Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Use npm to manage "Check Workflows" tool dependencies #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
per1234 merged 1 commit into arduino:main from per1234:check-workflows-npm
Oct 16, 2024

Conversation

Copy link
Contributor

@per1234 per1234 commented Oct 16, 2024

The project uses the ajv-cli tool to validate GitHub Actions workflows against the JSON schema. Previously, the version of the tool used was not controlled. This was problematic because:

  • A different version of the tool may be used on the contributor's machine than on the CI runner, resulting in confusing failures.
  • The project is immediately subject to disruption or breakage resulting from a release of the tool.

The new approach is to specify the version of the tools via the standard npm metadata files (package.json + package-lock.json), providing the following benefits:

  • Enables automated updates via Dependabot PRs
  • Enables automated vulnerability alerts
 

The project uses the ajv-cli tool to validate GitHub Actions workflows against the JSON schema. Previously, the version
of the tool used was not controlled. This was problematic because:
- A different version of the tool may be used on the contributor's machine than on the CI runner, resulting in confusing
 failures.
- The project is immediately subject to disruption or breakage resulting from a release of the tool.
The new approach is to specify the version of the tools via the standard npm metadata files (package.json +
package-lock.json), providing the following benefits:
- Enables automated updates via Dependabot PRs
- Enables automated vulnerability alerts
@per1234 per1234 added type: enhancement Proposed improvement topic: infrastructure Related to project infrastructure labels Oct 16, 2024
@per1234 per1234 self-assigned this Oct 16, 2024
Copy link

codecov bot commented Oct 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.05%. Comparing base (3a1b210) to head (14983d7).
Report is 13 commits behind head on main.

Additional details and impacted files 
@@ Coverage Diff @@
## main #792 +/- ##
=======================================
 Coverage 90.05% 90.05% 
=======================================
 Files 44 44 
 Lines 6800 6800 
=======================================
 Hits 6124 6124 
 Misses 553 553 
 Partials 123 123
Flag Coverage Δ
unit 90.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@per1234 per1234 merged commit c190bd2 into arduino:main Oct 16, 2024
70 checks passed
@per1234 per1234 deleted the check-workflows-npm branch October 16, 2024 06:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Labels
topic: infrastructure Related to project infrastructure type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant

AltStyle によって変換されたページ (->オリジナル) /