Stop persisting credentials in github actions checkouts #7716
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
pull_request: | |
push: | |
branches: | |
- master | |
permissions: | |
contents: read | |
jobs: | |
# This is umbrella job for all tests needed to pass to make it simpler | |
# to maintain GitHub Actions status required checks since job names and | |
# amount change over the time and it is easier to maintian having just | |
# this umbrella check set as required. | |
status_check: | |
name: All required tests passing check | |
needs: [rails] | |
runs-on: ubuntu-24.04 | |
if: always() | |
steps: | |
- run: /bin/${{ (needs.rails.result == 'success' || needs.rails.result == 'skipped') }} | |
rails: | |
strategy: | |
fail-fast: false | |
matrix: | |
rubygems: | |
- name: locked | |
version: "3.6.1" | |
- name: latest | |
version: latest | |
ruby_version: ["3.3.6"] | |
tests: | |
- name: general | |
command: test | |
- name: system | |
command: test:system | |
include: | |
- rubygems: { name: latest, version: latest } | |
ruby_version: "3.3.6" | |
tests: { name: "avo without pro", command: "test test/*/avo" } | |
name: Rails tests ${{ matrix.tests.name }} (RubyGems ${{ matrix.rubygems.name }}, Ruby ${{ matrix.ruby_version }}) | |
runs-on: ubuntu-22.04 | |
env: | |
RUBYGEMS_VERSION: ${{ matrix.rubygems.version }} | |
# Fail hard when Toxiproxy is not running to ensure all tests (even Toxiproxy optional ones) are passing | |
REQUIRE_TOXIPROXY: true | |
REQUIRE_AVO_PRO: ${{ github.secret_source != 'None' && matrix.tests.name != 'avo without pro' }} | |
AVO_LICENSE_KEY: ${{ secrets.AVO_LICENSE_KEY }} | |
BUNDLE_PACKAGER__DEV: ${{ secrets.BUNDLE_PACKAGER__DEV }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
persist-credentials: false | |
- name: Setup rubygems.org | |
uses: ./.github/actions/setup-rubygems.org | |
with: | |
ruby-version: ${{ matrix.ruby_version }} | |
rubygems-version: ${{ matrix.rubygems.version }} | |
install-avo-pro: ${{ matrix.tests.name != 'avo without pro' }} | |
- name: Tests ${{ matrix.tests.name }} | |
id: test-all | |
run: bin/rails ${{ matrix.tests.command }} | |
- name: Save capybara screenshots | |
if: ${{ failure() && steps.test-all.outcome == 'failure' }} | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: capybara-screenshots-${{ matrix.tests.name }}-${{ matrix.rubygems.name }} | |
path: tmp/capybara | |
if-no-files-found: ignore | |
- name: Upload coverage to Codecov | |
if: matrix.rubygems.name == 'locked' && (success() || failure()) | |
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |