This repository has been archived by the owner on Jul 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
131 lines (124 loc) · 3.87 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: 🎛️ CI
on:
pull_request:
push:
branches:
- main
env:
NODE_VERSION: 16.14
jobs:
build:
name: 👷 Build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: https://npm.pkg.github.com/
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- name: Install dependencies
run: npm ci --ignore-scripts
env:
CI: true
NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
- name: Building
run: yarn build
env:
NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
lint:
name: 🪥 Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: https://npm.pkg.github.com/
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- name: Install dependencies
run: npm ci --ignore-scripts
env:
CI: true
NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
- name: Linting
run: npm run lint
- name: Format check
run: npm run format-check
gitleaks:
name: 🔒 Run Git leaks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- name: Install dependencies
run: npm ci --ignore-scripts
env:
CI: true
NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
- name: Gitleaks
run: npm run leaks
shell: bash
testing:
name: 👔 Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: https://npm.pkg.github.com/
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- name: Install dependencies
run: npm ci --ignore-scripts
env:
CI: true
NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
- name: Testing
run: npm run test
- name: Coverage check
uses: devmasx/[email protected]
with:
type: lcov
min_coverage: 78
result_path: coverage/lcov.info
token: ${{ github.token }}
license-validation:
name: 🪪 License Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: https://npm.pkg.github.com/
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- name: Install dependencies
run: npm ci --ignore-scripts
env:
CI: true
NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
- name: License validation
shell: bash
run: echo no validation