aaron/mattermost-desktop
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat: Upgrade Reusable GitHub Actions version (#2989)

Browse source 
* feat: Upgrade Github Actions versions

* fix: Fix supply chain scorecard

* fix: Remove ubuntu-4-core instances as they are redundant

* fix: Upgrade also CodeQL
This commit is contained in:
Antonis Stamatiou 2024-03-22 14:03:24 +02:00 committed by GitHub
parent 81c3a07412
commit 6c3eced3e9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 156 additions and 163 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.editorconfig
View file

@ -1,6 +1,6 @@
root = true root = true
[*] [*.{js|ts}]
end_of_line = lf end_of_line = lf
charset = utf-8 charset = utf-8
indent_style = space indent_style = space

28
.github/workflows/build-for-pr.yml vendored
View file

@ -14,15 +14,15 @@ env:
jobs: jobs:
build-linux-for-pr: build-linux-for-pr:
runs-on: ubuntu-latest-4-cores runs-on: ubuntu-22.04
if: ${{ github.event.label.name == 'Build Apps for PR' }} if: ${{ github.event.label.name == 'Build Apps for PR' }}
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -42,7 +42,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/linux bash -x ./scripts/cp_artifacts.sh release ./build/linux
- name: ci/upload-build - name: ci/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-linux name: build-linux
path: ./build/linux path: ./build/linux
@ -53,18 +53,18 @@ jobs:
if: ${{ github.event.label.name == 'Build Apps for PR' }} if: ${{ github.event.label.name == 'Build Apps for PR' }}
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
cache-dependency-path: package-lock.json cache-dependency-path: package-lock.json
- name: ci/cache-node-modules - name: ci/cache-node-modules
id: cache-node-modules id: cache-node-modules
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with: with:
path: node_modules path: node_modules
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('**/package-lock.json') }} key: ${{ runner.os }}-build-node-modules-${{ hashFiles('**/package-lock.json') }}
@ -85,18 +85,18 @@ jobs:
- windows-install-deps - windows-install-deps
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
cache-dependency-path: package-lock.json cache-dependency-path: package-lock.json
- name: ci/cache-node-modules - name: ci/cache-node-modules
id: cache-node-modules id: cache-node-modules
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with: with:
path: node_modules path: node_modules
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('package-lock.json') }} key: ${{ runner.os }}-build-node-modules-${{ hashFiles('package-lock.json') }}
@ -129,7 +129,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/win bash -x ./scripts/cp_artifacts.sh release ./build/win
- name: ci/upload-build - name: ci/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-windows name: build-windows
path: ./build/win path: ./build/win
@ -140,11 +140,11 @@ jobs:
if: ${{ github.event.label.name == 'Build Apps for PR' }} if: ${{ github.event.label.name == 'Build Apps for PR' }}
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -171,7 +171,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/macos/ bash -x ./scripts/cp_artifacts.sh release ./build/macos/
- name: ci/upload-build - name: ci/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-macos name: build-macos
path: ./build/macos/ path: ./build/macos/

