From 44fd5c4300b9d4cf6abc2541e1551ccf1c271710 Mon Sep 17 00:00:00 2001 From: Alexey <39551830+Demonkratiy@users.noreply.github.com> Date: Tue, 23 Sep 2025 21:17:11 +0200 Subject: [PATCH 1/2] Enhance capabilities compatibility check workflow Updated capabilities compatibility check workflow to correctly procced in case if no changes was present in capabilities. --- .../workflows/capabilities-compatibility.yml | 30 +++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/.github/workflows/capabilities-compatibility.yml b/.github/workflows/capabilities-compatibility.yml index 05edc91..f8e2df5 100644 --- a/.github/workflows/capabilities-compatibility.yml +++ b/.github/workflows/capabilities-compatibility.yml @@ -2,24 +2,42 @@ name: Capabilities compatibility check on: pull_request: - paths: - - 'capabilities.json' jobs: check-capabilities: runs-on: ubuntu-latest steps: - - name: Checkout base and PR + - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: 0 - # needed to get the base branch + fetch-depth: 0 # Fetches all history to allow diffing against the base branch + + - name: Check for capabilities.json changes + id: check_changes + run: | + # Compare the PR branch with the base branch to find changed files + CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD) + echo "Files changed in this PR:" + echo "$CHANGED_FILES" + + if echo "$CHANGED_FILES" | grep -q "capabilities.json"; then + echo "capabilities.json was modified." + echo "any_changed=true" >> $GITHUB_OUTPUT + else + echo "capabilities.json was not modified. Skipping compatibility check." + echo "any_changed=false" >> $GITHUB_OUTPUT + fi + shell: bash + - name: Determine base ref + if: steps.check_changes.outputs.any_changed == 'true' id: vars run: | echo "BASE_REF=${{ github.event.pull_request.base.ref }}" >> $GITHUB_OUTPUT echo "PR_REF=${{ github.head_ref }}" >> $GITHUB_OUTPUT + - name: Checkout base branch file + if: steps.check_changes.outputs.any_changed == 'true' run: | git fetch origin ${{ github.event.pull_request.base.ref }} --depth=1 if git show origin/${{ github.event.pull_request.base.ref }}:capabilities.json > capabilities.base.json 2>/dev/null; then @@ -28,7 +46,9 @@ jobs: echo "No capabilities.json in base branch - treating as new file" echo '{}' > capabilities.base.json fi + - name: Run compatibility script + if: steps.check_changes.outputs.any_changed == 'true' run: | node ./.github/scripts/check-capabilities-compatibility.js --baseFile=capabilities.base.json --prFile=capabilities.json || exit 1 shell: bash From b2e7982e7a2188527930a0d78aeb1e0686670e90 Mon Sep 17 00:00:00 2001 From: Alexey Date: Wed, 24 Sep 2025 10:49:04 +0200 Subject: [PATCH 2/2] update codeql --- .github/workflows/codeql.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7082019..ce34eb7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,6 +17,7 @@ jobs: actions: read contents: read security-events: write + pull-requests: read strategy: fail-fast: false @@ -30,7 +31,7 @@ jobs: fetch-depth: 2 - name: Use Node.js 18 - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: node-version: 18.x @@ -41,9 +42,19 @@ jobs: uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} + config: | + paths: + - src + - test + paths-ignore: + - node_modules + - dist + - .tmp - name: Autobuild uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 + with: + upload: true