chore(deps): update dependency vite to v8.0.5 [security] #13058
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cspell:ignore oidc mxschmitt userns cgroupfs dorny | |
| name: ci | |
| # Controls when the action will run. Triggers the workflow on push or pull request | |
| # events but only for the main branch | |
| on: | |
| merge_group: | |
| branches: ["main", "devel/*"] | |
| push: | |
| branches: ["main", "devel/*"] | |
| tags: | |
| - "v*.*" | |
| pull_request: | |
| # 'closed' is missing to avoid double triggering on PR merge | |
| # 'edited' is missing to allow us to edit PR title/description without triggering | |
| types: [synchronize, opened, reopened] | |
| branches: ["main", "devel/*"] | |
| release: | |
| types: [published] | |
| schedule: | |
| - cron: "0 0,6,12,18 * * *" | |
| workflow_dispatch: | |
| inputs: | |
| publish: | |
| description: "Publish a pre-release" | |
| required: false | |
| default: "false" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.ref }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| env: | |
| # https://docs.github.com/en/actions/learn-github-actions/environment-variables | |
| # https://devblogs.microsoft.com/commandline/share-environment-vars-between-wsl-and-windows/ | |
| WSLENV: HOSTNAME:CI:FORCE_COLOR:GITHUB_ACTION:GITHUB_ACTION_PATH/p:GITHUB_ACTION_REPOSITORY:GITHUB_WORKFLOW:GITHUB_WORKSPACE/p:GITHUB_PATH/p:GITHUB_ENV/p:VIRTUAL_ENV/p:SKIP_PODMAN:SKIP_DOCKER:NODE_OPTIONS:MISE_ENV | |
| # We define a hostname because otherwise the variable might not always be accessible on runners. | |
| HOSTNAME: gha | |
| # help pytest output be colored on GHA | |
| FORCE_COLOR: "1" | |
| XDG_CACHE_HOME: "${{ github.workspace }}/.cache" # https://github.com/actions/cache/issues/1332 | |
| PIP_CACHE_DIR: "${{ github.workspace }}/.cache/pip" # https://github.com/actions/cache/issues/1332 | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 # we need tags for dynamic versioning | |
| show-progress: false | |
| # needed by our prek system hooks like toml | |
| - name: Install uv (cache) | |
| uses: astral-sh/setup-uv@v8.1.0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v6 | |
| with: | |
| cache: true | |
| run_install: | | |
| - recursive: true | |
| args: [--frozen-lockfile] | |
| # needed by our prek systems hooks like biome | |
| - name: Install node (cache) | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 | |
| with: | |
| node-version: "24" | |
| - name: Debug | |
| run: | | |
| which -a pnpm | |
| pnpm --version | |
| - name: Run prek | |
| uses: j178/prek-action@v2 | |
| # ideally prek should run in under 30s, but we keep a hard limit of 3 | |
| # minutes to count for slower hooks and uncached data. If a hook is | |
| # slower, even occasionally it should be moved outside and included in | |
| # another build step, like 'build' or 'package'. | |
| timeout-minutes: 3 | |
| with: | |
| # show-verbose-logs: true | |
| # we want to run in verbose to report speed of each hook | |
| extra-args: "--all-files -v" | |
| install-only: false | |
| prek-version: ">=0.3.8" | |
| preflight: | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: ghcr.io/ansible/ext-builder:latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MISE_TRUSTED_CONFIG_PATHS: / | |
| continue-on-error: false | |
| outputs: | |
| commit_context: ${{ steps.extract_context.outputs.context }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 # we need tags for dynamic versioning | |
| show-progress: false | |
| - name: Workaround for https://github.com/actions/runner/issues/2033 | |
