Scan for security vulnerabilities with GitHub CodeQL #527
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# .github/workflows/build-test.yml | |
# | |
# https://docs.github.com/en/actions/reference/environment-variables#default-environment-variables | |
--- | |
name: Build, Test, and Lint | |
on: | |
pull_request: | |
branches: [main] | |
push: | |
branches: [main] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-test: | |
name: Build, Test, and Lint | |
# https://github.com/actions/runner-images#available-images | |
runs-on: macos-15 | |
defaults: | |
run: | |
# Prefixes all `run` commands with the following command to force them to run outside Rosetta. | |
# https://github.com/actions/runner/issues/805#issuecomment-942784948 | |
# https://github.com/rolpdog/cffi-mirror/blob/release-1.15/.github/workflows/ci.yaml#L81-L141 | |
# https://github.com/actions/virtual-environments/issues/2187#issuecomment-790507204 | |
shell: arch -arm64 bash --noprofile --norc -eo pipefail {0} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# A fetch-depth of 0 includes all history and tags for script/version | |
fetch-depth: 0 | |
- name: Bootstrap | |
run: script/bootstrap -f | |
- name: Build | |
run: script/build | |
- name: Test | |
run: script/test | |
- name: Lint | |
run: script/lint |