-
Notifications
You must be signed in to change notification settings - Fork 7
124 lines (110 loc) · 3.45 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: KX VS Code Release Workflow
on:
push:
branches:
- dev
- main
env:
NODE_ENV: production
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 16.x
- name: Install dependencies
run: npm ci --include=dev
- name: Build VSIX file
run: npm run build
- name: Run Tests
run: xvfb-run -a npm run coverage
- name: Packaging
run: npm run package
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: KDB-VSCode-Extension
path: ./kdb-*vsix
retention_days: 1
- name: Upload lcov result for app-sec job
uses: actions/upload-artifact@v3
with:
name: lcov
path: coverage-reports/lcov.info
retention-days: 1
app-sec:
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout source code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: 16.x
- name: Install dependencies
run: npm install
- name: get-npm-version
id: package-version
uses: martinbeentjes/[email protected]
- name: Download lcov result from test job
uses: actions/download-artifact@v3
with:
name: lcov
- name: SonarCloud Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
args: >
-Dsonar.projectVersion=${{ steps.package-version.outputs.current-version}}
- name: Sonarqube Quality Gate Check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@master
# Force to fail step after specific time
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: Snyk scan for all vulnerabilities
uses: snyk/actions/node@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
- name: Snyk scan for high or critical vulnerabilities
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
with:
args: --severity-threshold=high
- name: Snyk Monitor
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.pink_snyk_api_key }}
with:
command: monitor
args: --target-reference=${{ github.ref_name }}
release:
runs-on: ubuntu-latest
needs: app-sec
steps:
- name: Download VSIX file from build job
uses: actions/download-artifact@v3
with:
name: KDB-VSCode-Extension
- name: Release to Portal
run: |
NOW=$(date +'%Y%m%dT%H%M%S')
curl -L -s --fail-with-body -D /dev/stderr --oauth2-bearer ${{ secrets.kx_downloads_token_prod }} \
-H 'content-type: application/octet-stream' \
--upload-file ./kdb-*.vsix \
https://portal.dl.kx.com/assets/raw/kdb-vscode/${{ github.ref_name }}/kdb-${{ github.ref_name }}.$NOW.vsix