Skip to content

Merge pull request #223 from KxSystems/KXI-33265 #148

Merge pull request #223 from KxSystems/KXI-33265

Merge pull request #223 from KxSystems/KXI-33265 #148

Workflow file for this run

name: KX VS Code Release Workflow
on:
push:
branches:
- dev
- main
env:
NODE_ENV: production
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 16.x
- name: Install dependencies
run: npm ci --include=dev
- name: Build VSIX file
run: npm run build
- name: Run Tests
run: xvfb-run -a npm run coverage
- name: Packaging
run: npm run package
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: KDB-VSCode-Extension
path: ./kdb-*vsix
retention_days: 1
- name: Upload lcov result for app-sec job
uses: actions/upload-artifact@v3
with:
name: lcov
path: coverage-reports/lcov.info
retention-days: 1
app-sec:
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout source code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 16.x
- name: Install dependencies
run: npm install
- name: get-npm-version
id: package-version
uses: martinbeentjes/[email protected]
- name: Download lcov result from test job
uses: actions/download-artifact@v3
with:
name: lcov
- name: SonarCloud Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
args: >
-Dsonar.projectVersion=${{ steps.package-version.outputs.current-version}}
- name: Sonarqube Quality Gate Check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@master
# Force to fail step after specific time
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: Snyk scan for all vulnerabilities
uses: snyk/actions/node@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
- name: Snyk scan for high or critical vulnerabilities
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
with:
args: --severity-threshold=high
- name: Snyk Monitor
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
with:
command: monitor
args: --target-reference=${{ github.ref_name }}
release:
runs-on: ubuntu-latest
needs: app-sec
steps:
- name: Download VSIX file from build job
uses: actions/download-artifact@v3
with:
name: KDB-VSCode-Extension
- name: Release to Portal
run: |
NOW=$(date +'%Y%m%dT%H%M%S')
curl -L -s --fail-with-body -D /dev/stderr --oauth2-bearer ${{ secrets.kx_downloads_token_prod }} \
-H 'content-type: application/octet-stream' \
--upload-file ./kdb-*.vsix \
https://portal.dl.kx.com/assets/raw/kdb-vscode/${{ github.ref_name }}/kdb-${{ github.ref_name }}.$NOW.vsix