Bump step-security/harden-runner from 2.8.1 to 2.9.1 #292
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
pull_request: | |
types: [ opened, reopened, synchronize, ready_for_review ] | |
push: | |
branches: | |
- 'main' | |
workflow_dispatch: | |
inputs: | |
branch: | |
description: 'Branch to run tests on' | |
required: true | |
default: 'main' | |
name: PR CI/CD | |
# cancel already running jobs for same PR | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
actions: read | |
jobs: | |
analyze: | |
timeout-minutes: 5 | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: dart-lang/setup-dart@fedb1266e91cf51be2fdb382869461a434b920a3 # v1.6.2 | |
with: | |
sdk: stable | |
- name: Install dependencies | |
run: dart pub get | |
- run: dart analyze --fatal-infos | |
test: | |
timeout-minutes: 5 | |
runs-on: ubuntu-latest | |
permissions: | |
checks: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: dart-lang/setup-dart@fedb1266e91cf51be2fdb382869461a434b920a3 # v1.6.2 | |
with: | |
sdk: stable | |
- name: Install dependencies | |
run: dart pub get | |
- name: Install coverage | |
run: dart pub global activate coverage | |
- uses: stelynx/dart-full-coverage@fc91fc4cf52e65867c0ad0e54390d0fd4e22f7d8 # v1.1.1 | |
with: | |
package: dart_pdf_reader | |
- run: dart test --no-color test --file-reporter "json:unit.test.json" --coverage="coverage" | |
- name: Convert coverage | |
run: $HOME/.pub-cache/bin/format_coverage --lcov --in=coverage --out=coverage.lcov --report-on=lib --check-ignore | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Test Report | |
if: always() | |
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1 | |
with: | |
name: Unit Tests | |
path: unit.test.json | |
reporter: dart-json |