Merge pull request #364 from alphagov/9-10-0 #555
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
ref: | |
description: 'The branch, tag or SHA to checkout' | |
default: main | |
type: string | |
jobs: | |
snyk-security: | |
name: SNYK security analysis | |
uses: alphagov/govuk-infrastructure/.github/workflows/snyk-security.yml@main | |
with: | |
skip_sca: true | |
secrets: inherit | |
permissions: | |
contents: read | |
security-events: write | |
actions: read | |
codeql-sast: | |
name: CodeQL SAST scan | |
uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main | |
permissions: | |
security-events: write | |
dependency-review: | |
name: Dependency Review scan | |
uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main | |
# Run the test suite against multiple Ruby and Rails versions | |
test_matrix: | |
strategy: | |
fail-fast: false | |
matrix: | |
ruby: [3.1, 3.2, 3.3] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref || github.ref }} | |
- uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: ${{ matrix.ruby }} | |
bundler-cache: true | |
- run: bundle exec rake | |
# Branch protection rules cannot directly depend on status checks from matrix jobs. | |
# So instead we define `test` as a dummy job which only runs after the preceding `test_matrix` checks have passed. | |
# Solution inspired by: https://github.521000.bestmunity/t/status-check-for-a-matrix-jobs/127354/3 | |
test: | |
needs: test_matrix | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "All matrix tests have passed 🚀" | |
publish: | |
needs: test | |
if: ${{ github.ref == 'refs/heads/main' }} | |
permissions: | |
contents: write | |
uses: alphagov/govuk-infrastructure/.github/workflows/publish-rubygem.yml@main | |
secrets: | |
GEM_HOST_API_KEY: ${{ secrets.ALPHAGOV_RUBYGEMS_API_KEY }} |