Skip to content

chore: address CodeQL issues #5705

chore: address CodeQL issues

chore: address CodeQL issues #5705

Workflow file for this run

name: CI
on: pull_request
concurrency:
# Ensure single build of a pull request
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
review:
name: "Review"
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup the toolchain
uses: ./.github/actions/setup-toolchain
- name: Deduplicate packages
run: |
yarn dedupe --check
- name: Install npm dependencies
run: |
yarn
- name: Ensure rnx-kit packages come from our repository
run: |
node scripts/lint-lockfile.js
- name: Check for change files
if: ${{ github.actor != 'rnsdkbot' || github.head_ref != 'changeset-release/main' }}
run: |
yarn change:check --since origin/${{ github.base_ref }}
- name: Report formatting problems
run: |
yarn format
git diff --exit-code
- name: Report dependency problems
run: |
yarn rnx-align-deps --write
git diff --exit-code
- name: Report package metadata inconsistencies
run: |
node scripts/lint-metadata.js
git diff --exit-code
- name: Report @rnx-kit/build workflow inconsistencies
run: |
cp incubator/build/workflows/github.yml .github/workflows/rnx-build.yml
git diff --exit-code
- name: Ensure READMEs are up-to-date
run: |
yarn update-readme
git diff --exit-code
build:
name: "Build"
strategy:
matrix:
node-version: [18, 20]
os: [ubuntu-24.04, windows-2022]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
filter: blob:none
fetch-depth: 0
- name: Setup the toolchain
uses: ./.github/actions/setup-toolchain
with:
node-version: ${{ matrix.node-version }}
- name: Install package dependencies
run: |
yarn
- name: Build and test packages
run: |
yarn build:ci --base origin/${{ github.base_ref }}
- name: Bundle packages
run: |
yarn bundle:ci --base origin/${{ github.base_ref }}
- name: Bundle test app with esbuild
run: |
yarn nx affected --base origin/${{ github.base_ref }} --target bundle+esbuild
shell: bash
- name: Bundle test app with RAM bundle format
run: |
yarn nx affected --base origin/${{ github.base_ref }} --target ram-bundle
shell: bash
build-android-test-app:
name: "Build Android"
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
filter: blob:none
fetch-depth: 0
- name: Setup the toolchain
uses: ./.github/actions/setup-toolchain
with:
jdk-version: 17
- name: Install package dependencies
run: |
yarn
- name: Determine whether the Android app needs to be built
id: affected-projects
run: |
if [[ "$(yarn show-affected --base origin/${{ github.base_ref }})" = *"@rnx-kit/test-app"* ]]; then
echo 'android=true' >> $GITHUB_OUTPUT
fi
- name: Build @rnx-kit/cli
if: ${{ steps.affected-projects.outputs.android != '' }}
run: |
yarn nx build @rnx-kit/cli
- name: Build Android app
if: ${{ steps.affected-projects.outputs.android != '' }}
run: |
yarn build:android
working-directory: packages/test-app
build-ios-test-app:
name: "Build iOS"
runs-on: macos-14
steps:
- name: Checkout
uses: actions/checkout@v4
with:
filter: blob:none
fetch-depth: 0
- name: Setup the toolchain
uses: ./.github/actions/setup-toolchain
with:
platform: ios
- name: Install package dependencies
run: |
yarn
- name: Determine whether the iOS app needs to be built
id: affected-projects
run: |
if [[ "$(yarn show-affected --base origin/${{ github.base_ref }})" = *"@rnx-kit/test-app"* ]]; then
echo 'ios=true' >> $GITHUB_OUTPUT
fi
- name: Build @rnx-kit/cli
if: ${{ steps.affected-projects.outputs.ios != '' }}
run: |
yarn nx build @rnx-kit/cli
- name: Install Pods
uses: microsoft/react-native-test-app/.github/actions/cocoapods@trunk
if: ${{ steps.affected-projects.outputs.ios != '' }}
with:
project-directory: ios
working-directory: packages/test-app
- name: Build iOS app
if: ${{ steps.affected-projects.outputs.ios != '' }}
run: |
yarn build:ios | xcbeautify
working-directory: packages/test-app
build-website:
name: "Build the website"
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup the toolchain
uses: ./.github/actions/setup-toolchain
with:
node-cache: ""
- name: Install package dependencies (docsite)
run: |
yarn
working-directory: docsite
- name: Build website
run: |
yarn build
working-directory: docsite
label:
name: "Label"
permissions:
contents: read
pull-requests: write
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v5
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
sync-labels: true
continue-on-error: true