XS✔ ◾ Pipeline Compliance #1804
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) Microsoft Corporation. | |
# Licensed under the MIT License. | |
--- | |
name: Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: 0 0 * * 1 | |
permissions: {} | |
jobs: | |
deploy: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
name: Deploy | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: npm – Install | |
run: npm install | |
- name: npm – Build Release | |
run: npm run build:release | |
- name: Azure DevOps - Install TFX CLI | |
run: npm install -g tfx-cli | |
working-directory: ${{ github.workspace }} | |
- name: Azure DevOps - Sign-in | |
# Azure DevOps Personal Access Token (PAT) with the Agent Pools (Read & manage) permission. | |
run: npx tfx-cli login --service-url https://${{ secrets.AZDO_ACCOUNT }}.visualstudio.com/DefaultCollection --token ${{ secrets.AZDO_PAT }} | |
working-directory: ${{ github.workspace }} | |
- name: Azure DevOps – Delete Task | |
run: npx tfx-cli build tasks delete --task-id 907d3b28-6b37-4ac7-ac75-9631ee53e512 --no-prompt | |
continue-on-error: true | |
working-directory: ${{ github.workspace }} | |
- name: Azure DevOps – Deploy | |
run: npx tfx-cli build tasks upload --task-path release/task --no-prompt | |
working-directory: ${{ github.workspace }} | |
update-code: | |
name: Update Code | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: ${{ github.HEAD_REF }} | |
token: ${{ secrets.BUILD_UPDATE_CODE_CHECKOUT }} | |
- name: Install Node.js | |
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
with: | |
node-version: 21.x | |
- name: npm – Install Dependencies | |
run: npm install | |
- name: npm – Lint | |
run: npm run lint | |
- name: npm – Build Package | |
run: npm run build:package | |
- name: Git – Add Changed Files | |
run: git add -A | |
- name: Detect Changes | |
id: detect-changes | |
shell: pwsh | |
run: |- | |
$GitStatus = git status | |
Write-Output -InputObject $GitStatus | |
$NoChangesPresent = $GitStatus.Contains("nothing to commit, working tree clean") | |
Write-Output -InputObject $NoChangesPresent | |
Write-Output -InputObject "NO_CHANGES_PRESENT=$NoChangesPresent" >> $Env:GITHUB_OUTPUT | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Set Name | |
run: git config --global user.name "github-actions[bot]" | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Set Email | |
run: git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Commit Changed Files | |
run: git commit -m "Fixing linting, Updating dist folder" | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Push Changed Files | |
run: git push | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install Node.js | |
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
with: | |
node-version: 21.x | |
- name: npm – Install Dependencies | |
run: npm install | |
- name: npm – Test Clean | |
run: npm run clean | |
- name: npm – Build | |
run: npm run build | |
- name: npm – Test | |
run: npm run test | |
- name: Release - Install TFX CLI | |
run: npm install -g tfx-cli | |
working-directory: ${{ github.workspace }}/release | |
- name: Release – Create | |
run: npx tfx-cli extension create --manifest-globs vss-extension.json --output-path ../ms-omex.PRMetrics.vsix | |
working-directory: ${{ github.workspace }}/release | |
- name: Release – Upload | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: PRMetrics | |
path: ${{ github.workspace }}/ms-omex.PRMetrics.vsix | |
test-github-action: | |
name: Test GitHub Action | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
statuses: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: PR Metrics | |
uses: ./ | |
env: | |
PR_METRICS_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
file-matching-patterns: | | |
**/* | |
!dist/* | |
!package-lock.json | |
validate: | |
name: Validate | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Validate Markdown Links | |
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # 1.0.15 | |
with: | |
config-file: .github/linters/markdown-link-check.json | |
- name: Validate babel.config.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: babel.config.json | |
print-valid-files: true | |
strict: false | |
- name: Validate .markdownlint.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: .markdownlint.json | |
print-valid-files: true | |
- name: Validate package.json – Download package.schema.json | |
shell: pwsh | |
run: Invoke-WebRequest -Uri 'https://json.schemastore.org/package.json' -OutFile 'package.schema.json' | |
- name: Validate package.json – Update package.schema.json | |
shell: pwsh | |
run: |- | |
$FileContent = Get-Content -Path 'package.schema.json' -Raw | |
$FileContent = $FileContent -replace ',\s+".+": {\s+"\$ref": "https:\/\/json\.schemastore\.org\/.+\s+}', '' | |
Set-Content -NoNewline -Path 'package.schema.json' -Value $FileContent | |
- name: Validate package.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: package.json | |
print-valid-files: true | |
strict: false | |
schema: package.schema.json | |
