ci: add zizmor static analysis for GitHub Actions #663
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ci | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20.x, 22.x, 24.x] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 1 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v6.0.5 | |
| - name: Setup Node ${{ matrix.node-version }} | |
| uses: actions/setup-node@v6.4.0 | |
| with: | |
| always-auth: false | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Start Docker | |
| run: pnpm run docker:start | |
| - name: Build | |
| run: pnpm -r --include-workspace-root run build | |
| - name: Run Tests | |
| run: pnpm run test:coverage | |
| # @layered-loader/sqs uses fauxqs as a test fixture, which requires Node >= 22.5 | |
| - name: Run @layered-loader/sqs Tests | |
| if: matrix.node-version != '20.x' | |
| run: pnpm --filter @layered-loader/sqs test | |
| - name: Stop Docker | |
| run: pnpm run docker:stop | |
| - name: Run Linting | |
| run: pnpm -r --include-workspace-root run lint | |
| automerge: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| steps: | |
| - uses: fastify/github-action-merge-dependabot@v3 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} |