| run: | | |
| chown -R $(id -u):$(id -g) $PWD | |
| - name: task setup | |
| timeout-minutes: 7 # expected under 10s for container builds | |
| run: | | |
| set -ex | |
| pwd | |
| git config --global --add safe.directory '*' | |
| mise install | |
| mise list | |
| mise cfg | |
| mise exec -v -- which python3 | |
| mise exec -- printenv NODE_OPTIONS || true | |
| task setup && task setup --status | |
| - name: Extract commit context from conventional commit and list of known tasks | |
| id: extract_context | |
| shell: bash | |
| env: | |
| PR_TITLE: ${{ github.event.pull_request.title }} | |
| run: | | |
| set -e | |
| # Use PR title if available, otherwise use commit message | |
| if [[ -n "$PR_TITLE" ]]; then | |
| MESSAGE="$PR_TITLE" | |
| echo "Using PR title: $MESSAGE" | |
| else | |
| MESSAGE=$(git log -1 --pretty=%s) | |
| echo "Using commit message: $MESSAGE" | |
| fi | |
| # Extract context/scope from conventional commit format: type(scope): message | |
| # Matches patterns like: feat(mcp):, fix(ui):, chore(build):, etc. | |
| if [[ "$MESSAGE" =~ ^[a-z]+\(([a-z0-9/-]+)\): ]]; then | |
| CONTEXT="${BASH_REMATCH[1]}" | |
| echo "Extracted context: $CONTEXT" | |
| echo "context=$CONTEXT" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "No context found in message" | |
| echo "context=" >> "$GITHUB_OUTPUT" | |
| fi | |
| echo "tasks=$(task -l --json | jq -c '[.tasks[] | [.name] + (.aliases // []) | .[]]')" >> "$GITHUB_OUTPUT" | |
| - name: task build | |
| timeout-minutes: 2 # expected under 1 minutes | |
| run: | | |
| task build && task build --status | |
| - name: task package | |
| timeout-minutes: 2 # expected under 1 minutes | |
| run: | | |
| task als:package && task als:package --status | |
| - name: Run context-specific command if it is a known task | |
| if: >- | |
| steps.extract_context.outputs.context != '' && | |
| !contains(steps.extract_context.outputs.tasks, steps.extract_context.outputs.context) | |
| run: | | |
| task ${{ steps.extract_context.outputs.context }} | |
| - name: task docs | |
| timeout-minutes: 1 | |
| run: | | |
| task docs && task docs --status | |
| - name: task package | |
| timeout-minutes: 2 | |
| run: | | |
| task package && task package --status | |
| - name: task dry (check that test frameworks are not misconfigured, but do not run tests) | |
| run: task dry | |
| # this is kept here just to ensure 'task lint' command does not drift but | |
| # our main linting is run directly by 'prek' job, without involving task. | |
| - name: task lint | |
| # keep linting before any other task, to allow it be faster and independent | |
| timeout-minutes: 3 | |
| run: | | |
| task lint | |
| - name: task finish | |
| run: task finish | |
| - name: Upload vsix artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| path: out/ansible-*.vsix | |
| archive: false | |
| if-no-files-found: error | |
| retention-days: 90 | |
| - name: Upload ansible-ansible-language-server npm package | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| path: out/ansible-ansible-language-server-*.tgz | |
| archive: false | |
| if-no-files-found: error | |
| retention-days: 90 | |
| - name: Upload ansible-ansible-mcp-server npm package | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| path: out/ansible-ansible-mcp-server-*.tgz | |
| archive: false | |
| if-no-files-found: error | |
| retention-days: 90 | |
| - name: Report unexpected failures | |
| if: ${{ always() && failure() && github.ref == 'refs/heads/main' }} | |
