Skip to content

Bump github/codeql-action from 3.27.0 to 3.28.0 #23

Bump github/codeql-action from 3.27.0 to 3.28.0

Bump github/codeql-action from 3.27.0 to 3.28.0 #23

Workflow file for this run

# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: 'Test'
on:
push:
branches:
- 'main'
- 'release/**/*'
pull_request:
branches:
- 'main'
- 'release/**/*'
workflow_dispatch:
concurrency:
group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
cancel-in-progress: true
defaults:
run:
shell: 'bash'
permissions:
contents: read
jobs:
unit:
name: 'unit'
runs-on: 'ubuntu-latest'
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: 'actions/checkout@v4'
- uses: 'actions/setup-node@v4'
with:
node-version: '20.x'
- name: 'npm build'
run: 'npm ci && npm run build'
- name: 'npm lint'
run: 'npm run lint'
- name: 'npm test'
run: 'npm run test'
#
# Direct Workload Identity Federation
#
direct_workload_identity_federation:
if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name }}
name: 'direct_workload_identity_federation'
runs-on: '${{ matrix.os }}'
strategy:
fail-fast: false
matrix:
os:
- 'ubuntu-latest'
- 'windows-latest'
- 'macos-latest'
permissions:
id-token: 'write'
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: 'actions/checkout@v4'
- uses: 'actions/setup-node@v4'
with:
node-version: '20.x'
- name: 'npm build'
run: 'npm ci && npm run build'
- id: 'auth-default'
name: 'auth-default'
uses: './'
with:
project_id: '${{ vars.PROJECT_ID }}'
workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
- uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 363.0.0'
#
# Workload Identity Federation through a Service Account
#
workload_identity_federation_through_service_account:
if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name }}
name: 'workload_identity_federation_through_service_account'
runs-on: '${{ matrix.os }}'
strategy:
fail-fast: false
matrix:
os:
- 'ubuntu-latest'
- 'windows-latest'
- 'macos-latest'
permissions:
id-token: 'write'
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: 'actions/checkout@v4'
- uses: 'actions/setup-node@v4'
with:
node-version: '20.x'
- name: 'npm build'
run: 'npm ci && npm run build'
- id: 'auth-default'
name: 'auth-default'
uses: './'
with:
workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
- uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 363.0.0'