diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml new file mode 100644 index 00000000..b7a2f486 --- /dev/null +++ b/.github/dependency-review-config.yml @@ -0,0 +1,12 @@ +license-check: true +vulnerability-check: true +fail-on-severity: "low" + +allow-licenses: + - GPL-3.0 + - BSD-3-Clause + - MIT + - Apache-2.0 + +allow-ghsas: [] + diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a873e237..5ae04b36 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,21 +1,9 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# name: "CodeQL" on: push: branches: ["main"] pull_request: - # The branches below must be a subset of the branches above branches: ["main"] schedule: - cron: "0 0 * * 1" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml deleted file mode 100644 index d7cee7d9..00000000 --- a/.github/workflows/dependency-review.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Dependency Review Action -# -# This Action will scan dependency manifest files that change as part of a Pull Request, -# surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. -# -# Source repository: https://github.com/actions/dependency-review-action -name: 'Dependency Review' -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 - with: - egress-policy: audit - - - name: 'Checkout Repository' - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: 'Dependency Review' - uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 diff --git a/.github/workflows/module.test.yml b/.github/workflows/module.test.yml index 61f7eb68..e34da542 100644 --- a/.github/workflows/module.test.yml +++ b/.github/workflows/module.test.yml @@ -88,3 +88,43 @@ jobs: ${{ inputs.coverage && 'coverage' || 'test' }} \ --config=ci \ //... + + integration-tests: + name: "Test: ${{ matrix.label }} (${{ inputs.label || 'Rules' }})" + runs-on: ${{ inputs.runner || 'ubuntu-latest' }} + continue-on-error: ${{ inputs.labs || matrix.labs }} + strategy: + fail-fast: false + matrix: + label: ["BCR"] + target: ["//sample"] + action: ["build"] + directory: ["./example/integration_tests/bzlmod"] + labs: [false] + steps: + - name: "Setup: Checkout" + uses: actions/checkout@v3 + - name: "Setup: msbuild" + uses: microsoft/setup-msbuild@v1.1 + if: ${{ contains(inputs.runner, 'windows') }} + - name: "Setup: Bazel" + uses: bazelbuild/setup-bazelisk@v2 + - name: "Setup: Cache" + uses: actions/cache@v3 + with: + path: "~/.cache/bazel" + key: bazel-v2 + - name: "Configure: Bazel" + shell: bash + run: | + echo "build --remote_header=x-buildbuddy-api-key=${{ secrets.BUILDBUDDY_APIKEY }}" >> local.bazelrc + echo "build --remote_header=x-api-key=${{ secrets.BUILDLESS_APIKEY }}" >> local.bazelrc + - name: "Build: ${{ matrix.label }}" + continue-on-error: ${{ inputs.labs }} + working-directory: ${{ matrix.directory }} + shell: bash + run: | + bazel \ + ${{ matrix.action || 'build' }} \ + ${{ matrix.target || '//...' }} + diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml index ae5be6c1..17a0c2fb 100644 --- a/.github/workflows/on.push.yml +++ b/.github/workflows/on.push.yml @@ -47,7 +47,7 @@ jobs: label: Ubuntu labs: false - runner: ubuntu-latest - label: Ubuntu / Bzlmod + label: Ubuntu - Bzlmod bzlmod: true labs: true - runner: windows-latest diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 0c9a8757..34d65ab4 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,6 +1,6 @@ { "lockFileVersion": 1, - "moduleFileHash": "618d7112f0da53485db4528465e4f51516c4653069d5247a66abbaf819446878", + "moduleFileHash": "889d5d36f6ec6ef087890dadaa513fe5d42792efa4bdec349d1c6567226d9416", "flags": { "cmdRegistries": [ "https://bcr.bazel.build/" @@ -30,7 +30,7 @@ "usingModule": "", "location": { "file": "@@//:MODULE.bazel", - "line": 124, + "line": 125, "column": 22 }, "imports": { @@ -45,7 +45,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 126, + "line": 127, "column": 14 } } @@ -59,7 +59,7 @@ "usingModule": "", "location": { "file": "@@//:MODULE.bazel", - "line": 139, + "line": 140, "column": 20 }, "imports": { @@ -73,7 +73,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 141, + "line": 142, "column": 12 } }