| uses: ./.github/actions/report | |
| with: | |
| slack_webhook_url: ${{ secrets.DEVTOOLS_CI_SLACK_URL }} | |
| build: | |
| name: ${{ matrix.name }} | |
| # Keep 'preflight' as a dependency because 'build' is resource-intensive; | |
| # running it only after preflight succeeds prevents wasting matrix capacity. | |
| needs: | |
| - lint | |
| environment: ci | |
| env: | |
| SKIP_DOCKER: ${{ matrix.env.SKIP_DOCKER || 0 }} | |
| SKIP_PODMAN: ${{ matrix.env.SKIP_PODMAN || 0 }} | |
| IS_WSL: ${{ contains(matrix.name, 'wsl') && 1 || 0 }} | |
| TASKFILE_ARGS: --output=group --output-group-begin='::group::{{.TASK}}' --output-group-end='::endgroup::' | |
| defaults: | |
| run: | |
| shell: ${{ matrix.shell || 'bash'}} | |
| # The type of runner that the job will run on | |
| runs-on: ${{ matrix.os || 'ubuntu-24.04' }} | |
| outputs: | |
| can_release_to_npm: ${{ steps.package.outputs.can_release_to_npm }} | |
| permissions: | |
| contents: read | |
| id-token: write # codecov actions | |
| checks: read # codecov actions | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Avoid letting github do the matrix multiplication and use manual | |
| # includes for each job, this gives us fine control over job name. | |
| # Order is important, keep it alphabetical: docs, lint, test* | |
| continue-on-error: | |
| - false | |
| os: | |
| - ubuntu-24.04 | |
| task-name: | |
| - test | |
| name: | |
| - test (linux) | |
| id: | |
| - test-linux | |
| include: | |
| - name: test (macos) | |
| id: test-macos | |
| task-name: test | |
| os: macos-15-large | |
| env: | |
| SKIP_PODMAN: 1 | |
| SKIP_DOCKER: 1 | |
| # only until we fix some broken tests, as we need it to pass | |
| # in order to enable the caching | |
| continue-on-error: true | |
| - name: test (linux-wdio) | |
| id: test-linux-wdio | |
| task-name: wdio | |
| os: ubuntu-24.04 | |
| env: | |
| SKIP_PODMAN: 1 | |
| SKIP_DOCKER: 1 | |
| - name: test (wsl) | |
| id: test-wsl | |
| task-name: test | |
| os: wsl-runner | |
| runs-on: self-hosted | |
| env: | |
| SKIP_PODMAN: 1 | |
| SKIP_DOCKER: 1 | |
| steps: | |
| # Self-hosted runners retain root-owned files from rootless Podman | |
| # (overlay storage under out/als/tmp/). These files live inside a | |
| # user-namespace so normal rm fails with EACCES and sudo is | |
| # unavailable. `podman unshare` re-enters the same namespace, | |
| # letting us delete them before checkout touches the workspace. | |
| - name: Remove Podman overlay files on self-hosted runner | |
| if: matrix.runs-on == 'self-hosted' | |
| run: | | |
| target="${GITHUB_WORKSPACE}/out/als/tmp/home/.local/share/containers" | |
| if [ -d "$target" ]; then | |
| podman unshare rm -rf -- "$target" \ | |
| || buildah unshare rm -rf -- "$target" \ | |
| || echo "::warning::Could not remove $target — checkout may fail" | |
| fi | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 # we need tags for dynamic versioning | |
| show-progress: false | |
| clean: ${{ (matrix.runs-on || '') != 'self-hosted' }} | |
| - name: Clean workspace on self-hosted runner | |
| if: matrix.runs-on == 'self-hosted' | |
| run: | | |
| set -euxo pipefail | |
| # Rootless Podman overlays under .cache/containers/ use user | |
| # namespace remapping; remove them with podman or sudo. | |
| if [ -d .cache/containers ]; then | |
| podman unshare rm -rf -- .cache/containers 2>/dev/null \ | |
| || sudo rm -rf -- .cache/containers \ | |
| || true | |
| fi | |
| sudo find . -not -user "$(id -u)" -delete 2>/dev/null || true | |
| git reset --hard HEAD | |