40
.github/workflows/ci.yaml vendored
View file

@ -11,12 +11,12 @@ env:
jobs: jobs:
build-linux: build-linux:
runs-on: ubuntu-latest-4-cores runs-on: ubuntu-22.04
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -38,13 +38,13 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/linux bash -x ./scripts/cp_artifacts.sh release ./build/linux
- name: ci/upload-test-results - name: ci/upload-test-results
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: linux-test-results name: linux-test-results
path: test-results.xml path: test-results.xml
retention-days: 5 retention-days: 5
- name: ci/upload-build - name: ci/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-linux name: build-linux
path: ./build/linux path: ./build/linux
@ -54,16 +54,16 @@ jobs:
runs-on: windows-2022 runs-on: windows-2022
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
cache-dependency-path: package-lock.json cache-dependency-path: package-lock.json
- name: ci/cache-node-modules - name: ci/cache-node-modules
id: cache-node-modules id: cache-node-modules
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with: with:
path: node_modules path: node_modules
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('**/package-lock.json') }} key: ${{ runner.os }}-build-node-modules-${{ hashFiles('**/package-lock.json') }}
@ -88,16 +88,16 @@ jobs:
- windows-install-deps - windows-install-deps
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
cache-dependency-path: package-lock.json cache-dependency-path: package-lock.json
- name: ci/cache-node-modules - name: ci/cache-node-modules
id: cache-node-modules id: cache-node-modules
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with: with:
path: node_modules path: node_modules
key: ${{ runner.os }}-build-node-modules-${{ hashFiles('package-lock.json') }} key: ${{ runner.os }}-build-node-modules-${{ hashFiles('package-lock.json') }}
@ -130,13 +130,13 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/win bash -x ./scripts/cp_artifacts.sh release ./build/win
- name: ci/upload-test-results - name: ci/upload-test-results
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: windows-test-results name: windows-test-results
path: test-results.xml path: test-results.xml
retention-days: 5 retention-days: 5
- name: ci/upload-build - name: ci/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-windows name: build-windows
path: ./build/win path: ./build/win
@ -146,9 +146,9 @@ jobs:
runs-on: macos-12 runs-on: macos-12
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -169,13 +169,13 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/macos/ bash -x ./scripts/cp_artifacts.sh release ./build/macos/
- name: ci/upload-test-results - name: ci/upload-test-results
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: macos-test-results name: macos-test-results
path: test-results.xml path: test-results.xml
retention-days: 5 retention-days: 5
- name: ci/upload-build - name: ci/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-macos name: build-macos
path: ./build/macos/ path: ./build/macos/
@ -193,17 +193,17 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- name: ci/download-macos-test-results - name: ci/download-macos-test-results
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with: with:
name: macos-test-results name: macos-test-results
path: macos-test-results path: macos-test-results
- name: ci/download-windows-test-results - name: ci/download-windows-test-results
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with: with:
name: windows-test-results name: windows-test-results
path: windows-test-results path: windows-test-results
- name: ci/download-linux-test-results - name: ci/download-linux-test-results
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with: with:
name: linux-test-results name: linux-test-results
path: linux-test-results path: linux-test-results

34
.github/workflows/codeql-analysis.yml vendored
View file

@ -2,12 +2,12 @@ name: "CodeQL"
on: on:
push: push:
branches: [ master ] branches: [master]
pull_request: pull_request:
# The branches below must be a subset of the branches above # The branches below must be a subset of the branches above
branches: [ master ] branches: [master]
schedule: schedule:
- cron: '0 0 * * 0' - cron: "0 0 * * 0"
permissions: permissions:
contents: read contents: read
@ -18,25 +18,23 @@ jobs:
security-events: write security-events: write
name: Analyze name: Analyze
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
language: [ 'javascript' ] language: ["javascript"]
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v3 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v2 uses: github/codeql-action/init@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml config-file: ./.github/codeql/codeql-config.yml
# Autobuild attempts to build any compiled languages # Autobuild attempts to build any compiled languages
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v2 uses: github/codeql-action/autobuild@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2 uses: github/codeql-action/analyze@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5

2
.github/workflows/e2e-functional-template.yml vendored
View file

@ -32,7 +32,7 @@ on:
default: false default: false
cmt: cmt:
type: boolean type: boolean
description: "True if this is Comatibility Matrix Testing" description: "True if this is Compatibility Matrix Testing"
required: false required: false
default: false default: false
outputs: outputs:

