ci: add provenance support #50
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: main | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| build-unix: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: ['ubuntu-latest', 'macos-latest'] | |
| node-version: [20.x] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: npm-${{ hashFiles('package-lock.json') }} | |
| restore-keys: npm- | |
| - name: Install dependencies | |
| run: | | |
| npm ci --ignore-scripts | |
| npm audit fix --force | |
| npm install -g | |
| - name: Test | |
| run: npm test | |
| env: | |
| FIGMA_TOKEN: ${{ secrets.FIGMA_TOKEN }} | |
| FIGMA_URL: ${{ secrets.FIGMA_URL }} | |
| IS_CI: true | |
| - name: Build | |
| run: npm run build | |
| - name: Run | |
| run: npm run figmagic | |
| #- name: Run, then check for files | |
| # run: | | |
| # npm run figmagic | |
| # \[ -d .figmagic \] | |
| # \[ -f .figmagic/figma.json \] | |
| # env: | |
| # FIGMA_TOKEN: ${{ secrets.FIGMA_TOKEN }} | |
| # FIGMA_URL: ${{ secrets.FIGMA_URL }} | |
| - name: Create Arkit diagram | |
| run: npx arkit | |
| - name: Codecov | |
| uses: codecov/codecov-action@v3 | |
| - name: Send coverage report with Code Climate | |
| uses: paambaati/codeclimate-action@v5 | |
| env: | |
| CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
| with: | |
| coverageCommand: npm test | |
| coverageLocations: ${{github.workspace}}/jest-coverage/lcov.info:lcov | |
| build-windows: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: ['windows-latest'] | |
| node-version: [20.x] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: npm-${{ hashFiles('package-lock.json') }} | |
| restore-keys: npm- | |
| - name: Install dependencies | |
| run: | | |
| npm ci --ignore-scripts | |
| npm audit fix --force | |
| npm install -g | |
| - name: Test | |
| run: echo Skipping tests on Windows because of weird platform issues... #npm test | |
| env: | |
| FIGMA_TOKEN: ${{ secrets.FIGMA_TOKEN }} | |
| FIGMA_URL: ${{ secrets.FIGMA_URL }} | |
| IS_CI: true | |
| - name: Build | |
| run: npm run build | |
| - name: Run | |
| run: npm run figmagic | |
| #- name: Run, then check for files | |
| # run: | | |
| # npm run figmagic | |
| # Test-Path .figmagic | |
| # Test-Path .figmagic/figma.json -PathType leaf | |
| # env: | |
| # FIGMA_TOKEN: ${{ secrets.FIGMA_TOKEN }} | |
| # FIGMA_URL: ${{ secrets.FIGMA_URL }} | |
| publish-npm: | |
| needs: ['build-unix', 'build-windows'] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 | |
| registry-url: https://registry.npmjs.org/ | |
| - run: | | |
| npm ci --ignore-scripts | |
| npm run build | |
| git config --global user.email ${{ secrets.GIT_EMAIL }} | |
| git config --global user.name ${{ secrets.GIT_NAME }} | |
| npm publish --provenance --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |