This repository has been archived by the owner on Dec 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
115 lines (93 loc) · 3.4 KB
/
integrity-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Integrity Check
on:
push:
branches:
- main
pull_request:
branches:
- main
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
CI: true
PNPM_CACHE_FOLDER: .pnpm-store
jobs:
security-audit:
runs-on: ubuntu-latest
steps:
- name: Checkout source
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# https://cashapp.github.io/hermit/usage/ci/
- name: Init Hermit
uses: cashapp/activate-hermit@v1
- name: Report known vulnerabilities
run: pnpm audit
test-with-node:
runs-on: macos-latest
steps:
- name: Checkout source
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
submodules: 'true'
# https://cashapp.github.io/hermit/usage/ci/
- name: Init Hermit
uses: cashapp/activate-hermit@v1
- name: Install dependencies
run: pnpm install
- name: Build all workspace packages
run: pnpm build
- name: Run linter for all packages
run: pnpm lint
- name: Run tests for all packages
run: pnpm test:node --reporter mocha-junit-reporter --reporter-options mochaFile=./results.xml
- name: Upload test results to update SDK reports
uses: actions/upload-artifact@v3
with:
name: junit-results
path: packages/*/results.xml
- name: Upload test coverage to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- name: Generate an access token to trigger downstream repo
uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2
id: generate_token
if: github.ref == 'refs/heads/main'
with:
app-id: ${{ secrets.CICD_ROBOT_GITHUB_APP_ID }}
private-key: ${{ secrets.CICD_ROBOT_GITHUB_APP_PRIVATE_KEY }}
owner: TBD54566975
repositories: sdk-report-runner
- name: Trigger sdk-report-runner report build
if: github.ref == 'refs/heads/main'
run: |
curl -L \
-H "Authorization: Bearer ${APP_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-H "Content-Type: application/json" \
--fail \
--data '{"ref": "main"}' \
https://api.github.com/repos/TBD54566975/sdk-report-runner/actions/workflows/build-report.yaml/dispatches
env:
APP_TOKEN: ${{ steps.generate_token.outputs.token }}
# test-with-browsers:
# # Run browser tests using macOS so that WebKit tests don't fail under a Linux environment
# runs-on: ubuntu-latest
# steps:
# - name: Checkout source
# uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# - name: install pnpm
# uses: pnpm/action-setup@v2
# with:
# version: 8
# - name: Set up Node.js
# uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
# with:
# node-version: 20
# registry-url: https://registry.npmjs.org/
# - name: Install dependencies
# run: pnpm install
# - name: Install Playwright Browsers
# run: npx playwright install --with-deps
# - name: Run tests for all packages
# run: pnpm test:browser