103
.github/workflows/e2e-performance.yml vendored
View file

@ -2,29 +2,26 @@ name: E2E Performance Tests (Desktop)
on: on:
pull_request: pull_request:
branches: [ master ] branches: [master]
types: types:
- labeled - labeled
env: env:
RESULTS_PATH: e2e/performance/perf-test-report.json RESULTS_PATH: e2e/performance/perf-test-report.json
jobs: jobs:
build: build:
if: ${{ github.event.label.name == 'Run E2E Performance Tests' }} if: ${{ github.event.label.name == 'Run E2E Performance Tests' }}
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
strategy: strategy:
matrix: matrix:
os: [ubuntu-latest] os: [ubuntu-latest]
node-version: [16] node-version: [16]
steps: steps:
- name: Add start comment
- name: Add start comment uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
uses: actions/github-script@v6 with:
with: script: |
script: |
github.rest.issues.createComment({ github.rest.issues.createComment({
issue_number: context.issue.number, issue_number: context.issue.number,
owner: context.repo.owner, owner: context.repo.owner,
@ -32,49 +29,49 @@ jobs:
body: `E2E Performance Tests started 🏎️`, body: `E2E Performance Tests started 🏎️`,
}); });
- name: Set env variable for timestamp - name: Set env variable for timestamp
run: echo "NOW=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV run: echo "NOW=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
- uses: actions/checkout@v2 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Use Node.js ${{ matrix.node-version }} - name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v2 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
cache: 'npm' cache: "npm"
- name: Install packages - name: Install packages
run: sudo apt-get install libxtst-dev libpng++-dev run: sudo apt-get install libxtst-dev libpng++-dev
- name: Install dependencies 👨🏻‍💻 - name: Install dependencies 👨🏻‍💻
run: npm ci run: npm ci
- name: E2E Performance Tests for Electron 🧪 - name: E2E Performance Tests for Electron 🧪
run: ELECTRON_DISABLE_SANDBOX=1 xvfb-run --auto-servernum --server-args="-screen 0 1280x960x24" -- npm run test:e2e:performance run: ELECTRON_DISABLE_SANDBOX=1 xvfb-run --auto-servernum --server-args="-screen 0 1280x960x24" -- npm run test:e2e:performance
- name: Upload artifact to Github - name: Upload artifact to Github
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: perf-test-report.json name: perf-test-report.json
path: ${{ env.RESULTS_PATH }} path: ${{ env.RESULTS_PATH }}
if-no-files-found: error if-no-files-found: error
retention-days: 14 retention-days: 14
- name: Configure AWS credentials - name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1 uses: aws-actions/configure-aws-credentials@v1
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_PERFORMANCE_TESTS_PUT_BUCKET }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_PERFORMANCE_TESTS_PUT_BUCKET }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PERFORMANCE_TESTS_PUT_BUCKET }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PERFORMANCE_TESTS_PUT_BUCKET }}
aws-region: ${{ secrets.AWS_REGION_PERFORMANCE_TESTS_PUT_BUCKET }} aws-region: ${{ secrets.AWS_REGION_PERFORMANCE_TESTS_PUT_BUCKET }}
mask-aws-account-id: true mask-aws-account-id: true
- name: Upload report to S3 - name: Upload report to S3
run: aws s3 cp ${{ env.RESULTS_PATH }} s3://${{ secrets.AWS_BUCKET_PERFORMANCE_TESTS }}/${{ github.head_ref }}-${{ github.sha }}-${{ env.NOW }}.json run: aws s3 cp ${{ env.RESULTS_PATH }} s3://${{ secrets.AWS_BUCKET_PERFORMANCE_TESTS }}/${{ github.head_ref }}-${{ github.sha }}-${{ env.NOW }}.json
- name: Add results in PR comment - name: Add results in PR comment
uses: actions/github-script@v6 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with: with:
script: | script: |
const fs = require('fs'); const fs = require('fs');
const {generateCommentBodyPerformanceTest} = require('./e2e/utils/pr-e2e-durations-report.js'); const {generateCommentBodyPerformanceTest} = require('./e2e/utils/pr-e2e-durations-report.js');
const fileContents = fs.readFileSync('${{ env.RESULTS_PATH }}'); const fileContents = fs.readFileSync('${{ env.RESULTS_PATH }}');
@ -85,9 +82,15 @@ jobs:
body: generateCommentBodyPerformanceTest(fileContents), body: generateCommentBodyPerformanceTest(fileContents),
}); });
- name: Remove "Run E2E Performance Tests" label - name: Remove "Run E2E Performance Tests" label
if: always() if: always()
uses: actions-ecosystem/action-remove-labels@v1 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with: continue-on-error: true # Label might have been removed manually
labels: | with:
Run E2E Performance Tests script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'Run E2E Performance Tests',
});

2
.github/workflows/nightly-builds.yaml vendored
View file

@ -12,7 +12,7 @@ jobs:
tag: ${{ steps.tag-creation.outputs.tag }} tag: ${{ steps.tag-creation.outputs.tag }}
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: nightly/patch-version - name: nightly/patch-version
uses: ./.github/actions/patch-nightly-version uses: ./.github/actions/patch-nightly-version
- name: nightly/create-nightly-build-tag - name: nightly/create-nightly-build-tag

