vaas-typescript-ci #520
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: vaas-typescript-ci | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- "typescript/**" | |
- ".github/workflows/ci-typescript.yaml" | |
tags: | |
- "ts*" | |
pull_request: | |
branches: | |
- main | |
paths: | |
- "typescript/**" | |
- ".github/workflows/ci-typescript.yaml" | |
workflow_dispatch: | |
inputs: | |
environment: | |
type: choice | |
description: "Test environment" | |
options: | |
- production | |
- staging | |
- develop | |
default: "production" | |
env: | |
CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
CLIENT_SECRET: ${{secrets.CLIENT_SECRET}} | |
VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de" | |
TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token" | |
VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }} | |
VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }} | |
VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}} | |
jobs: | |
build-typescript: | |
name: Build & Test TypeScript SDK | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: set staging environment | |
if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags/ts') && endsWith(github.ref, '-beta'))) | |
run: | | |
echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV | |
echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- name: set develop environment | |
if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags/ts') && endsWith(github.ref, '-alpha'))) | |
run: | | |
echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV | |
echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- uses: pnpm/action-setup@v3 | |
name: install pnpm | |
id: pnpm-install | |
with: | |
version: 8 | |
run_install: false | |
- uses: actions/setup-node@v4 | |
name: setup node | |
with: | |
node-version: 20 | |
registry-url: "https://registry.npmjs.org" | |
cache: "pnpm" | |
cache-dependency-path: "typescript/pnpm-lock.yaml" | |
- name: install dependencies | |
run: pnpm install --frozen-lockfile | |
working-directory: typescript | |
- name: build | |
run: pnpm run build | |
working-directory: typescript | |
- name: run tests | |
run: pnpm run test | |
working-directory: typescript | |
- name: install dependencies for example | |
run: pnpm install | |
working-directory: typescript/examples/VaasExample | |
- name: run examples scan file | |
env: | |
SCAN_PATH: "main.ts" | |
run: pnpm start:filescan | |
working-directory: typescript/examples/VaasExample | |
- name: run examples authentication | |
env: | |
SCAN_PATH: "authentication.ts" | |
run: pnpm start:authentication | |
working-directory: typescript/examples/VaasExample | |
- name: run examples scan url | |
run: pnpm start:urlscan | |
working-directory: typescript/examples/VaasExample | |
- name: extract version | |
if: startsWith(github.ref, 'refs/tags/ts') | |
run: | | |
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/ts}" >> $GITHUB_ENV | |
echo $RELEASE_VERSION | |
- name: set version | |
if: startsWith(github.ref, 'refs/tags/ts') | |
run: | | |
sed -i "s/\"version\": \"0.0.0\"/\"version\": \"$RELEASE_VERSION\"/g" ./typescript/package.json | |
- name: publish npm package | |
if: startsWith(github.ref, 'refs/tags/ts') | |
run: npm publish | |
working-directory: typescript | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
overwrite: "{title: `Failed workflow on for VaaS-SDK ${workflow}`, sections: [{activityTitle: 'build failed', activitySubtitle: `Failed workflow on for VaaS-SDK ${workflow}`, activityImage: 'https://adaptivecards.io/content/cats/3.png'}], themeColor: '#ff0000'}" | |
codeql: | |
runs-on: ubuntu-latest | |
timeout-minutes: 360 | |
permissions: | |
security-events: write | |
actions: read | |
contents: read | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: javascript-typescript | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:javascript-typescript" | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
overwrite: "{title: `Failed codeql on for VaaS-SDK ${workflow}`, sections: [{activityTitle: 'build failed', activitySubtitle: `Failed workflow on for VaaS-SDK ${workflow}`, activityImage: 'https://adaptivecards.io/content/cats/3.png'}], themeColor: '#ff0000'}" |