chore(ci): update & clean workflow (#1966)

* chore(workflow): move action version number comment inline with usage
* chore(workflow): update matrix to use macos-26
* chore(workflow): add node-26 to test matrix
* chore: remove .ratignore, ci can use .rat-excludes
* chore(workflow): extract codeql to run once & improved path ignore list
This commit is contained in:
エリス
2026-07-01 15:29:46 +09:00
committed by GitHub
parent acbc5b48c0
commit 654b03a327
5 changed files with 66 additions and 64 deletions
+61 -31
View File
@@ -25,26 +25,74 @@ on:
branches:
- '*'
permissions:
contents: read
security-events: write
jobs:
test:
name: NodeJS ${{ matrix.node-version }} on ${{ matrix.os }}
codeql:
name: CodeQL Analysis
runs-on: ubuntu-latest
runs-on: ${{ matrix.os }}
strategy:
matrix:
node-version: [20.x, 22.x, 24.x]
os: [ubuntu-latest, windows-latest, macos-15]
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
fetch-depth: 1
- uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0
with:
distribution: 'temurin'
java-version: '17'
# "bin/templates/platform_www/cordova.js" is ignored because it is a generated file.
# It contains mixed content from the npm package "cordova-js" and "./cordova-js-src".
# The report might not be resolvable because of the external package.
# If the report is related to this repository, it would be detected when scanning "./cordova-js-src".
- uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: javascript, java-kotlin
queries: security-and-quality
# When 'build-mode' is set to 'none', CodeQL will create a database without
# requiring a build for Java. If Kotlin files are added in the future, build
# will be required.
build-mode: none
config: |
paths-ignore:
- coverage
- node_modules
- templates/project/assets/www/cordova.js
- test/androidx/app/src/main/assets/www/cordova.js
- framework/build/intermediates
- framework/build/outputs
- framework/build/reports
- framework/build/tmp
- test/androidx/build/intermediates
- test/androidx/build/outputs
- test/androidx/build/reports
- test/androidx/build/tmp
- uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
test:
name: NodeJS ${{ matrix.node-version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
permissions:
contents: read
strategy:
matrix:
node-version: [20.x, 22.x, 24.x, 26.x]
os: [ubuntu-latest, windows-latest, macos-26]
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
fetch-depth: 1
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
@@ -60,31 +108,13 @@ jobs:
npm --version
gradle --version
# "bin/templates/platform_www/cordova.js" is ignored because it is a generated file.
# It contains mixed content from the npm package "cordova-js" and "./cordova-js-src".
# The report might not be resolvable because of the external package.
# If the report is related to this repository, it would be detected when scanning "./cordova-js-src".
- uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: javascript, java-kotlin
queries: security-and-quality
config: |
paths-ignore:
- coverage
- node_modules
- templates/project/assets/www/cordova.js
- test/androidx/app/src/main/assets/www/cordova.js
- name: npm install and test
run: |
npm cit
env:
CI: true
- uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
# v4.6.0
- uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f
- uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
if: success()
with:
name: ${{ runner.os }} node.js ${{ matrix.node-version }}
+1
View File
@@ -35,6 +35,7 @@ jobs:
with:
persist-credentials: false
fetch-depth: 1
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 24
+4 -4
View File
@@ -39,8 +39,8 @@ jobs:
persist-credentials: false
fetch-depth: 1
# Check license headers (v3.0.0)
- uses: erisu/apache-rat-action@30c94d10ed21e6f6fd5590dc5c158f58cae7a0dd
# Check license headers
- uses: erisu/apache-rat-action@30c94d10ed21e6f6fd5590dc5c158f58cae7a0dd # v3.0.0
# Setup environment with node
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
@@ -51,8 +51,8 @@ jobs:
- name: npm install packages
run: npm ci
# Check node package licenses (v2.1.0)
- uses: erisu/license-checker-action@04511f4c052b5773f11e1c65b42cda88235c62ae
# Check node package licenses
- uses: erisu/license-checker-action@04511f4c052b5773f11e1c65b42cda88235c62ae # v2.1.0
with:
license-config: 'licence_checker.yml'
include-asf-category-a: true
-2
View File
@@ -15,8 +15,6 @@
# specific language governing permissions and limitations
# under the License.
# This file used by ATR
**/*.txt
.git/
coverage/
-27
View File
@@ -1,27 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# This file used by release audit workflow
**/*.txt
.git/
coverage/
framework/build/
node_modules/
test/androidx/app/build/
test/androidx/build/
test/androidx/tools/