Skip to content

feat: Shorten workflow job names, add required checks, optimize runners, and restrict permissions #228

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat: Shorten workflow job names, add required checks, optimize runners, and restrict permissions #228

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
bc23267
Initial plan
Copilot Jan 31, 2026
f6098db
Rename Code quality jobs to shorter names
Copilot Jan 31, 2026
49ac2ed
Update job name to 'code - units' based on feedback
Copilot Jan 31, 2026
44fbaad
Update lint job name to 'code - lint' based on feedback
Copilot Jan 31, 2026
11fcfb4
Capitalize 'Code' in job names based on feedback
Copilot Jan 31, 2026
1ab0052
Add required checks aggregation job
Copilot Jan 31, 2026
c143d83
Simplify Release and Labels workflow job names
Copilot Jan 31, 2026
4ecac07
Change all runners to ubuntu-slim for jobs under 15 minutes
Copilot Feb 1, 2026
3204d94
Add explicit permissions to CI jobs to restrict GITHUB_TOKEN
Copilot Feb 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/CI.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,76 +19,76 @@

jobs:
gaptest:
name: Code quality - unit-tests (${{ matrix.gap-branch }})
name: Tests (${{ matrix.gap-branch }})
Comment thread
limakzi marked this conversation as resolved.
Outdated
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
gap-branch:
- master
- stable-4.15
- stable-4.14
- stable-4.13
- stable-4.12

steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Setup gap-system
uses: gap-actions/setup-gap@v3
with:
gap-version: ${{ matrix.gap-branch }}

- name: Install additional packages
shell: bash
run: |
gap -c 'LoadPackage("PackageManager"); InstallPackage("digraphs"); QUIT;'

- name: Build gap-package
uses: gap-actions/build-pkg@v2

- name: Provision documentation for package
uses: gap-actions/build-pkg-docs@v2
with:
use-latex: 'true'

- name: Run gap-tests
uses: gap-actions/run-pkg-tests@v4

- name: Run gap-tests (only-needed)
uses: gap-actions/run-pkg-tests@v4
with:
only-needed: true

- name: Show code-coverage
uses: gap-actions/process-coverage@v3

gaplint:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
name: Code quality - gaplint
name: Lint
Comment thread
limakzi marked this conversation as resolved.
Outdated
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Setup python
uses: actions/setup-python@v6
with:
python-version: 3.13
cache: pip

- name: Install python-dependencies
uses: py-actions/py-dependency-install@v4
with:
update-pip: true

- name: Run gaplint
run: |
echo "::group:: gaplint -- *.g"
find . -name '*.g' | xargs -n1 gaplint
echo "::group:: gaplint -- *.gi"
find . -name '*.gi' | xargs -n1 gaplint
echo "::group:: gaplint -- *.gd"
find . -name '*.gd' | xargs -n1 gaplint
echo "::group:: gaplint -- *.tst"
find . -name '*.tst' | xargs -n1 gaplint

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
Loading