| git clean -ffdx -e out/als/tmp/ | |
| - name: Run setup steps (composite action) | |
| uses: ./.github/actions/setup | |
| with: | |
| job_name: ${{ matrix.name }} | |
| # https://github.com/marketplace/actions/setup-wsl | |
| - name: Activate WSL | |
| if: contains(matrix.name, 'wsl') && (matrix.runs-on || '') != 'self-hosted' | |
| uses: Vampire/setup-wsl@d1da7f2c0322a5ee4f24975344f67fc0f5baf364 # v7.0.0 | |
| with: | |
| distribution: Ubuntu-24.04 | |
| set-as-default: "true" | |
| # '-i' seems to be the only option that loads .bashrc file that we need | |
| # https://github.com/Vampire/setup-wsl/discussions/54 | |
| wsl-shell-command: "bash -i -eo pipefail" | |
| # https://github.com/MicrosoftDocs/WSL/blob/main/WSL/wsl-config.md#L159 | |
| wsl-conf: | | |
| [automount] | |
| enabled = true | |
| root = / | |
| options = "metadata,umask=077" | |
| [boot] | |
| command=/etc/init.d/dbus start | |
| [interop] | |
| enabled = false | |
| appendWindowsPath = false | |
| [network] | |
| hostname = wsl | |
| additional-packages: curl | |
| dbus | |
| dirmngr | |
| gawk | |
| gcc | |
| git | |
| gpg | |
| gpg-agent | |
| jq | |
| make | |
| python3-dev | |
| python3-full | |
| python3-venv | |
| qemu-user-static | |
| tar | |
| unzip | |
| xvfb | |
| # asdf nodejs plugin requires: dirmngr gpg curl gawk | |
| # Workaround for: https://github.com/actions/runner/issues/1864 | |
| - name: Ensure HOME is defined | |
| run: | | |
| set -euxo pipefail | |
| if [ -z "${HOME:-}" ]; then | |
| HOME=$(getent passwd "$(id -u)" | cut -d: -f6) | |
| export HOME | |
| fi | |
| echo "HOME=$HOME" >> $GITHUB_ENV | |
| - name: Ensure .env file is automatically loaded (mise) | |
| run: | | |
| mise reshim | |
| mise doctor | |
| test "${VIRTUAL_ENV:-}" = "${HOME}/.local/share/virtualenvs/vsa" || { | |
| echo "VIRTUAL_ENV mismatch" | |
| exit 99 | |
| } | |
| test "$(mise exec -- which python3)" = "${HOME}/.local/share/virtualenvs/vsa/bin/python3" || { | |
| echo "::warning::python3 mismatch $(mise exec -- which python3) != ${HOME}/.local/share/virtualenvs/vsa/bin/python3" | |
| exit 98 | |
| } | |
| - name: task setup | |
| # starting podman machine can randomly get stuck on macos | |
| timeout-minutes: 25 | |
| run: task setup && task setup --status | |
| id: setup | |
| - name: task build | |
| id: build | |
| run: | | |
| task build && task build --status | |
| ## uncomment to debug on GHA runner | |
| # - name: Setup tmate session | |
| # uses: mxschmitt/action-tmate@v3 | |
| - name: configure podman | |
| if: ${{ matrix.name == 'test (linux)' }} | |
| run: | | |
| sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 | |
| mkdir -p ~/.config/containers | |
| cat <<EOT >> ~/.config/containers/containers.conf | |
| [engine] | |
| cgroup_manager="cgroupfs" | |
| EOT | |
| podman info | |
| - name: task package | |
| if: ${{ matrix.task-name != 'wdio' }} | |
| id: package | |
| run: | | |
| task package ${{ matrix.env.TASKFILE_ARGS }} && task package ${{ matrix.env.TASKFILE_ARGS }} --status | |
| - name: save ready_to_test=true | |
| id: ready_to_test | |
| if: ${{ contains(matrix.name, 'test') && success() }} | |
| run: echo "ready_to_test=true" >> "$GITHUB_OUTPUT" | |
| - name: task ${{ matrix.task-name }} | |
| if: "${{ !contains(matrix.name, 'test') && !contains(matrix.name, 'wdio') && steps.ready_to_test.outputs.ready_to_test == 'true' }}" | |
| run: task ${{ matrix.task-name }} ${{ matrix.env.TASKFILE_ARGS }} && task ${{ matrix.task-name }} ${{ matrix.env.TASKFILE_ARGS }} --status | |
