[Snyk] Security upgrade github-pages from 215 to 216 #535
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
env: | |
HOMEBREW_DEVELOPER: 1 | |
HOMEBREW_NO_AUTO_UPDATE: 1 | |
jobs: | |
syntax: | |
if: github.repository == 'Homebrew/brew' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Cache Bundler RubyGems | |
uses: actions/cache@v1 | |
with: | |
path: ${{ steps.set-up-homebrew.outputs.gems-path }} | |
key: ${{ runner.os }}-rubygems-${{ steps.set-up-homebrew.outputs.gems-hash }} | |
restore-keys: ${{ runner.os }}-rubygems- | |
- name: Install Bundler RubyGems | |
run: brew install-bundler-gems --groups=sorbet | |
- name: Install shellcheck | |
run: brew install shellcheck | |
- run: brew style --display-cop-names | |
- run: brew typecheck | |
- name: Run vale for docs linting | |
run: | | |
brew install vale | |
vale docs/ | |
tap-syntax: | |
name: tap syntax (Linux) | |
needs: syntax | |
if: startsWith(github.repository, 'Homebrew/') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- run: brew test-bot --only-cleanup-before | |
- run: brew config | |
- name: Cache Bundler RubyGems | |
uses: actions/cache@v1 | |
with: | |
path: ${{ steps.set-up-homebrew.outputs.gems-path }} | |
key: ${{ runner.os }}-rubygems-${{ steps.set-up-homebrew.outputs.gems-hash }} | |
restore-keys: ${{ runner.os }}-rubygems- | |
- name: Install Bundler RubyGems | |
run: brew install-bundler-gems --groups=sorbet | |
- run: brew doctor | |
- name: Run brew update-tests | |
if: github.event_name == 'pull_request' | |
run: | | |
brew update-test | |
brew update-test --to-tag | |
brew update-test --commit=HEAD | |
- name: Run brew readall on all taps | |
run: brew readall --aliases | |
- name: Run brew style on linuxbrew-core | |
run: brew style --display-cop-names homebrew/core | |
- name: Run brew audit --skip-style on all taps | |
run: brew audit --skip-style --except=version --display-failures-only | |
- name: Set up all Homebrew taps | |
run: | | |
HOMEBREW_REPOSITORY="$(brew --repo)" | |
HOMEBREW_CORE_REPOSITORY="$HOMEBREW_REPOSITORY/Library/Taps/homebrew/homebrew-core" | |
git -C "$HOMEBREW_CORE_REPOSITORY" remote add homebrew_core https://github.com/Homebrew/homebrew-core | |
git -C "$HOMEBREW_CORE_REPOSITORY" fetch homebrew_core || git -C "$HOMEBREW_CORE_REPOSITORY" fetch homebrew_core | |
git -C "$HOMEBREW_CORE_REPOSITORY" checkout --force -B master homebrew_core/master | |
brew tap homebrew/aliases | |
brew tap homebrew/autoupdate | |
brew tap homebrew/bundle | |
brew tap homebrew/cask | |
brew tap homebrew/cask-drivers | |
brew tap homebrew/cask-fonts | |
brew tap homebrew/cask-versions | |
brew tap homebrew/command-not-found | |
brew tap homebrew/formula-analytics | |
brew tap homebrew/linux-dev | |
brew tap homebrew/portable-ruby | |
brew tap homebrew/services | |
brew update-reset Library/Taps/homebrew/homebrew-bundle | |
# brew style doesn't like world writable directories | |
sudo chmod -R g-w,o-w "$HOMEBREW_REPOSITORY/Library/Taps" | |
- name: Run brew style on homebrew-core | |
run: brew style --display-cop-names homebrew/core | |
env: | |
HOMEBREW_SIMULATE_MACOS_ON_LINUX: 1 | |
- name: Run brew audit --skip-style on homebrew-core | |
run: brew audit --skip-style --except=version --tap=homebrew/core | |
env: | |
HOMEBREW_SIMULATE_MACOS_ON_LINUX: 1 | |
- name: Run brew style on official taps | |
run: | | |
brew style --display-cop-names homebrew/bundle \ | |
homebrew/services \ | |
homebrew/test-bot | |
brew style --display-cop-names homebrew/aliases\ | |
homebrew/autoupdate\ | |
homebrew/command-not-found \ | |
homebrew/formula-analytics \ | |
homebrew/linux-dev \ | |
homebrew/portable-ruby | |
- name: Run brew style on cask taps | |
run: | | |
brew style --display-cop-names homebrew/cask \ | |
homebrew/cask-drivers \ | |
homebrew/cask-fonts \ | |
homebrew/cask-versions | |
vendored-gems: | |
name: vendored gems (Linux) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Configure Git user | |
uses: Homebrew/actions/git-user-config@master | |
with: | |
username: BrewTestBot | |
# Can't cache this because we need to check that it doesn't fail the | |
# "uncommitted RubyGems" step with a cold cache. | |
- name: Install Bundler RubyGems | |
run: brew install-bundler-gems --groups=sorbet | |
- name: Check for uncommitted RubyGems | |
run: git diff --stat --exit-code Library/Homebrew/vendor/bundle/ruby | |
docker: | |
needs: syntax | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Build Docker image | |
run: docker build -t brew --build-arg=version=16.04 . | |
- name: Deploy the Docker image to GitHub Packages and Docker Hub | |
if: github.ref == 'refs/heads/master' | |
run: | | |
echo ${{secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN}} | \ | |
docker login ghcr.io -u BrewTestBot --password-stdin | |
