Bump ossf/scorecard-action from 2.3.3 to 2.4.0 #1755
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: # Allow manual runs. | |
| pull_request: | |
| branches: ["main"] | |
| push: | |
| branches: ["main"] | |
| permissions: | |
| contents: read | |
| jobs: | |
| ci-build-test: | |
| name: CI build and unit test | |
| runs-on: distroless-ci-large-ubuntu-20.04 # custom runner most compatible with debian 11 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Mount bazel caches | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/bazel-repo | |
| key: bazel-cache-deps-ci1-${{ github.sha }} | |
| restore-keys: | | |
| bazel-cache-deps-ci1-${{ github.sha }} | |
| bazel-cache-deps-ci1- | |
| - name: Free space | |
| run: | | |
| sudo apt-get remove -y '^dotnet-.*' | |
| sudo apt-get remove -y '^llvm-.*' | |
| sudo apt-get remove -y 'php.*' | |
| sudo apt-get remove -y azure-cli google-cloud-cli hhvm google-chrome-stable firefox powershell mono-devel | |
| sudo apt-get autoremove -y | |
| sudo apt-get clean | |
| rm -rf /usr/share/dotnet/ | |
| - name: Fetch # this can take a long time if there are a lot of errors | |
| run: | | |
| for i in $(seq 10); do | |
| bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc fetch //... && break || sleep 180; | |
| done | |
| - name: Build All Images | |
| run: | | |
| set -e | |
| targets=$(bazel query 'kind(oci_image, deps(:sign_and_push))') | |
| bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc build $targets | |
| - name: Unit Tests | |
| run: bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc test //... --build_tests_only | |
| - name: Build Examples | |
| run: bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc build //examples/... | |
| ci-images: | |
| name: CI image tests | |
| runs-on: ubuntu-20.04 # most compatible with debian 11 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Mount bazel caches | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/bazel-repo | |
| key: bazel-cache-deps-ci2-${{ github.sha }} | |
| restore-keys: | | |
| bazel-cache-deps-ci2-${{ github.sha }} | |
| bazel-cache-deps-ci2- | |
| - name: Free space | |
| run: | | |
| sudo apt-get remove -y '^dotnet-.*' | |
| sudo apt-get remove -y '^llvm-.*' | |
| sudo apt-get remove -y 'php.*' | |
| sudo apt-get remove -y azure-cli google-cloud-cli hhvm google-chrome-stable firefox powershell mono-devel | |
| sudo apt-get autoremove -y | |
| sudo apt-get clean | |
| rm -rf /usr/share/dotnet/ | |
| - name: Fetch | |
| run: | | |
| for i in $(seq 20); do | |
| bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc query $(bazel query 'attr(tags, "amd64", ...)') && break | |
| sleep 10; | |
| done | |
| - name: Image Tests | |
| run: bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc test $(bazel query 'attr(tags, "amd64", ...)') |