| - name: task unit (ext, vue, als, mcp) | |
| if: contains(matrix.name, 'test') && matrix.task-name != 'wdio' && steps.ready_to_test.outputs.ready_to_test == 'true' | |
| run: | | |
| task unit ${{ matrix.env.TASKFILE_ARGS }} && task unit ${{ matrix.env.TASKFILE_ARGS }} --status | |
| - name: task e2e (vscode-test) | |
| # https://github.com/ansible/vscode-ansible/issues/1451 | |
| if: ${{ !cancelled() && contains(matrix.name, 'test') && matrix.task-name != 'wdio' && steps.ready_to_test.outputs.ready_to_test == 'true' }} | |
| run: | | |
| set -e | |
| task build 2>out/log/build-before.txt | |
| task e2e ${{ matrix.env.TASKFILE_ARGS }} | |
| task build 2>out/log/build-after.txt | |
| task build --status --verbose | |
| # Add these once e2e is fixed: | |
| # || { task flush && task e2e ${{ matrix.env.TASKFILE_ARGS }}; } | |
| # task e2e ${{ matrix.env.TASKFILE_ARGS }} --status | |
| - name: task wdio (VS Code UI) | |
| if: ${{ matrix.task-name == 'wdio' && steps.ready_to_test.outputs.ready_to_test == 'true' }} | |
| run: | | |
| task wdio | |
| task build --status | |
| timeout-minutes: 30 | |
| - name: task finish | |
| run: task finish | |
| - name: Remove invalid files | |
| if: ${{ always() }} | |
| run: | | |
| find out -name '*\?*' -exec rm -r {} \; || true | |
| find out -name '*"*' -exec rm -r {} \; || true | |
| find out -name '*:*' -exec rm -r {} \; || true | |
| rm -rf dist | |
| - name: Remove test artifacts before upload | |
| if: ${{ always() }} | |
| run: | | |
| # Remove container overlays (root-owned, need podman unshare) | |
| for target in \ | |
| "out/e2e/tmp/home/.local/share/containers"; do | |
| if [ -d "$target" ]; then | |
| podman unshare rm -rf -- "$target" \ | |
| || buildah unshare rm -rf -- "$target" \ | |
| || rm -rf -- "$target" \ | |
| || echo "::warning::Could not remove $target" | |
| fi | |
| done | |
| # Remove mise installs from test HOME (v8-internal.h triggers gitleaks) | |
| rm -rf out/e2e/tmp/home/.local/share/mise || true | |
| # Reduce artifact size by removing cached test data | |
| rm -rf out/e2e/tmp/home/.cache || true | |
| - name: Upload test logs and reports as logs-${{ steps.setup.outputs.OS_VERSION }}-${{ matrix.task-name }}.zip | |
| if: ${{ !cancelled() }} | |
| uses: ansible/actions/upload-artifact@main | |
| with: | |
| name: logs-${{ steps.setup.outputs.OS_VERSION }}-${{ matrix.id }}-${{ github.run_attempt }}.zip | |
| path: | | |
| out/als | |
| out/coverage | |
| out/e2e | |
| out/junit | |
| out/log | |
| out/ui* | |
| out/unit | |
| # we collect transpiled js files as sonar needs them to compute code coverage | |
| if-no-files-found: ignore | |
| retention-days: 90 | |
| - name: Upload test coverage data to codecov.io | |
| if: ${{ always() && hashFiles('out/coverage/**/*coverage.xml') != '' && github.event_name != 'schedule' }} | |
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 | |
| with: | |
| name: ${{ matrix.name }} | |
| files: ./out/coverage/**/*coverage.xml | |
| disable_search: true | |
| fail_ci_if_error: true | |
| use_oidc: ${{ !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) }} | |
| - name: Upload junit test results to codecov.io | |
| if: ${{ !cancelled() && hashFiles('out/junit/**/*.xml') != '' && github.event_name != 'schedule' }} | |
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 | |
| with: | |
| directory: out/junit | |
| fail_ci_if_error: true | |
| handle_no_reports_found: true | |
| plugins: noop | |
| report_type: test_results | |
| name: ${{ matrix.id }} | |
