Skip to content

vaas-typescript-ci #520

vaas-typescript-ci

vaas-typescript-ci #520

name: vaas-typescript-ci
on:
push:
branches:
- main
paths:
- "typescript/**"
- ".github/workflows/ci-typescript.yaml"
tags:
- "ts*"
pull_request:
branches:
- main
paths:
- "typescript/**"
- ".github/workflows/ci-typescript.yaml"
workflow_dispatch:
inputs:
environment:
type: choice
description: "Test environment"
options:
- production
- staging
- develop
default: "production"
env:
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{secrets.CLIENT_SECRET}}
VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de"
TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }}
VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}}
jobs:
build-typescript:
name: Build & Test TypeScript SDK
runs-on: ubuntu-22.04
steps:
- name: checkout
uses: actions/checkout@v4
- name: set staging environment
if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags/ts') && endsWith(github.ref, '-beta')))
run: |
echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV
echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV
echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV
echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV
echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV
- name: set develop environment
if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags/ts') && endsWith(github.ref, '-alpha')))
run: |
echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV
echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV
echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV
echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV
echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV
- uses: pnpm/action-setup@v3
name: install pnpm
id: pnpm-install
with:
version: 8
run_install: false
- uses: actions/setup-node@v4
name: setup node
with:
node-version: 20
registry-url: "https://registry.npmjs.org"
cache: "pnpm"
cache-dependency-path: "typescript/pnpm-lock.yaml"
- name: install dependencies
run: pnpm install --frozen-lockfile
working-directory: typescript
- name: build
run: pnpm run build
working-directory: typescript
- name: run tests
run: pnpm run test
working-directory: typescript
- name: install dependencies for example
run: pnpm install
working-directory: typescript/examples/VaasExample
- name: run examples scan file
env:
SCAN_PATH: "main.ts"
run: pnpm start:filescan
working-directory: typescript/examples/VaasExample
- name: run examples authentication
env:
SCAN_PATH: "authentication.ts"
run: pnpm start:authentication
working-directory: typescript/examples/VaasExample
- name: run examples scan url
run: pnpm start:urlscan
working-directory: typescript/examples/VaasExample
- name: extract version
if: startsWith(github.ref, 'refs/tags/ts')
run: |
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/ts}" >> $GITHUB_ENV
echo $RELEASE_VERSION
- name: set version
if: startsWith(github.ref, 'refs/tags/ts')
run: |
sed -i "s/\"version\": \"0.0.0\"/\"version\": \"$RELEASE_VERSION\"/g" ./typescript/package.json
- name: publish npm package
if: startsWith(github.ref, 'refs/tags/ts')
run: npm publish
working-directory: typescript
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
overwrite: "{title: `Failed workflow on for VaaS-SDK ${workflow}`, sections: [{activityTitle: 'build failed', activitySubtitle: `Failed workflow on for VaaS-SDK ${workflow}`, activityImage: 'https://adaptivecards.io/content/cats/3.png'}], themeColor: '#ff0000'}"
codeql:
runs-on: ubuntu-latest
timeout-minutes: 360
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: javascript-typescript
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:javascript-typescript"
- name: Microsoft Teams Notification
uses: skitionek/notify-microsoft-teams@master
if: failure()
with:
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
overwrite: "{title: `Failed codeql on for VaaS-SDK ${workflow}`, sections: [{activityTitle: 'build failed', activitySubtitle: `Failed workflow on for VaaS-SDK ${workflow}`, activityImage: 'https://adaptivecards.io/content/cats/3.png'}], themeColor: '#ff0000'}"