Run on PRs #389
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow runs the tests across Linux, Mac, Windows | |
name: KX VS Code CI Testing | |
on: | |
push: | |
branches-ignore: | |
- dev | |
- main | |
pull_request: | |
branches: | |
- dev | |
- main | |
jobs: | |
test: | |
strategy: | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16.x | |
- run: npm ci | |
- run: xvfb-run -a npm test | |
if: runner.os == 'Linux' | |
- run: npm test | |
if: runner.os != 'Linux' | |
app-sec: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16.x | |
- name: Install dependencies | |
run: yarn install | |
- name: Generate code coverage reports | |
run: xvfb-run -a npm run coverage | |
- name: Code coverage summary | |
uses: irongut/[email protected] | |
with: | |
filename: ./coverage-reports/cobertura-coverage.xml | |
format: markdown | |
hide_branch_rate: true | |
hide_complexity: true | |
thresholds: "30 80" | |
output: "both" | |
- name: Add Coverage PR Comment | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
recreate: true | |
path: code-coverage-results.md | |
- name: Write Coverage to Job Summary | |
run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY | |
- name: SonarCloud Scan | |
uses: sonarsource/sonarqube-scan-action@master | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
- name: Snyk scan for all vulnerabilities | |
uses: snyk/actions/node@master | |
continue-on-error: true | |
env: | |
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }} | |
- name: Snyk scan for high or critical vulnerabilities | |
uses: snyk/actions/node@master | |
env: | |
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }} | |
with: | |
args: --severity-threshold=high |