From a35a1437fdf0e7f000bf8b5b533deed1d4e770de Mon Sep 17 00:00:00 2001
From: "D. Ror" <imnasnainaec@gmail.com>
Date: Thu, 26 Oct 2023 11:33:50 -0400
Subject: [PATCH] Split the longest-to-run workflow job into two (#2734)

---
 .github/workflows/frontend.yml | 37 +++++++++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
index 996858ecce..0df946a33a 100644
--- a/.github/workflows/frontend.yml
+++ b/.github/workflows/frontend.yml
@@ -10,7 +10,7 @@ permissions: # added using https://github.com/step-security/secure-workflows
   contents: read
 
 jobs:
-  lint_test_build:
+  lint_build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -28,7 +28,8 @@ jobs:
             api.github.com:443
             github.com:443
             registry.npmjs.org:443
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Checkout repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
         with:
@@ -36,8 +37,33 @@ jobs:
       - run: npm ci
       - run: npm run fmt-frontend-check
       - run: npm run lint
+      - run: npm run build
 
-      # Coverage.
+  test_coverage:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18]
+    steps:
+      # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
+      # configuring harden-runner and identifying allowed endpoints.
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            *.actions.githubusercontent.com:443
+            api.github.com:443
+            github.com:443
+            registry.npmjs.org:443
+      - name: Checkout repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: npm ci
       - run: npm run test-frontend:coverage
         env:
           CI: true
@@ -49,11 +75,8 @@ jobs:
           path: coverage/clover.xml
           retention-days: 7
 
-      # Release build.
-      - run: npm run build
-
   upload_coverage:
-    needs: lint_test_build
+    needs: test_coverage
     runs-on: ubuntu-latest
     steps:
       # See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on