| # unable to use wildcards yet due to https://github.com/codecov/test-results-action/issues/110 | |
| flags: ${{ steps.setup.outputs.OS_VERSION }},${{ steps.setup.outputs.ARCH }} | |
| use_oidc: ${{ github.event_name == 'merge_group' || github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) }} | |
| - name: Show git ignored files to debug "task ... --status" failures | |
| if: ${{ always() && failure() }} | |
| run: | | |
| git diff | |
| git status --porcelain --ignored | |
| - name: Report unexpected failures on slack | |
| if: ${{ always() && failure() && github.ref == 'refs/heads/main' }} | |
| uses: ./.github/actions/report | |
| with: | |
| slack_webhook_url: ${{ secrets.DEVTOOLS_CI_SLACK_URL }} | |
| builder-image: | |
| runs-on: ubuntu-24.04 | |
| needs: [preflight, lint] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install the latest version of uv | |
| uses: astral-sh/setup-uv@v8.1.0 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push container image | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./tools/builder.sh ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' && '--push' || '' }} | |
| check: # This job does nothing and is only used for the branch protection | |
| needs: | |
| - lint | |
| - preflight | |
| - build | |
| - builder-image | |
| if: always() && !cancelled() && needs.build.result == 'success' && (needs.builder-image.result == 'success' || needs.builder-image.result == 'skipped') | |
| permissions: | |
| checks: read # codecov | |
| contents: write # slack report | |
| id-token: write # codecov | |
| pull-requests: read # slack report | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout Source # needed by codecov uploader | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| # needed for pycobertura | |
| - name: Install the latest version of uv | |
| uses: astral-sh/setup-uv@v8.1.0 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| path: . | |
| - name: Remove invalid files | |
| if: ${{ always() }} | |
| run: | | |
| find . -name '*\?*' -exec rm -r {} \; || true | |
| find . -name '*"*' -exec rm -r {} \; || true | |
| find . -name '*:*' -exec rm -r {} \; || true | |
| - name: pycobertura diff across different platform runs | |
| run: | | |
| git diff | |
| git status --porcelain --ignored | |
| LINUX_COVERAGE=$(ls -1 logs-*linux*.zip/coverage/unit/cobertura-coverage.xml | sort | tail -1) | |
| MACOS_COVERAGE=$(ls -1 logs-*macos*.zip/coverage/unit/cobertura-coverage.xml | sort | tail -1) | |
| WSL_COVERAGE=$(ls -1 logs-*wsl*.zip/coverage/unit/cobertura-coverage.xml | sort | tail -1) | |
| cp -f "${LINUX_COVERAGE}" linux.xml | |
| cp -f "${MACOS_COVERAGE}" macos.xml | |
| cp -f "${WSL_COVERAGE}" wsl.xml | |
| # linux vs macos (tool needs source code to be present) | |
| uv tool run pycobertura diff linux.xml macos.xml || true | |
| # linux vs wsl (tool needs source code to be present) | |
| uv tool run pycobertura diff linux.xml wsl.xml || true | |
| - name: SonarCloud scan | |
| # Run only for pull requests or push to main | |
| if: > | |
| ${{ !cancelled() && | |
| hashFiles('**/*coverage.xml') != '' && | |
| (github.event_name == 'pull_request' || | |
| (github.event_name == 'push' && github.ref_name =='main') | |
| )}} | |
| uses: SonarSource/sonarqube-scan-action@v7 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.CICD_ORG_SONAR_TOKEN_CICD_BOT || secrets.AAP_ORG_SONAR_TOKEN_ANSIBLE_CICD_BOT }} | |
| with: | |
| args: ${{ env.SONAR_ARGS }} | |
| # Temporarily ignore errors if the pull request is from a fork due to lack of upload secrets access | |
