Skip to content

ci: Update per Q3 audit findings #422

ci: Update per Q3 audit findings

ci: Update per Q3 audit findings #422

Workflow file for this run

name: Swift CI
on:
pull_request:
push:
branches: ['main']
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
format:
runs-on: macos-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Install swift-format
run: brew install swift-format
- name: Format
run: swift format lint --strict --configuration .swift-format.json --recursive --parallel Sources/ Tests/ Examples/ Package.swift
build:
strategy:
matrix:
swift: ["5.9", "5.10"]
os: [macos-12, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Setup Swift
uses: swift-actions/setup-swift@3aed395c5397f62deb91d8fe7af1418a9ae4d16f # v2.1.0
with:
swift-version: ${{ matrix.swift }}
- name: Checkout Code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: sdk/swift/.build
key: ${{ runner.os }}-${{ matrix.swift }}-spm-${{ github.job }}-${{ hashFiles('**/Package.resolved') }}
restore-keys: |
${{ runner.os }}-${{ matrix.swift }}-spm-
- name: Build
run: swift build
test:
strategy:
matrix:
swift: ["5.9", "5.10"]
os: [macos-12, macos-latest]
needs: [build]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Setup Swift
uses: swift-actions/setup-swift@3aed395c5397f62deb91d8fe7af1418a9ae4d16f # v2.1.0
with:
swift-version: ${{ matrix.swift }}
- name: Checkout Code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Cache Code
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: sdk/swift/.build
key: ${{ runner.os }}-${{ matrix.swift }}-spm-${{ github.job }}-${{ hashFiles('**/Package.resolved') }}
restore-keys: |
${{ runner.os }}-${{ matrix.swift }}-spm-
- name: Test
run: swift test