26
.github/workflows/nightly-main.yml vendored
View file

@ -28,11 +28,11 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: ci/checkout-repo - name: ci/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: ci/setup-node - name: ci/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -52,7 +52,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/linux bash -x ./scripts/cp_artifacts.sh release ./build/linux
- name: ci/upload-build - name: ci/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-nightly-main name: build-nightly-main
path: ./build path: ./build
@ -62,11 +62,11 @@ jobs:
runs-on: windows-2022 runs-on: windows-2022
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: nightly/setup-node - name: nightly/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -102,7 +102,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/win-release bash -x ./scripts/cp_artifacts.sh release ./build/win-release
- name: nightly/upload-build - name: nightly/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-nightly-main name: build-nightly-main
path: ./build path: ./build
@ -120,11 +120,11 @@ jobs:
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_LINK }} CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_LINK }}
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: nightly/setup-node - name: nightly/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -150,11 +150,11 @@ jobs:
- mac-app-store-preflight - mac-app-store-preflight
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: nightly/setup-node - name: nightly/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -182,7 +182,7 @@ jobs:
- name: nightly/rename-arm64-to-m1 - name: nightly/rename-arm64-to-m1
run: rename 's/arm64/m1/' ./build/macos-release/$(jq -r .version package.json)/* run: rename 's/arm64/m1/' ./build/macos-release/$(jq -r .version package.json)/*
- name: nightly/upload-build - name: nightly/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-nightly-main name: build-nightly-main
path: ./build path: ./build
@ -198,7 +198,7 @@ jobs:
- build-linux - build-linux
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: nightly/setup-aws-credentials - name: nightly/setup-aws-credentials
@ -208,7 +208,7 @@ jobs:
aws-access-key-id: ${{ secrets.MM_DESKTOP_RELEASE_AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.MM_DESKTOP_RELEASE_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.MM_DESKTOP_RELEASE_AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.MM_DESKTOP_RELEASE_AWS_SECRET_ACCESS_KEY }}
- name: nightly/download-builds - name: nightly/download-builds
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with: with:
name: build-nightly-main name: build-nightly-main
path: build path: build

16
.github/workflows/nightly-rainforest.yml vendored
View file

@ -30,11 +30,11 @@ jobs:
runs-on: windows-2022 runs-on: windows-2022
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: nightly/setup-node - name: nightly/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -70,7 +70,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/win bash -x ./scripts/cp_artifacts.sh release ./build/win
- name: nightly/upload-build - name: nightly/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-rainforest name: build-rainforest
path: ./build path: ./build
@ -80,11 +80,11 @@ jobs:
runs-on: macos-12 runs-on: macos-12
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: nightly/setup-node - name: nightly/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -112,7 +112,7 @@ jobs:
- name: nightly/rename-arm64-to-m1 - name: nightly/rename-arm64-to-m1
run: rename 's/arm64/m1/' ./build/macos/$(jq -r .version package.json)/* run: rename 's/arm64/m1/' ./build/macos/$(jq -r .version package.json)/*
- name: nightly/upload-build - name: nightly/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build-rainforest name: build-rainforest
path: ./build path: ./build
@ -125,7 +125,7 @@ jobs:
- build-msi-installer - build-msi-installer
steps: steps:
- name: nightly/checkout-repo - name: nightly/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.REFERENCE }} ref: ${{ env.REFERENCE }}
- name: nightly/setup-aws-credentials - name: nightly/setup-aws-credentials
@ -135,7 +135,7 @@ jobs:
aws-access-key-id: ${{ secrets.MM_DESKTOP_DAILY_AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.MM_DESKTOP_DAILY_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.MM_DESKTOP_DAILY_AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.MM_DESKTOP_DAILY_AWS_SECRET_ACCESS_KEY }}
- name: nightly/download-builds - name: nightly/download-builds
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with: with:
name: build-rainforest name: build-rainforest
path: build path: build

4
.github/workflows/release-mas.yaml vendored
View file

@ -26,9 +26,9 @@ jobs:
CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_LINK }} CSC_LINK: ${{ secrets.MM_DESKTOP_MAC_APP_STORE_CSC_LINK }}
steps: steps:
- name: release/checkout-repo - name: release/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: release/setup-node - name: release/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"

