Bump github/codeql-action from 3 to 4 #50
Workflow file for this run
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | --- | |
| # Lock/Unlock Deps Pattern | |
| # | |
| # Two often conflicting goals resolved! | |
| # | |
| # - unlocked_deps.yml | |
| # - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed | |
| # - Uses an Appraisal2 "unlocked_deps" gemfile, and the current MRI Ruby release | |
| # - Know when new dependency releases will break local dev with unlocked dependencies | |
| # - Broken workflow indicates that new releases of dependencies may not work | |
| # | |
| # - locked_deps.yml | |
| # - All runtime & dev dependencies, and has a `Gemfile.lock` committed | |
| # - Uses the project's main Gemfile, and the current MRI Ruby release | |
| # - Matches what contributors and maintainers use locally for development | |
| # - Broken workflow indicates that a new contributor will have a bad time | |
| # | |
| name: Deps Unlocked | |
| permissions: | |
| contents: read | |
| env: | |
| K_SOUP_COV_DO: false | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - '*-stable' | |
| tags: | |
| - '!*' # Do not execute on tags | |
| pull_request: | |
| branches: | |
| - '*' | |
| # Allow manually triggering the workflow. | |
| workflow_dispatch: | |
| # Cancels all previous workflow runs for the same branch that have not yet completed. | |
| concurrency: | |
| # The concurrency group contains the workflow name and the branch name. | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" | |
| name: Default rake task w/ unlocked deps ${{ matrix.name_extra || '' }} | |
| runs-on: ubuntu-latest | |
| continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }} | |
| env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps | |
| BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile | |
| strategy: | |
| matrix: | |
| include: | |
| # Ruby <whichever version is current, e.g., 3.4 as of 2025-07-12> | |
| - ruby: "ruby" | |
| appraisal_name: "unlocked_deps" | |
| exec_cmd: "rake" | |
| gemfile: "Appraisal.root" | |
| rubygems: latest | |
| bundler: latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Setup Ruby & RubyGems | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: ${{ matrix.ruby }} | |
| rubygems: ${{ matrix.rubygems }} | |
| bundler: ${{ matrix.bundler }} | |
| bundler-cache: false | |
| # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root) | |
| # We need to do this first to get appraisal installed. | |
| # NOTE: This does not use the primary Gemfile at all. | |
| - name: Install Root Appraisal | |
| run: bundle | |
| - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal_name }} | |
| run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle | |
| - name: Run ${{ matrix.exec_cmd }} on ${{ matrix.ruby }}@${{ matrix.appraisal_name }} | |
| run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle exec ${{ matrix.exec_cmd }} |