From 654b03a32704db8f8fd2a889b49c2302d8b8b9ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=82=A8=E3=83=AA=E3=82=B9?= Date: Wed, 1 Jul 2026 15:29:46 +0900 Subject: [PATCH] chore(ci): update & clean workflow (#1966) * chore(workflow): move action version number comment inline with usage * chore(workflow): update matrix to use macos-26 * chore(workflow): add node-26 to test matrix * chore: remove .ratignore, ci can use .rat-excludes * chore(workflow): extract codeql to run once & improved path ignore list --- .github/workflows/ci.yml | 92 +++++++++++++++++++---------- .github/workflows/draft-release.yml | 1 + .github/workflows/release-audit.yml | 8 +-- .rat-excludes | 2 - .ratignore | 27 --------- 5 files changed, 66 insertions(+), 64 deletions(-) delete mode 100644 .ratignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 76ffa1b7..9686639a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,26 +25,74 @@ on: branches: - '*' -permissions: - contents: read - security-events: write - jobs: - test: - name: NodeJS ${{ matrix.node-version }} on ${{ matrix.os }} + codeql: + name: CodeQL Analysis + runs-on: ubuntu-latest - runs-on: ${{ matrix.os }} - - strategy: - matrix: - node-version: [20.x, 22.x, 24.x] - os: [ubuntu-latest, windows-latest, macos-15] + permissions: + contents: read + security-events: write steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 1 + + - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 + with: + distribution: 'temurin' + java-version: '17' + + # "bin/templates/platform_www/cordova.js" is ignored because it is a generated file. + # It contains mixed content from the npm package "cordova-js" and "./cordova-js-src". + # The report might not be resolvable because of the external package. + # If the report is related to this repository, it would be detected when scanning "./cordova-js-src". + - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + with: + languages: javascript, java-kotlin + queries: security-and-quality + # When 'build-mode' is set to 'none', CodeQL will create a database without + # requiring a build for Java. If Kotlin files are added in the future, build + # will be required. + build-mode: none + config: | + paths-ignore: + - coverage + - node_modules + - templates/project/assets/www/cordova.js + - test/androidx/app/src/main/assets/www/cordova.js + - framework/build/intermediates + - framework/build/outputs + - framework/build/reports + - framework/build/tmp + - test/androidx/build/intermediates + - test/androidx/build/outputs + - test/androidx/build/reports + - test/androidx/build/tmp + + - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + + test: + name: NodeJS ${{ matrix.node-version }} on ${{ matrix.os }} + + runs-on: ${{ matrix.os }} + + permissions: + contents: read + + strategy: + matrix: + node-version: [20.x, 22.x, 24.x, 26.x] + os: [ubuntu-latest, windows-latest, macos-26] + + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + persist-credentials: false + fetch-depth: 1 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} @@ -60,31 +108,13 @@ jobs: npm --version gradle --version - # "bin/templates/platform_www/cordova.js" is ignored because it is a generated file. - # It contains mixed content from the npm package "cordova-js" and "./cordova-js-src". - # The report might not be resolvable because of the external package. - # If the report is related to this repository, it would be detected when scanning "./cordova-js-src". - - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 - with: - languages: javascript, java-kotlin - queries: security-and-quality - config: | - paths-ignore: - - coverage - - node_modules - - templates/project/assets/www/cordova.js - - test/androidx/app/src/main/assets/www/cordova.js - - name: npm install and test run: | npm cit env: CI: true - - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 - - # v4.6.0 - - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f + - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 if: success() with: name: ${{ runner.os }} node.js ${{ matrix.node-version }} diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 3b945f1f..9f11b553 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -35,6 +35,7 @@ jobs: with: persist-credentials: false fetch-depth: 1 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24 diff --git a/.github/workflows/release-audit.yml b/.github/workflows/release-audit.yml index 2f318068..3156baa9 100644 --- a/.github/workflows/release-audit.yml +++ b/.github/workflows/release-audit.yml @@ -39,8 +39,8 @@ jobs: persist-credentials: false fetch-depth: 1 - # Check license headers (v3.0.0) - - uses: erisu/apache-rat-action@30c94d10ed21e6f6fd5590dc5c158f58cae7a0dd + # Check license headers + - uses: erisu/apache-rat-action@30c94d10ed21e6f6fd5590dc5c158f58cae7a0dd # v3.0.0 # Setup environment with node - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 @@ -51,8 +51,8 @@ jobs: - name: npm install packages run: npm ci - # Check node package licenses (v2.1.0) - - uses: erisu/license-checker-action@04511f4c052b5773f11e1c65b42cda88235c62ae + # Check node package licenses + - uses: erisu/license-checker-action@04511f4c052b5773f11e1c65b42cda88235c62ae # v2.1.0 with: license-config: 'licence_checker.yml' include-asf-category-a: true diff --git a/.rat-excludes b/.rat-excludes index f1448c25..8e9a5804 100644 --- a/.rat-excludes +++ b/.rat-excludes @@ -15,8 +15,6 @@ # specific language governing permissions and limitations # under the License. -# This file used by ATR - **/*.txt .git/ coverage/ diff --git a/.ratignore b/.ratignore deleted file mode 100644 index 53702734..00000000 --- a/.ratignore +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# This file used by release audit workflow - -**/*.txt -.git/ -coverage/ -framework/build/ -node_modules/ -test/androidx/app/build/ -test/androidx/build/ -test/androidx/tools/