chore(main): release 6.6.3 #1033
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| on: | |
| merge_group: | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| build-push-test: | |
| name: Build → Push → Test (🍨 ${{ matrix.flavor }}) | |
| strategy: | |
| matrix: | |
| flavor: [cpp, rust] | |
| uses: ./.github/workflows/wc-build-push-test.yml | |
| secrets: | |
| TEST_GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }} | |
| TEST_GITHUB_USER: ${{ secrets.TEST_GITHUB_USER }} | |
| TEST_GITHUB_PASSWORD: ${{ secrets.TEST_GITHUB_PASSWORD }} | |
| TEST_GITHUB_TOTP_SECRET: ${{ secrets.TEST_GITHUB_TOTP_SECRET }} | |
| permissions: | |
| actions: read # is needed by anchore/sbom-action to find workflow artifacts when attaching release assets | |
| attestations: write # is needed by actions/attest-build-provenance to push attestations | |
| contents: write # is needed by anchore/sbom-action for artifact uploads | |
| id-token: write # is needed by actions/attest-build-provenance to obtain an OIDC token | |
| packages: write # is needed to push image manifest when using GitHub Container Registry | |
| pull-requests: write # is needed by marocchino/sticky-pull-request-comment to post comments | |
| with: | |
| devcontainer-metadata-file: .devcontainer/${{ matrix.flavor }}/devcontainer-metadata.json | |
| dockerfile: .devcontainer/${{ matrix.flavor }}/Dockerfile | |
| image-name: ${{ github.repository }}-${{ matrix.flavor }} | |
| integration-test-file: test/${{ matrix.flavor }}/integration-tests.bats | |
| acceptance-test-path: ${{ matrix.flavor == 'cpp' && 'test/cpp/features' || '' }} | |
| test-devcontainer-file: ${{ matrix.flavor == 'cpp' && '.devcontainer/cpp-test/devcontainer.json' || '' }} | |
| dependency-review: | |
| name: 🔍 Dependency Review | |
| needs: build-push-test | |
| uses: ./.github/workflows/wc-dependency-review.yml | |
| permissions: | |
| contents: read | |
| pull-requests: write # is needed by actions/dependency-review-action to write PR summaries | |
| publish-test-results: | |
| name: 📊 Publish Test Results | |
| runs-on: ubuntu-latest | |
| permissions: | |
| checks: write # is needed by EnricoMi/publish-unit-test-result-action to add a check run with test results | |
| pull-requests: write # is needed by EnricoMi/publish-unit-test-result-action to annotate PRs | |
| needs: build-push-test | |
| if: ${{ !cancelled() }} | |
| steps: | |
| - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| disable-sudo: true | |
| egress-policy: audit | |
| - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| merge-multiple: true | |
| pattern: test-results-* | |
| - uses: EnricoMi/publish-unit-test-result-action@34d7c956a59aed1bfebf31df77b8de55db9bbaaf # v2.21.0 | |
| with: | |
| files: test-report-*.xml | |
| generate-documents: | |
| name: 📄 Documentation | |
| uses: ./.github/workflows/wc-document-generation.yml | |
| permissions: | |
| contents: read |