Skip to content

Use npm to manage "Check Workflows" tool dependencies #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 16, 2024
Merged

Use npm to manage "Check Workflows" tool dependencies #792

merged 1 commit into from
Oct 16, 2024

Conversation

@per1234
Copy link
Contributor

@per1234 per1234 commented Oct 16, 2024

The project uses the ajv-cli tool to validate GitHub Actions workflows against the JSON schema. Previously, the version of the tool used was not controlled. This was problematic because:

  • A different version of the tool may be used on the contributor's machine than on the CI runner, resulting in confusing failures.
  • The project is immediately subject to disruption or breakage resulting from a release of the tool.

The new approach is to specify the version of the tools via the standard npm metadata files (package.json + package-lock.json), providing the following benefits:

  • Enables automated updates via Dependabot PRs
  • Enables automated vulnerability alerts

@per1234
Use npm to manage "Check Workflows" tool dependencies
14983d7 
The project uses the ajv-cli tool to validate GitHub Actions workflows against the JSON schema. Previously, the version
of the tool used was not controlled. This was problematic because:

- A different version of the tool may be used on the contributor's machine than on the CI runner, resulting in confusing
  failures.
- The project is immediately subject to disruption or breakage resulting from a release of the tool.

The new approach is to specify the version of the tools via the standard npm metadata files (package.json +
package-lock.json), providing the following benefits:

- Enables automated updates via Dependabot PRs
- Enables automated vulnerability alerts
@per1234 per1234 added type: enhancement Proposed improvement topic: infrastructure Related to project infrastructure labels Oct 16, 2024
@per1234 per1234 self-assigned this Oct 16, 2024
@codecov
Copy link

codecov bot commented Oct 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.05%. Comparing base (3a1b210) to head (14983d7).
Report is 13 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #792   +/-   ##
=======================================
  Coverage   90.05%   90.05%           
=======================================
  Files          44       44           
  Lines        6800     6800           
=======================================
  Hits         6124     6124           
  Misses        553      553           
  Partials      123      123
Flag Coverage Δ
unit 90.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@per1234 per1234 merged commit c190bd2 into arduino:main Oct 16, 2024
70 checks passed
@per1234 per1234 deleted the check-workflows-npm branch October 16, 2024 06:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@per1234 per1234

Labels

topic: infrastructure Related to project infrastructure type: enhancement Proposed improvement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@per1234