docker tag brew "ghcr.io/homebrew/ubuntu16.04:master" | |
docker push "ghcr.io/homebrew/ubuntu16.04:master" | |
echo ${{secrets.HOMEBREW_BREW_DOCKER_TOKEN}} | \ | |
docker login -u brewtestbot --password-stdin | |
docker tag brew "homebrew/ubuntu16.04:master" | |
docker push "homebrew/ubuntu16.04:master" | |
tests: | |
name: ${{ matrix.name }} | |
needs: syntax | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- name: tests (no-compatibility mode) | |
test-flags: --no-compat --online --coverage | |
- name: tests (generic OS) | |
test-flags: --generic --online --coverage | |
- name: tests (Linux) | |
test-flags: --online --coverage | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Cache Bundler RubyGems | |
uses: actions/cache@v1 | |
with: | |
path: ${{ steps.set-up-homebrew.outputs.gems-path }} | |
key: ${{ runner.os }}-rubygems-${{ steps.set-up-homebrew.outputs.gems-hash }} | |
restore-keys: ${{ runner.os }}-rubygems- | |
- name: Install Bundler RubyGems | |
run: brew install-bundler-gems --groups=sorbet | |
- name: Create parallel test log directory | |
run: mkdir tests | |
- name: Cache parallel tests log | |
uses: actions/cache@v1 | |
with: | |
path: tests | |
key: ${{ runner.os }}-${{ matrix.test-flags }}-parallel_runtime_rspec-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-${{ matrix.test-flags }}-parallel_runtime_rspec- | |
- name: Run brew tests | |
run: | | |
# brew tests doesn't like world writable directories | |
sudo chmod -R g-w,o-w /home/linuxbrew/.linuxbrew/Homebrew | |
brew tests ${{ matrix.test-flags }} | |
env: | |
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 | |
test-default-formula-linux: | |
name: test default formula (Linux) | |
runs-on: ubuntu-latest | |
env: | |
HOMEBREW_BOOTSNAP: 1 | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- run: brew test-bot --only-cleanup-before | |
- run: brew test-bot --only-formulae --only-json-tab --test-default-formula | |
test-everything: | |
name: test everything (macOS) | |
needs: syntax | |
if: startsWith(github.repository, 'Homebrew/') | |
runs-on: macos-latest | |
env: | |
HOMEBREW_BOOTSNAP: 1 | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Set up Xcode | |
run: sudo xcode-select --switch /Applications/Xcode_12.2.app/Contents/Developer | |
- run: brew test-bot --only-cleanup-before | |
- run: brew config | |
# Can't cache this because we need to check that it doesn't fail the | |
# "uncommitted RubyGems" step with a cold cache. | |
- name: Install Bundler RubyGems | |
run: brew install-bundler-gems --groups=sorbet | |
- name: Check for uncommitted RubyGems | |
run: git diff --stat --exit-code Library/Homebrew/vendor/bundle/ruby | |
- run: brew doctor | |
- name: Run brew update-tests | |
if: github.event_name == 'pull_request' | |
run: | | |
brew update-test | |
brew update-test --to-tag | |
brew update-test --commit=HEAD | |
- name: Set up all Homebrew taps | |
run: | | |
brew tap homebrew/cask | |
brew tap homebrew/cask-drivers | |
brew tap homebrew/cask-fonts | |
brew tap homebrew/cask-versions | |
brew update-reset Library/Taps/homebrew/homebrew-bundle \ | |
Library/Taps/homebrew/homebrew-cask \ | |
Library/Taps/homebrew/homebrew-cask-versions \ | |
Library/Taps/homebrew/homebrew-services | |
- name: Run brew readall on all taps | |
run: brew readall --aliases | |
- name: Install brew tests dependencies | |
run: | | |
brew install subversion | |
brew sh -c "svn --homebrew=print-path" | |
which svn | |
which svnadmin | |
- name: Create parallel test log directory | |
run: mkdir tests | |
- name: Cache parallel tests log | |
uses: actions/cache@v1 | |
with: | |
path: tests | |
key: ${{ runner.os }}-parallel_runtime_rspec-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-parallel_runtime_rspec- | |
- name: Run brew tests | |
run: brew tests --online --coverage | |
env: | |
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# These cannot be queried at the macOS level on GitHub Actions. | |
HOMEBREW_LANGUAGES: en-GB | |
- run: brew test-bot --only-formulae --test-default-formula | |
- uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 | |
- name: Upload test results to BuildPulse for flaky test detection | |
# Only run this step for non-PR pushes or PRs where where we have access to secrets. | |
# Run this step even when the tests fail. Skip if the workflow is cancelled. | |
if: (github.event.pull_request == null || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled() | |
env: | |
BUILDPULSE_ACCESS_KEY_ID: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID }} | |
BUILDPULSE_SECRET_ACCESS_KEY: ${{ secrets.BUILDPULSE_SECRET_ACCESS_KEY }} | |
run: | | |
brew install buildpulse-test-reporter | |
buildpulse-test-reporter submit Library/Homebrew/test/junit --account-id 1503512 --repository-id 53238813 |