-
Notifications
You must be signed in to change notification settings - Fork 12
239 lines (200 loc) · 7.06 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
---
name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
merge_group:
types:
- checks_requested
schedule:
- cron: 0 0 * * 1
workflow_dispatch: null
permissions: {}
jobs:
update-code:
name: Update Code
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.HEAD_REF }}
# Fine-grained Personal Access Token (PAT) with the following permissions for microsoft/PR-Metrics:
# - Read access to Metadata
# - Read and Write access to Code (aka Contents)
token: ${{ secrets.BUILD_UPDATE_CODE_CHECKOUT }}
- name: Install Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 20.14.0
- name: npm – Install Dependencies
run: npm ci
- name: npm – Lint
run: npm run lint
- name: npm – Build Package
run: npm run build:package
- name: Git – Add Changed Files
run: git add -A
- name: Detect Changes
id: detect-changes
shell: pwsh
run: |-
$GitStatus = git status
Write-Output -InputObject $GitStatus
$NoChangesPresent = $GitStatus.Contains("nothing to commit, working tree clean")
Write-Output -InputObject $NoChangesPresent
Write-Output -InputObject "NO_CHANGES_PRESENT=$NoChangesPresent" >> $Env:GITHUB_OUTPUT
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Set Name
run: git config --global user.name "github-actions[bot]"
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Set Email
run: git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Commit Changed Files
run: git commit -m "Fixing linting, Updating dist folder"
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }}
name: Git – Push Changed Files
run: git push
build:
name: Build
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 20.14.0
- name: npm – Install Dependencies
run: npm ci
- name: npm – Test Clean
run: npm run clean
- name: npm – Build
run: npm run build
- name: npm – Test
run: npm run test
- name: Release – Create
run: npx tfx-cli extension create --manifest-globs vss-extension.json --output-path ../ms-omex.PRMetrics.vsix
working-directory: ${{ github.workspace }}/release
- name: Release – Upload
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: PRMetrics
path: ${{ github.workspace }}/ms-omex.PRMetrics.vsix
test-github-action:
name: Test GitHub Action
runs-on: ubuntu-latest
permissions:
pull-requests: write
statuses: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: PR Metrics
uses: ./
env:
PR_METRICS_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
file-matching-patterns: |
**/*
!dist/*
!package-lock.json
validate:
name: Validate
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Validate Markdown Links
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # 1.0.15
with:
config-file: .github/linters/markdown-link-check.json
- name: Initialize
uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
build-mode: none
config-file: .github/linters/codeql.yml
languages: javascript-typescript
queries: security-extended,security-and-quality
- name: Analyze
uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
category: TypeScript
validate-linter:
name: Validate – Linter
runs-on: ubuntu-latest
permissions:
statuses: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Super Linter
uses: github/super-linter@4e51915f4a812abf59fed160bb14595c0a38a9e7 # v6
env:
EDITORCONFIG_FILE_NAME: ../../.editorconfig
FILTER_REGEX_EXCLUDE: .*dist/.*
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_CONFIG_FILE: gitleaks.toml
MARKDOWN_CONFIG_FILE: ../../.markdownlint.json
VALIDATE_JAVASCRIPT_STANDARD: false
VALIDATE_JSON: false
VALIDATE_TYPESCRIPT_ES: false
VALIDATE_TYPESCRIPT_STANDARD: false
dependabot:
if: ${{ github.actor == 'dependabot[bot]' }}
name: Dependabot
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
egress-policy: audit
- name: Enable Auto-Merge
run: gh pr merge --auto --delete-branch --squash "${{ github.event.pull_request.html_url }}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
...