Add zizmor checks on CI. #5414
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests CI | |
| on: | |
| # Triggers the workflow on any pull request and push to develop | |
| push: | |
| branches: [ develop ] | |
| pull_request: | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| permissions: {} | |
| env: | |
| # Make the git branch for a PR available to our Fastfile | |
| MX_GIT_BRANCH: ${{ github.event.pull_request.head.ref }} | |
| jobs: | |
| tests: | |
| name: Tests | |
| runs-on: macos-26 | |
| concurrency: | |
| # When running on develop, use the sha to allow all runs of this workflow to run concurrently. | |
| # Otherwise only allow a single run of this workflow on each branch, automatically cancelling older runs. | |
| group: ${{ github.ref == 'refs/heads/develop' && format('tests-develop-{0}', github.sha) || format('tests-{0}', github.ref) }} | |
| cancel-in-progress: true | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| submodules: 'true' | |
| persist-credentials: false | |
| # Common cache | |
| # Note: GH actions do not support yaml anchor yet. We need to duplicate this for every job | |
| - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: Pods | |
| key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pods- | |
| - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: vendor/bundle | |
| key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gems- | |
| # Make sure we use the latest version of MatrixSDK | |
| - name: Reset MatrixSDK pod | |
| run: rm -rf Pods/MatrixSDK | |
| # Common setup | |
| # Note: GH actions do not support yaml anchor yet. We need to duplicate this for every job | |
| - name: Brew bundle | |
| run: brew bundle | |
| - name: Bundle install | |
| run: | | |
| bundle config path vendor/bundle | |
| bundle install --jobs 4 --retry 3 | |
| - name: Xcodegen | |
| run: mint run yonaskolb/XcodeGen@2.39.0 | |
| # Main step | |
| - name: Unit tests | |
| run: bundle exec fastlane test | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| flags: unittests |