From 65ac37f2e7e211b5dbdf582ca38fb4fd456b107c Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 8 Jun 2026 17:54:15 +0100 Subject: [PATCH] Fix extended validation Node setup Bootstrap shell-safe Node before the fast and extended validation script jobs so scheduled self-hosted runs do not fall back to the runner image's Node 18 runtime. Add workflow coverage for that setup order. --- .github/workflows/ci.yml | 8 ++-- .github/workflows/extended-validation.yml | 8 ++++ test/workflow.test.ts | 49 ++++++++++++++++++++--- 3 files changed, 56 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cb221e9..99b981f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,9 +31,9 @@ jobs: timeout-minutes: 15 steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: ./actions/setup-shell-safe-node with: - node-version: "24" + node-version: 24.14.1 - uses: pnpm/action-setup@v6 with: version: 10.32.1 @@ -122,9 +122,9 @@ jobs: timeout-minutes: 20 steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: ./actions/setup-shell-safe-node with: - node-version: "24" + node-version: 24.14.1 - uses: pnpm/action-setup@v6 with: version: 10.32.1 diff --git a/.github/workflows/extended-validation.yml b/.github/workflows/extended-validation.yml index 973afe7..9502605 100644 --- a/.github/workflows/extended-validation.yml +++ b/.github/workflows/extended-validation.yml @@ -86,6 +86,10 @@ jobs: steps: - uses: actions/checkout@v6 + - uses: ./actions/setup-shell-safe-node + with: + node-version: 24.14.1 + - name: Run fast checks run: bash scripts/ci/run-fast-checks.sh @@ -98,6 +102,10 @@ jobs: steps: - uses: actions/checkout@v6 + - uses: ./actions/setup-shell-safe-node + with: + node-version: 24.14.1 + - name: Run extended validation run: bash scripts/ci/run-extended-validation.sh diff --git a/test/workflow.test.ts b/test/workflow.test.ts index 10411d7..f3645fa 100644 --- a/test/workflow.test.ts +++ b/test/workflow.test.ts @@ -6,6 +6,36 @@ import { describe, expect, test } from "vitest"; const shellSafePublicRunner = ["self-hosted", "linux", "shell-only", "public"]; describe("CI workflow", () => { + test("bootstraps shell-safe Node before extended validation script jobs", () => { + const workflow = YAML.parse( + fs.readFileSync( + path.resolve(".github/workflows/extended-validation.yml"), + "utf8" + ) + ) as { + jobs: Record>; + }; + + for (const jobName of ["fast-checks", "extended-checks"]) { + const job = workflow.jobs[jobName]; + const steps = job.steps as Array>; + const setupNodeIndex = steps.findIndex( + (step) => step.uses === "./actions/setup-shell-safe-node" + ); + const scriptIndex = steps.findIndex( + (step) => + typeof step.run === "string" && + step.run.includes("scripts/ci/run-") + ); + + expect(setupNodeIndex).toBeGreaterThan(-1); + expect(setupNodeIndex).toBeLessThan(scriptIndex); + expect(steps[setupNodeIndex]?.with).toMatchObject({ + "node-version": "24.14.1" + }); + } + }); + test("runs mutation testing in extended validation and uploads the report", () => { const workflow = YAML.parse( fs.readFileSync( @@ -104,9 +134,17 @@ describe("CI workflow", () => { const trustedJob = workflow.jobs.test_self_hosted_trusted; const steps = trustedJob.steps as Array>; const setupNodeStep = steps.find( - (step) => step.uses === "actions/setup-node@v6" + (step) => step.uses === "./actions/setup-shell-safe-node" + ); + const setupNodeIndex = steps.findIndex( + (step) => step.uses === "./actions/setup-shell-safe-node" ); const pnpmStep = steps.find((step) => step.uses === "pnpm/action-setup@v6"); + const linuxDockerSteps = workflow.jobs.linux_docker_contract_trusted + .steps as Array>; + const linuxDockerSetupNodeStep = linuxDockerSteps.find( + (step) => step.uses === "./actions/setup-shell-safe-node" + ); const forkSteps = workflow.jobs.test_public_fork_pr.steps as Array< Record >; @@ -119,14 +157,15 @@ describe("CI workflow", () => { version: "10.32.1" }); expect(setupNodeStep?.with).toMatchObject({ - "node-version": "24" + "node-version": "24.14.1" + }); + expect(linuxDockerSetupNodeStep?.with).toMatchObject({ + "node-version": "24.14.1" }); expect(forkSetupNodeStep?.with).toMatchObject({ "node-version": "24" }); - expect(steps.indexOf(setupNodeStep ?? {})).toBeLessThan( - steps.indexOf(pnpmStep ?? {}) - ); + expect(setupNodeIndex).toBeLessThan(steps.indexOf(pnpmStep ?? {})); }); test("verifies the broader shell-safe toolchain contract on self-hosted runners", () => {