| # See https://redhat.atlassian.net/browse/AAP-52660 | |
| continue-on-error: ${{ github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name || github.ref_type == 'tag' || (github.event_name == 'release' && github.event.action == 'published') || github.event.inputs.publish == 'true' || github.event.inputs.publish == true }} | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@release/v1 # that is a branch, not a tag | |
| id: alls-green | |
| with: | |
| allowed-skips: builder-image | |
| jobs: ${{ toJSON(needs) }} | |
| - name: Report unexpected failures | |
| if: ${{ always() && failure() && github.ref == 'refs/heads/main' }} | |
| uses: ./.github/actions/report | |
| with: | |
| slack_webhook_url: ${{ secrets.DEVTOOLS_CI_SLACK_URL }} | |
| publish: | |
| # be warned that job will skip if any other job from same workflow is | |
| # skipped due to implicit `success() &&` condition GHA is injecting. | |
| # Be sure build-image runs too. | |
| if: > | |
| github.ref_type == 'tag' || | |
| (github.event_name == 'release' && github.event.action == 'published') || | |
| github.event.inputs.publish == 'true' | |
| runs-on: ubuntu-latest | |
| environment: release | |
| needs: | |
| - check | |
| permissions: | |
| contents: write | |
| issues: write | |
| checks: read | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: node post install | |
| run: | | |
| npm config set fund false | |
| - uses: jdx/mise-action@v4 | |
| - name: Download the artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| pattern: "ansible-*.vsix" | |
| skip-decompress: true | |
| path: out | |
| - name: Attach vsix to Github release | |
| # cspell: ignore softprops | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 | |
| if: github.ref_type == 'tag' | |
| with: | |
| files: "out/*.vsix" | |
| - run: | | |
| pnpm install --frozen-lockfile | |
| ls -la out/*.vsix | |
| - name: Publish extension to marketplaces | |
| run: | | |
| ./tools/helper --publish | |
| env: | |
| VSCE_PAT: ${{ secrets.VSCE_PAT }} | |
| OVSX_PAT: ${{ secrets.OVSX_PAT }} | |
| - name: Report unexpected failures | |
| if: ${{ always() && failure() }} | |
| uses: ./.github/actions/report | |
| with: | |
| slack_webhook_url: ${{ secrets.DEVTOOLS_CI_SLACK_URL }} | |
| publish-npm: | |
| environment: release | |
| if: needs.build.outputs.can_release_to_npm == 'true' && (github.ref_type == 'tag' || (github.event_name == 'release' && github.event.action == 'published') || github.event.inputs.publish == 'true' || github.event.inputs.publish == true) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - check | |
| permissions: | |
| checks: read | |
| contents: write | |
| id-token: write # Required for OIDC | |
| issues: write | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Download the artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| pattern: "ansible-*.tgz" | |
| skip-decompress: true | |
| merge-multiple: true | |
| path: out | |
| - name: Attach npm package to Github release | |
| # cspell: ignore softprops | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 | |
| if: github.ref_type == 'tag' | |
| with: | |
| files: "out/*.tgz" | |
| - uses: jdx/mise-action@v4 | |
| - name: Publish npm packages to npmjs.com | |
| run: | | |
| for file in ./out/ansible-*.tgz; do | |
| npm publish "$file" | |
| done | |
| - name: Report unexpected failures | |
| if: ${{ always() && failure() }} | |
| uses: ./.github/actions/report | |
| with: | |
| slack_webhook_url: ${{ secrets.DEVTOOLS_CI_SLACK_URL }} |