Skip to content

ci: add CodeQl (SAST) #70

ci: add CodeQl (SAST)

ci: add CodeQl (SAST) #70

Workflow file for this run

name: ci
on:
- pull_request
- push
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
name:
- Node.js 0.8
- Node.js 0.10
- Node.js 0.12
- io.js 1.x
- io.js 2.x
- io.js 3.x
- Node.js 4.x
- Node.js 5.x
- Node.js 6.x
- Node.js 7.x
- Node.js 8.x
- Node.js 9.x
- Node.js 10.x
- Node.js 11.x
- Node.js 12.x
- Node.js 13.x
- Node.js 14.x
- Node.js 15.x
- Node.js 16.x
- Node.js 17.x
- Node.js 18.x
- Node.js 19.x
- Node.js 20.x
- Node.js 21.x
- Node.js 22.x
include:
- name: Node.js 0.8
node-version: "0.8"
npm-i: [email protected] [email protected]
npm-rm: nyc
- name: Node.js 0.10
node-version: "0.10"
npm-i: [email protected] [email protected] [email protected]
- name: Node.js 0.12
node-version: "0.12"
npm-i: [email protected] [email protected] [email protected]
- name: io.js 1.x
node-version: "1.8"
npm-i: [email protected] [email protected] [email protected]
- name: io.js 2.x
node-version: "2.5"
npm-i: [email protected] [email protected] [email protected]
- name: io.js 3.x
node-version: "3.3"
npm-i: [email protected] [email protected] [email protected]
- name: Node.js 4.x
node-version: "4.9"
npm-i: [email protected] [email protected] [email protected]
- name: Node.js 5.x
node-version: "5.12"
npm-i: [email protected] [email protected] [email protected]
- name: Node.js 6.x
node-version: "6.17"
npm-i: [email protected] [email protected] [email protected]
- name: Node.js 7.x
node-version: "7.10"
npm-i: [email protected] [email protected]
- name: Node.js 8.x
node-version: "8.17"
npm-i: [email protected] [email protected]
- name: Node.js 9.x
node-version: "9.11"
npm-i: [email protected] [email protected]
- name: Node.js 10.x
node-version: "10.24"
npm-i: [email protected]
- name: Node.js 11.x
node-version: "11.15"
npm-i: [email protected]
- name: Node.js 12.x
node-version: "12.22"
- name: Node.js 13.x
node-version: "13.14"
- name: Node.js 14.x
node-version: "14.19"
- name: Node.js 15.x
node-version: "15.14"
- name: Node.js 16.x
node-version: "16.14"
- name: Node.js 17.x
node-version: "17.6"
- name: Node.js 18.x
node-version: "18.14"
- name: Node.js 19.x
node-version: "19.6"
- name: Node.js 20.x
node-version: "20.12"
- name: Node.js 21.x
node-version: "21.7"
- name: Node.js 22.x
node-version: "22.0"
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
shell: bash -eo pipefail -l {0}
run: |
nvm install --default ${{ matrix.node-version }}
if [[ "${{ matrix.node-version }}" == 0.* && "$(cut -d. -f2 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then
nvm install --alias=npm 0.10
nvm use ${{ matrix.node-version }}
sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")"
npm config set strict-ssl false
fi
dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH"
- name: Configure npm
run: |
if [[ "$(npm config get package-lock)" == "true" ]]; then
npm config set package-lock false
else
npm config set shrinkwrap false
fi
- name: Remove npm module(s) ${{ matrix.npm-rm }}
run: npm rm --silent --save-dev ${{ matrix.npm-rm }}
if: matrix.npm-rm != ''
- name: Install npm module(s) ${{ matrix.npm-i }}
run: npm install --save-dev ${{ matrix.npm-i }}
if: matrix.npm-i != ''
- name: Setup Node.js version-specific dependencies
shell: bash
run: |
# eslint for linting
# - remove on Node.js < 10
if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then
node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \
grep -E '^eslint(-|$)' | \
sort -r | \
xargs -n1 npm rm --silent --save-dev
fi
- name: Install Node.js dependencies
run: npm install
- name: List environment
id: list_env
shell: bash
run: |
echo "node@$(node -v)"
echo "npm@$(npm -v)"
npm -s ls ||:
(npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print "" $2 "=" $3 }' >> "$GITHUB_OUTPUT"
- name: Run tests
shell: bash
run: |
if npm -ps ls nyc | grep -q nyc; then
npm run test-ci
else
npm test
fi
- name: Lint code
if: steps.list_env.outputs.eslint != ''
run: npm run lint
- name: Collect code coverage
uses: coverallsapp/github-action@master
if: steps.list_env.outputs.nyc != ''
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: run-${{ matrix.test_number }}
parallel: true
coverage:
needs: test
runs-on: ubuntu-latest
steps:
- name: Upload code coverage
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.github_token }}
parallel-finished: true