-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
133 lines (122 loc) · 4.72 KB
/
static_analysis.yaml
File metadata and controls
133 lines (122 loc) · 4.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Static Analysis
on:
pull_request: {}
push:
branches: [develop, master]
merge_group:
types: [checks_requested]
repository_dispatch:
types: [element-web-notify]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: true
env:
# This must be set for fetchdep.sh to get the right branch
PR_NUMBER: ${{ github.event.pull_request.number }}
NX_DEFAULT_OUTPUT_STYLE: stream-without-prefixes
permissions: {} # No permissions required
jobs:
lint:
strategy:
fail-fast: false
matrix:
include:
- name: Typescript Syntax Check
install: layered
command: "lint:types"
- name: Prettier
install: normal
command: "lint:prettier"
- name: ESLint
install: normal
command: "lint:js"
- name: Style Lint
install: normal
command: "lint:style"
- name: Workflow Lint
install: normal
command: "lint:workflows"
- name: Analyse Dead Code
install: normal
command: "lint:knip"
- name: Rethemendex Check
command: "rethemendex"
assert-diff: true
- name: Docs
install: layered
command: "docs:build"
name: ${{ matrix.name }}
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
if: matrix.install != ''
with:
cache: "pnpm"
node-version: "lts/*"
- name: Install Dependencies (layered)
if: matrix.install == 'layered'
run: "./scripts/layered.sh"
- name: Install Dependencies (normal)
if: matrix.install == 'normal'
run: "pnpm install --frozen-lockfile"
- name: Run ${{ matrix.command }}
run: pnpm --if-present run "$CMD" && pnpm -r --if-present run "$CMD"
env:
CMD: ${{ matrix.command }}
- name: Assert no changes
run: git diff --exit-code
if: matrix.assert-diff
zizmor:
name: Zizmor Github Actions lint
runs-on: ubuntu-24.04
permissions:
security-events: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
i18n:
strategy:
fail-fast: false
matrix:
include:
- name: Element Web
path: "apps/web"
allowed-hardcoded-keys: |
console_dev_note
labs|element_call_video_rooms
labs|feature_disable_call_per_sender_encryption
voip|element_call
error|invalid_json
error|misconfigured
welcome_to_element
devtools|settings|elementCallUrl
labs|sliding_sync_description
settings|voip|noise_suppression_description
settings|voip|echo_cancellation_description
- name: Element Desktop
path: "apps/desktop"
- name: Shared Components
path: "packages/shared-components"
name: "i18n Check (${{ matrix.name }})"
uses: matrix-org/matrix-web-i18n/.github/workflows/i18n_check.yml@6eda3835118f3bc3fb658a1a3c20b7da9d16ae42
permissions:
pull-requests: read
with:
hardcoded-words: "Element"
packageManager: pnpm
path: ${{ matrix.path }}
allowed-hardcoded-keys: ${{ matrix.allowed-hardcoded-keys }}
# Dummy job to simplify branch protections
ci:
name: Static Analysis
needs: [lint, i18n]
runs-on: ubuntu-24.04
steps:
- run: echo "Ok"