test: Additional Improvements to CI Workflows #2438
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## master #2438 +/- ##
=======================================
Coverage 41.55% 41.55%
=======================================
Files 120 120
Lines 3025 3025
Branches 325 325
=======================================
Hits 1257 1257
Misses 1674 1674
Partials 94 94 ☔ View full report in Codecov by Sentry. |
3 tasks
evansims
changed the title
evansims
changed the title
github-merge-queue bot
pushed a commit
to auth0/auth0-spa-js
that referenced
this pull request
Aug 29, 2023
<!-- By submitting a PR to this repository, you agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md). Please see the [contributing guidelines](https://github.com/auth0/.github/blob/master/CONTRIBUTING.md) for how to create and submit a high-quality PR for this repo. --> ### Changes This pull request updates our continuous integration workflows. It (in part) mirrors [improvements made to the Lock repository](auth0/lock#2438). #### codeql.yml - Updated `pull_request` type triggers to use a narrower scope (avoids unnecessary runs) and apply to all branches. - Updated `push` branch triggers to be more concise (uses the `v*` wildcard.) - Added concurrency check (cancels redundant in-progress runs.) - Updated to skip unnecessary runs on Dependabot PRs and re-runs on merge group queues. #### publish.yml - Fixed the `NODE_VERSION` environmental variable reference. #### semgrep.yml - Updated to skip unnecessary runs on Dependabot PRs and re-runs on merge group queues. - Updated name to use "Check for Vulnerabilities" for clarity in branch protection filters. - Added concurrency check (cancels redundant in-progress runs.) #### snyk.yml - Added workflow to trigger Snyk security checks. We previously used webhooks to trigger these checks, but this method is incompatible with GitHub's merge queue feature. This approach allows us to use the feature, as well as to autonomously run checks on a set schedule as we do in other repositories. #### test.yml - Moves the Codecov coverage upload step into the unit test step (fixes coverage not being available during the build step.) ### References Updates based on internal feedback and conversations. ### Testing This pull request applies improvements to the continuous integration testing for the repository but does not add additional tests. ### Checklist - [x] I have read the [Auth0 general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) - [x] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md) - [x] All code quality tools/guidelines have been run/followed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
This pull request updates our continuous integration workflows:
codeql.yml
pull_requesttype triggers to use a narrower scope (avoids unnecessary runs.)pushbranch triggers to be more concise (uses thev*wildcard.)publish.yml
NODE_VERSIONenvironmental variable reference (hardcoded18value.)semgrep.yml
snyk.yml
We previously used webhooks to trigger these checks, but this method is incompatible with GitHub's merge queue feature. This approach allows us to use the feature, as well as to autonomously run checks on a set schedule as we do in other repositories.
test.yml
References
Updates based on internal feedback and conversations.
Testing
This pull request applies improvements to the continuous integration testing for the repository but does not add additional tests.
Checklist