- name: Validate devcontainer.json – Download devcontainer.schema.json | |
shell: pwsh | |
run: Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/microsoft/vscode/main/extensions/configuration-editing/schemas/devContainer.codespaces.schema.json' -OutFile 'devcontainer.schema.json' | |
- name: Validate devcontainer.json – Update devcontainer.schema.json | |
shell: pwsh | |
run: |- | |
$FileContent = Get-Content -Path 'devcontainer.schema.json' -Raw | |
$FileContent = $FileContent -replace 'http://json-schema.org/draft-07/schema#', 'http://json-schema.org/draft-04/schema#' | |
Set-Content -NoNewline -Path 'devcontainer.schema.json' -Value $FileContent | |
- name: Validate devcontainer.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: .devcontainer/devcontainer.json | |
print-valid-files: true | |
strict: false | |
schema: devcontainer.schema.json | |
- name: Validate vss-extension.json – Download vss-extension.schema.json | |
shell: pwsh | |
run: Invoke-WebRequest -Uri 'https://json.schemastore.org/vss-extension.json' -OutFile 'vss-extension.schema.json' | |
- name: Validate vss-extension.json – Update vss-extension.schema.json | |
shell: pwsh | |
run: |- | |
$FileContent = Get-Content -Path 'vss-extension.schema.json' -Raw | |
$FileContent = $FileContent -replace 'http://json-schema.org/draft-07/schema#', 'http://json-schema.org/draft-04/schema#' | |
Set-Content -NoNewline -Path 'vss-extension.schema.json' -Value $FileContent | |
- name: Validate vss-extension.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: src/vss-extension.json | |
print-valid-files: true | |
strict: false | |
schema: vss-extension.schema.json | |
- name: Validate task.json – Download task.schema.json | |
shell: pwsh | |
run: Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/microsoft/azure-pipelines-task-lib/master/tasks.schema.json' -OutFile 'task.schema.json' | |
- name: Validate task.json – Update task.schema.json | |
shell: pwsh | |
run: |- | |
$FileContent = Get-Content -Path 'task.schema.json' -Raw | |
$FileContent = $FileContent.replace('^connectedService\\:.+$', '^connectedService:.+$') | |
Set-Content -NoNewline -Path 'task.schema.json' -Value $FileContent | |
- name: Validate task.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: src/task/task.json | |
print-valid-files: true | |
schema: task.schema.json | |
- name: Validate task.loc.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: src/task/task.loc.json | |
print-valid-files: true | |
schema: task.schema.json | |
- name: Validate tsconfig.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: src/task/tsconfig.json | |
print-valid-files: true | |
strict: false | |
- name: Validate typedoc.json – Download typedoc.schema.json | |
shell: pwsh | |
run: Invoke-WebRequest -Uri 'https://typedoc.org/schema.json' -OutFile 'typedoc.schema.json' | |
- name: Validate typedoc.json – Update typedoc.schema.json | |
shell: pwsh | |
run: |- | |
$FileContent = Get-Content -Path 'typedoc.schema.json' -Raw | |
$FileContent = $FileContent -replace 'https://json-schema.org/draft-07/schema', 'http://json-schema.org/draft-04/schema#' | |
Set-Content -NoNewline -Path 'typedoc.schema.json' -Value $FileContent | |
- name: Validate typedoc.json | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: src/task/typedoc.json | |
print-valid-files: true | |
strict: false | |
schema: typedoc.schema.json | |
- name: Validate resources.resjson (en-US) | |
uses: walbo/validate-json@1c24a27a740a698944ff5b697cb8010a72c55c6b # v1.1.0 | |
with: | |
files: src/task/Strings/resources.resjson/en-US/resources.resjson | |
print-valid-files: true | |
strict: false | |
validate-codeql: | |
name: Validate – CodeQL | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Initialize | |
uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 | |
with: | |
config-file: .github/linters/codeql.yml | |
queries: security-and-quality | |
- name: Analyze | |
uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 | |
validate-linter: | |
name: Validate – Linter | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Install Node.js | |
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
with: | |
node-version: 21.x | |
- name: npm – Install Dependencies | |
run: npm install | |
- name: Super Linter | |
uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0 | |
env: | |
EDITORCONFIG_FILE_NAME: ../../.editorconfig | |
FILTER_REGEX_EXCLUDE: .*dist/.* | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITLEAKS_CONFIG_FILE: gitleaks.toml | |
MARKDOWN_CONFIG_FILE: ../../.markdownlint.json | |
TYPESCRIPT_ES_CONFIG_FILE: ../../.eslintrc.yml | |
VALIDATE_JAVASCRIPT_STANDARD: false | |
VALIDATE_TYPESCRIPT_STANDARD: false | |
dependabot: | |
if: ${{ github.actor == 'dependabot[bot]' }} | |
name: Dependabot | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Enable Auto-Merge | |
run: gh pr merge --auto --delete-branch --squash "${{ github.event.pull_request.html_url }}" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
... |