Fix workflow and resolve dev vulnerabilities (#36)

* Use @actions/core for setting env vars * Resolve vulnerabilities Resolves @dependabot PRs #34, #35 * Workflow to use Node 10.x * Use ubuntu-latest vscode-test appears broken on Ubuntu 16.04. See microsoft/vscode-test#73 * Run ubuntu-latest tests under xvfb-run * Add required check for branch policies Allows matrix build job to change without requiring reconfiguring branch policies with strategy-specific names. Branch policy will instead depend on the new "check" job that depends on all build jobs.
heaths · Jan 16, 2021 · 1f88801 · 1f88801
1 parent a76c06b
commit 1f88801
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 17 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -29,3 +29,6 @@ insert_final_newline = true
 
 [*.json]
 indent_size = 2
+
+[*.yml]
+indent_size = 2
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,10 +17,10 @@ jobs:
       fail-fast: false
       matrix:
         node-version:
-        - '8.x'
+        - '10.x'
         os:
         - macos-latest
-        - ubuntu-16.04
+        - ubuntu-latest
         - windows-latest
         vscode-channel:
         - stable
@@ -43,20 +43,20 @@ jobs:
       run: npm install
 
     - name: Compile
-      run: node ./node_modules/gulp/bin/gulp set-version compile
+      run: npm run compile set-version
 
-    - name: Start Xvfb
-      run: |
-        set -e
-        /usr/bin/Xvfb :10 -ac >> /tmp/Xvfb.out 2>&1 &
-        disown -ar
+    - name: Test (Linux)
       if: runner.os == 'Linux'
+      run: xvfb-run -a npm test
+      env:
+        CODE_VERSION: ${{ matrix.vscode-channel }}
+        TEST_RESULTS_PATH: ${{ github.workspace }}/.vscode-test/test-results.xml
 
     - name: Test
-      run: node ./out/test/runTest
+      if: runner.os != 'Linux'
+      run: npm test
       env:
         CODE_VERSION: ${{ matrix.vscode-channel }}
-        DISPLAY: ':10'
         TEST_RESULTS_PATH: ${{ github.workspace }}/.vscode-test/test-results.xml
 
     - name: Publish test results
@@ -82,6 +82,14 @@ jobs:
         name: artifacts
         path: ${{ runner.temp }}/vscode-guid-${{ env.BUILD_VERSION }}.vsix
 
+  check:
+    needs: build
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check
+      run: echo "All required checks passed"
+
   publish:
     needs: build
     runs-on: ubuntu-latest

diff --git a/gulpfile.js b/gulpfile.js
@@ -27,6 +27,7 @@ const clean = require('gulp-clean');
 const sourcemaps = require('gulp-sourcemaps');
 const svg2png = require('gulp-svg2png');
 const ts = require('gulp-typescript');
+const gh = require('@actions/core');
 
 gulp.task('compile:res', () => {
     return gulp.src('res/**/*.svg')
@@ -56,7 +57,7 @@ gulp.task('set-version', (done) => {
         console.log(`##vso[build.updatebuildnumber]${p.version}`);
     }
     else if (process.env.GITHUB_ACTIONS) {
-        console.log(`::set-env name=BUILD_VERSION::${p.version}`);
+        gh.exportVariable('BUILD_VERSION', p.version);
     }
 
     done();

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -86,6 +86,7 @@
     "uuid": "^3.3.2"
   },
   "devDependencies": {
+    "@actions/core": "^1.2.6",
     "@types/glob": "^7.1.1",
     "@types/mocha": "^5.2.6",
     "@types/node": "^11.11.3",