Skip to content
CI

Pin GitHub Actions to commit hashes to prevent supply chain attacks #1

Sign in to view logs

Pin GitHub Actions to commit hashes to prevent supply chain attacks

Pin GitHub Actions to commit hashes to prevent supply chain attacks #1

Workflow file for this run

.github/workflows/ci.yml at 25ead9d
name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
env:
PRODUCT_NAME: xcodeproj
jobs:
test-macos:
name: Test on macOS
runs-on: macos-15
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Xcode
run: sudo xcode-select -s /Applications/Xcode_16.4.app/Contents/Developer
- name: Cache Swift Dependencies
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: .build
key: ${{ runner.os }}-swift-${{ hashFiles('Package.resolved') }}
restore-keys: |
${{ runner.os }}-swift-
- name: Build Debug
run: swift build -v
- name: Build Release
run: swift build -c release -v
- name: Test Basic Commands
run: |
# Test version and help
.build/release/${{ env.PRODUCT_NAME }} --version
.build/release/${{ env.PRODUCT_NAME }} --help
# Test a few key commands
.build/release/${{ env.PRODUCT_NAME }} create TestProject --organization-name "Test Org" --bundle-identifier "com.test.app"
.build/release/${{ env.PRODUCT_NAME }} list-targets TestProject.xcodeproj
.build/release/${{ env.PRODUCT_NAME }} list-build-configurations TestProject.xcodeproj
# Cleanup
rm -rf TestProject.xcodeproj
- name: Run Comprehensive Tests
run: |
./scripts/test.sh
- name: Cleanup Test Artifacts
run: |
rm -rf TestDemo.xcodeproj TestDemo/
lint:
name: Swift Format Check
runs-on: macos-15
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Xcode
run: sudo xcode-select -s /Applications/Xcode_16.4.app/Contents/Developer
- name: Check Swift Format
run: |
# Check if swift-format is available, if not skip
if command -v swift-format >/dev/null 2>&1; then
echo "Running swift-format check..."
find Sources -name "*.swift" -exec swift-format lint {} \;
else
echo "swift-format not available, skipping format check"
fi
test-linux:
name: Test Linux Compatibility
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Cache all dependencies
- name: Cache Dependencies
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
~/.local/share/swiftly
~/.swiftpm/swift-sdks
.build
key: ${{ runner.os }}-deps-6.1.2-${{ hashFiles('Package.resolved', '**/ci.yml') }}
restore-keys: |
${{ runner.os }}-deps-6.1.2-
${{ runner.os }}-deps-
# Install dependencies
- name: Cache APT packages
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
/tmp/apt-cache
key: ${{ runner.os }}-apt-libcurl4-openssl-dev-${{ hashFiles('**/ci.yml') }}
restore-keys: |
${{ runner.os }}-apt-libcurl4-openssl-dev-
- name: Install System Dependencies
run: |
# Create cache directory
sudo mkdir -p /tmp/apt-cache
sudo chown -R runner:runner /tmp/apt-cache
# Configure apt to use our cache directory and skip unnecessary processing
sudo tee /etc/apt/apt.conf.d/01cache > /dev/null << 'EOF'
Dir::Cache::Archives "/tmp/apt-cache";
APT::Install-Recommends "false";
APT::Install-Suggests "false";
EOF
# Disable man-db triggers to speed up installation
sudo bash -c 'echo "path-exclude /usr/share/man/*" >> /etc/dpkg/dpkg.cfg.d/01_nodoc'
sudo bash -c 'echo "path-exclude /usr/share/locale/*" >> /etc/dpkg/dpkg.cfg.d/01_nodoc'
sudo bash -c 'echo "path-exclude /usr/share/doc/*" >> /etc/dpkg/dpkg.cfg.d/01_nodoc'
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get -y install --no-install-recommends libcurl4-openssl-dev
# Clean up lock files that cause caching issues
sudo rm -f /tmp/apt-cache/lock /tmp/apt-cache/partial/*
sudo chmod -R 755 /tmp/apt-cache
- name: Install Swiftly and Swift Toolchain
uses: vapor/swiftly-action@afdde2275f2b916c2704383f3a6b72032adb488c # v0.2.0
with:
toolchain: 6.1.2
- name: Verify Swift Installation
run: |
echo "Verifying Swift installation..."
which swift
swift --version
- name: Install Linux Static SDK
run: |
echo "Installing Linux static SDK for Swift 6.1.2..."
if ! swift sdk list | grep -q "swift-6.1.2-RELEASE_static-linux-0.0.1"; then
swift sdk install \
https://download.swift.org/swift-6.1.2-release/static-sdk/swift-6.1.2-RELEASE/swift-6.1.2-RELEASE_static-linux-0.0.1.artifactbundle.tar.gz \
--checksum df0b40b9b582598e7e3d70c82ab503fd6fbfdff71fd17e7f1ab37115a0665b3b
else
echo "Linux static SDK already installed"
fi
echo "Available SDKs:"
swift sdk list
- name: Run Native Linux Compatibility Tests
run: |
# Make scripts executable
chmod +x scripts/test-linux-native.sh
chmod +x scripts/test-core.sh
# Debug environment
echo "Environment check:"
echo "OS: $OSTYPE"
echo "PWD: $(pwd)"
echo "Swift path: $(which swift)"
# Run the native Linux compatibility tests (builds and tests actual code)
./scripts/test-linux-native.sh
- name: Upload test artifacts on failure
if: failure()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: linux-compatibility-test-logs
path: |
/tmp/tmp.*
*.log
if-no-files-found: ignore
retention-days: 7