Skip to content
Build & Test

ci: Update GitHub Actions workflows based on Zizmor security reports #83

Sign in to view logs

ci: Update GitHub Actions workflows based on Zizmor security reports

ci: Update GitHub Actions workflows based on Zizmor security reports #83

Workflow file for this run

.github/workflows/ci-test.yml at 6221c22
name: Build & Test
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
# -----------------------------
# Job 1: Pre-commit
# -----------------------------
pre-commit:
runs-on: ubuntu-latest
steps:
# -----------------------------
# 1. Checkout Repository
# -----------------------------
- name: 📥 Checkout Repository
uses: actions/checkout@v6
with:
persist-credentials: true
# -----------------------------
# 2. Run Pre-commit hooks
# -----------------------------
- uses: pre-commit/[email protected]
# -----------------------------
# 3. Run Pre-commit CI Lite (always)
# -----------------------------
- uses: pre-commit-ci/[email protected]
if: always()
# -----------------------------
# Job 2: Package Checks & Build
# -----------------------------
package:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
# -----------------------------
# 1. Checkout Repository
# -----------------------------
- name: 📥 Checkout Repository
uses: actions/checkout@v6
with:
persist-credentials: false
# -----------------------------
# 2. Setup Node.js
# -----------------------------
- name: ⚙️ Setup Node.js
uses: actions/setup-node@v6
with:
node-version: "20"
# -----------------------------
# 3. Check package-lock.json is up-to-date
# -----------------------------
- name: 🔒 Check package-lock.json Sync
run: npx --yes [email protected]
# -----------------------------
# 4. Install Dependencies
# -----------------------------
- name: 📦 Install Dependencies
run: npm ci
# -----------------------------
# 5. Run Lint & Formatting Check
# -----------------------------
- name: 🧹 Run Lint & Formatting Check
run: npx @biomejs/biome ci --error-on-warnings
# -----------------------------
# 6. Build the Package
# -----------------------------
- name: 🏗️ Run Build
run: npm run build
# -----------------------------
# Job 3: Test Custom Solr Action
# -----------------------------
solr-dev-test:
name: solr-dev-test (Solr ${{ matrix.solr-version }})
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
include:
- solr-version: "8"
configset: "tests/fixtures/solr_configs/8.x.x"
- solr-version: "9"
configset: "tests/fixtures/solr_configs/9.x.x"
env:
SOLR_CORE: test_core
steps:
# -----------------------------
# 1. Checkout Repository
# -----------------------------
- name: 📥 Checkout Repository
uses: actions/checkout@v6
with:
persist-credentials: false
# -----------------------------
# 2. Setup Apache Solr (Local Action)
# -----------------------------
- name: ⚡ Setup Apache Solr Infrastructure (Local)
uses: ./ # Use local action.yml
with:
solr-version: ${{ matrix.solr-version }}
solr-core-name: ${{ env.SOLR_CORE }}
solr-custom-configset-path: ${{ matrix.configset }}
# -----------------------------
# 3. Verify Solr is Running
# -----------------------------
- name: ✅ Verify Solr Health
run: |
echo "Pinging Solr Core: ${SOLR_CORE}"
RESPONSE=$(curl -s --fail "http://127.0.0.1:8983/solr/${SOLR_CORE}/admin/ping?wt=json")
if echo "$RESPONSE" | grep -q '"status":"OK"'; then
echo "🎉 Solr is healthy and responding"
else
echo "❌ Solr ping failed!"
echo "Response: $RESPONSE"
exit 1
fi