name: Static Analysis on: pull_request: {} push: branches: [develop, master] merge_group: types: [checks_requested] repository_dispatch: types: [element-web-notify] concurrency: group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} cancel-in-progress: true env: # This must be set for fetchdep.sh to get the right branch PR_NUMBER: ${{ github.event.pull_request.number }} NX_DEFAULT_OUTPUT_STYLE: stream-without-prefixes permissions: {} # No permissions required jobs: lint: strategy: fail-fast: false matrix: include: - name: Typescript Syntax Check install: layered command: "lint:types" - name: Prettier install: normal command: "lint:prettier" - name: ESLint install: normal command: "lint:js" - name: Style Lint install: normal command: "lint:style" - name: Workflow Lint install: normal command: "lint:workflows" - name: Analyse Dead Code install: normal command: "lint:knip" - name: Rethemendex Check command: "rethemendex" assert-diff: true name: ${{ matrix.name }} runs-on: ubuntu-24.04 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4 - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 if: matrix.install != '' with: cache: "pnpm" node-version: "lts/*" - name: Install Dependencies (layered) if: matrix.install == 'layered' run: "./scripts/layered.sh" - name: Install Dependencies (normal) if: matrix.install == 'normal' run: "pnpm install --frozen-lockfile" - name: Run ${{ matrix.command }} run: pnpm --if-present run "$CMD" && pnpm -r --if-present run "$CMD" env: CMD: ${{ matrix.command }} - name: Assert no changes run: git diff --exit-code if: matrix.assert-diff zizmor: name: Zizmor Github Actions lint runs-on: ubuntu-24.04 permissions: security-events: write steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - name: Run zizmor uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 i18n: strategy: fail-fast: false matrix: include: - name: Element Web path: "apps/web" allowed-hardcoded-keys: | console_dev_note labs|element_call_video_rooms labs|feature_disable_call_per_sender_encryption voip|element_call error|invalid_json error|misconfigured welcome_to_element devtools|settings|elementCallUrl labs|sliding_sync_description settings|voip|noise_suppression_description settings|voip|echo_cancellation_description - name: Shared Components path: "packages/shared-components" name: "i18n Check (${{ matrix.name }})" uses: matrix-org/matrix-web-i18n/.github/workflows/i18n_check.yml@6eda3835118f3bc3fb658a1a3c20b7da9d16ae42 permissions: pull-requests: read with: hardcoded-words: "Element" packageManager: pnpm path: ${{ matrix.path }} allowed-hardcoded-keys: ${{ matrix.allowed-hardcoded-keys }} # Dummy job to simplify branch protections ci: name: Static Analysis needs: [lint, i18n] runs-on: ubuntu-24.04 steps: - run: echo "Ok"