name: Static Analysis on: pull_request: {} push: branches: [develop, master] merge_group: types: [checks_requested] repository_dispatch: types: [element-web-notify] concurrency: group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} cancel-in-progress: true env: # This must be set for fetchdep.sh to get the right branch PR_NUMBER: ${{ github.event.pull_request.number }} NX_DEFAULT_OUTPUT_STYLE: stream-without-prefixes permissions: {} # No permissions required jobs: lint: strategy: fail-fast: false matrix: include: - name: Typescript Syntax Check install: layered command: "lint:types" - name: Prettier install: normal command: "lint:prettier" - name: ESLint install: normal command: "lint:js" - name: Style Lint install: normal command: "lint:style" - name: Workflow Lint install: normal command: "lint:workflows" - name: Analyse Dead Code install: normal command: "lint:knip" - name: Rethemendex Check command: "rethemendex" assert-diff: true name: ${{ matrix.name }} runs-on: ubuntu-24.04 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 if: matrix.install != '' with: cache: "pnpm" node-version: "lts/*" - name: Install Dependencies (layered) if: matrix.install == 'layered' run: "./scripts/layered.sh" - name: Install Dependencies (normal) if: matrix.install == 'normal' run: "pnpm install --frozen-lockfile" - name: Run ${{ matrix.command }} run: pnpm --if-present run "$CMD" && pnpm -r --if-present run "$CMD" env: CMD: ${{ matrix.command }} - name: Assert no changes run: git diff --exit-code if: matrix.assert-diff zizmor: name: Zizmor Github Actions lint runs-on: ubuntu-24.04 permissions: security-events: write steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - name: Run zizmor uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0 i18n: strategy: fail-fast: false matrix: include: - name: Element Web path: "apps/web" allowed-hardcoded-keys: | console_dev_note labs|element_call_video_rooms labs|feature_disable_call_per_sender_encryption voip|element_call error|invalid_json error|misconfigured welcome_to_element devtools|settings|elementCallUrl labs|sliding_sync_description settings|voip|noise_suppression_description settings|voip|echo_cancellation_description - name: Shared Components path: "packages/shared-components" name: "i18n Check (${{ matrix.name }})" uses: matrix-org/matrix-web-i18n/.github/workflows/i18n_check.yml@abf186831e2acb3e98fca13a0711a3fa1364d2b1 permissions: pull-requests: read with: hardcoded-words: "Element" packageManager: pnpm path: ${{ matrix.path }} allowed-hardcoded-keys: ${{ matrix.allowed-hardcoded-keys }} # Dummy job to simplify branch protections ci: name: Static Analysis needs: [lint, i18n] runs-on: ubuntu-24.04 steps: - run: echo "Ok"