Update test.yml to more secure #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| push: | |
| branches: [ main ] | |
| # Cancel older runs on the same ref | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Least-privilege token even if repo defaults change later | |
| permissions: | |
| contents: read | |
| actions: read | |
| checks: read | |
| jobs: | |
| test: | |
| # Skip for draft PRs | |
| if: github.event_name != 'pull_request' || github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false # prevents pushes with GITHUB_TOKEN | |
| - name: Verify repository structure | |
| run: | | |
| echo "pwd=$(pwd)" | |
| ls -la | |
| ls -la bin/ || true | |
| - name: Make test script executable | |
| run: chmod +x bin/gitstack_test.sh | |
| - name: Run gitstack tests | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| echo "🧪 Running gitstack tests..." | |
| ./bin/gitstack_test.sh | |
| echo "✅ All tests passed!" | |
| - name: Test summary | |
| if: always() | |
| run: | | |
| if [ "${{ job.status }}" = "success" ]; then | |
| echo "🎉 gitstack is working correctly!" | |
| else | |
| echo "🚨 gitstack has issues that need attention" | |
| fi |