30
.github/workflows/release.yaml vendored
View file

@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: release/checkout-repo - name: release/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: release/notify-channel - name: release/notify-channel
run: | run: |
jq --null-input \ jq --null-input \
@ -30,14 +30,14 @@ jobs:
curl -i -H "Content-Type: application/json" -X POST -d @/tmp/webhook-data.json ${{ secrets.MM_DESKTOP_RELEASE_WEBHOOK_URL }} || echo "NOFICATION FAILED! check logs as this will succeed intentionally" curl -i -H "Content-Type: application/json" -X POST -d @/tmp/webhook-data.json ${{ secrets.MM_DESKTOP_RELEASE_WEBHOOK_URL }} || echo "NOFICATION FAILED! check logs as this will succeed intentionally"
build-linux: build-linux:
runs-on: ubuntu-latest-4-cores runs-on: ubuntu-22.04
needs: needs:
- begin-notification - begin-notification
steps: steps:
- name: release/checkout-repo - name: release/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: release/setup-node - name: release/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -59,7 +59,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/linux bash -x ./scripts/cp_artifacts.sh release ./build/linux
- name: release/upload-build - name: release/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build name: build
path: ./build path: ./build
@ -71,9 +71,9 @@ jobs:
- begin-notification - begin-notification
steps: steps:
- name: release/checkout-repo - name: release/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: release/setup-node - name: release/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -110,7 +110,7 @@ jobs:
bash -x ./scripts/patch_updater_yml.sh bash -x ./scripts/patch_updater_yml.sh
bash -x ./scripts/cp_artifacts.sh release ./build/win-release bash -x ./scripts/cp_artifacts.sh release ./build/win-release
- name: release/upload-build - name: release/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build name: build
path: ./build path: ./build
@ -122,9 +122,9 @@ jobs:
- begin-notification - begin-notification
steps: steps:
- name: release/checkout-repo - name: release/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: release/setup-node - name: release/setup-node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with: with:
node-version-file: "package.json" node-version-file: "package.json"
cache: "npm" cache: "npm"
@ -154,7 +154,7 @@ jobs:
- name: release/rename-arm64-to-m1 - name: release/rename-arm64-to-m1
run: rename 's/arm64/m1/' ./build/macos-release/$(jq -r .version package.json)/* run: rename 's/arm64/m1/' ./build/macos-release/$(jq -r .version package.json)/*
- name: release/upload-build - name: release/upload-build
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: build name: build
path: ./build path: ./build
@ -174,7 +174,7 @@ jobs:
aws-access-key-id: ${{ secrets.MM_DESKTOP_RELEASE_AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.MM_DESKTOP_RELEASE_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.MM_DESKTOP_RELEASE_AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.MM_DESKTOP_RELEASE_AWS_SECRET_ACCESS_KEY }}
- name: release/download-builds - name: release/download-builds
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
- name: release/setup-files-for-aws - name: release/setup-files-for-aws
run: | run: |
mkdir -p ./aws-s3-dist mkdir -p ./aws-s3-dist
@ -188,9 +188,9 @@ jobs:
- upload-to-s3 - upload-to-s3
steps: steps:
- name: release/checkout-repo - name: release/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: release/download-builds - name: release/download-builds
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
- name: release/setup-files-for-github-release - name: release/setup-files-for-github-release
run: | run: |
mkdir -p ./ghr-dist mkdir -p ./ghr-dist
@ -211,7 +211,7 @@ jobs:
- github-release - github-release
steps: steps:
- name: release/checkout-repo - name: release/checkout-repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 0 fetch-depth: 0
- name: release/notify-channel - name: release/notify-channel

26
.github/workflows/scorecards-analysis.yml vendored
View file

@ -3,9 +3,9 @@ on:
# Only the default branch is supported. # Only the default branch is supported.
branch_protection_rule: branch_protection_rule:
schedule: schedule:
- cron: '44 7 * * 5' - cron: "44 7 * * 5"
push: push:
branches: [ master ] branches: [master]
# Declare default permissions as read only. # Declare default permissions as read only.
permissions: read-all permissions: read-all
@ -15,34 +15,26 @@ jobs:
name: Scorecards analysis name: Scorecards analysis
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
# Needed to upload the results to code-scanning dashboard. # Needed if using Code scanning alerts
security-events: write security-events: write
actions: read # Needed for GitHub OIDC token if publish_results is true
contents: read id-token: write
steps: steps:
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@v2.2.0 uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
# Read-only PAT token. To create it,
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`,
# regardless of the value entered here.
publish_results: true publish_results: true
# Upload the results as artifacts (optional). # Upload the results as artifacts (optional).
- name: "Upload artifact" - name: "Upload artifact"
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
@ -50,6 +42,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 uses: github/codeql-action/upload-sarif@423a04bb2cb7cd2643007122588f1387778f14d0 # v2.16.5
with: with:
sarif_file: results.sarif sarif_file: results.sarif