersionTag }}
documentation-pr:
secrets: inherit
needs: [yarn_lock_check, version]
if: ${{ (github.event_name == 'pull_request' && github.base_ref == 'main') || github.event_name == 'merge_group' }}
uses: ./.github/workflows/documentation.yml
with:
version: ${{ needs.version.outputs.nextVersionTag }}
shouldDeploy: false