build.yaml

name: build and test

on:
  push:
    branches: ["main", "beta"]
  pull_request:
    branches: ["main", "beta"]

env:
  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

permissions:
  contents: read # for checkout
  security-events: read # to get dependencies for compliance even on PRs

jobs:
  compliance:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
      - name: Advance Security Policy as Code
        uses: advanced-security/policy-as-code@v2.5.0
        with:
          policy: it-at-m/policy-as-code
          policy-path: default.yaml
          token: ${{ secrets.GITHUB_TOKEN }}
          argvs: "--disable-dependabot --disable-secret-scanning --disable-code-scanning --display"
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: write # to be able to publish a GitHub release
      issues: write # to be able to comment on released issues
      pull-requests: write # to be able to comment on released pull requests
      id-token: write # to enable use of OIDC for npm provenance
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"
          registry-url: "https://registry.npmjs.org"
      - run: npm ci
      - run: npm run coverage
      - run: npm run build
      - name: run semantic-release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: npm run semantic-release
      - run: npm run build:demo
        if: github.ref == 'refs/heads/main'
      - name: deploy demo to github pages
        if: github.ref == 'refs/heads/main'
        uses: peaceiris/actions-gh-pages@v3
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          publish_dir: ./dist-demo