generated from wr-projects/github-template
-
Notifications
You must be signed in to change notification settings - Fork 0
157 lines (133 loc) · 4.58 KB
/
continuous-integration.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
---
name: Pipeline - Continuous Integration
on:
push:
branches:
- dev
pull_request:
branches:
- dev
jobs:
lockfile:
uses: wr-projects/github-jstemplate/.github/workflows/pnpm-lock-check-ci.yml@main
# More info: https://github.com/github/super-linter.
linter:
runs-on: ubuntu-latest
steps:
# More info: https://github.com/step-security/harden-runner.
- name: Harden Runner
id: harden_runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
with:
egress-policy: audit
# More info: https://github.com/peter-murray/workflow-application-token-action.
- name: Get token
id: get_token
uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db
with:
application_id: ${{ secrets.ID_LINTERBOT }}
application_private_key: ${{ secrets.PEM_LINTERBOT }}
# More info: https://github.com/actions/checkout.
- name: Checkout & Authentication
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
with:
token: ${{ steps.get_token.outputs.token }}
persist-credentials: false
fetch-depth: 0
- name: Linter
uses: github/super-linter@bb2d833b08b6c288608686672b93a8a4589cdc49
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
DISABLE_ERRORS: false
LINTER_RULES_PATH: .github/config/linters
CSS_FILE_NAME: .stylelintrc.json
EDITORCONFIG_FILE_NAME: .ecrc
IGNORE_GITIGNORED_FILES: true
JAVASCRIPT_ES_CONFIG_FILE: .eslintrc.js
MARKDOWN_CONFIG_FILE: .markdownlint.json
GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
validation:
name: Node Analysis
runs-on: ubuntu-latest
steps:
# More info: https://github.com/step-security/harden-runner.
- name: Harden Runner
id: harden_runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
with:
egress-policy: audit
- name: Checkout Project
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
# More info: https://github.com/marketplace/actions/nodesecure-continuous-integration.
- name: Node Analysis
uses: NodeSecure/ci-action@177c57fe32c75cafabe87f6e4515d277cc37ae6c
with:
strategy: sonatype
vulnerabilities: medium
warnings: off
reporters: console
test:
name: Unit Tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
node: [16, 17, 18]
instance: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 ]
env:
GH_INSTANCE_TOTAL: 10
steps:
# More info: https://github.com/step-security/harden-runner.
- name: Harden Runner
id: harden_runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
with:
egress-policy: audit
- name: Checkout Project
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- run: git status --porcelain
- run: git diff
- run: git diff --exit-code
- name: Use Node.js v${{ matrix.node }}
uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
with:
node-version: ${{ matrix.node }}
cache: pnpm
- name: Install Dependencies
run: pnpm --frozen-lockfile
- name: Run tests
run: pnpm test
env:
GH_INSTANCE_INDEX: ${{ matrix.instance }}
- name: Store code coverage report
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
with:
name: coverage
path: coverage/
#
e2e:
uses:
# More info: https://github.com/codecov/codecov-action.
upload_coverage_report:
name: Upload coverage report to codecov
needs: [test]
runs-on: ubuntu-latest
steps:
# More info: https://github.com/step-security/harden-runner.
- name: Harden Runner
id: harden_runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
with:
egress-policy: audit
- name: Download Coverage report
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7
with:
name: coverage
path: coverage/
- name: CodeCOV Upload
uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
with:
directory: coverage/
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}