Skip to content

add GITHUB_TOKEN permissions #203

add GITHUB_TOKEN permissions

add GITHUB_TOKEN permissions #203

Workflow file for this run

name: CI
on:
push:
branches:
- main
tags:
- '*.*.*' # semver, will override latest
- '*-preview' # preview, won't override latest
pull_request:
branches:
- main
workflow_dispatch: # Allow manual trigger
permissions:
contents: write
packages: write
jobs:
lint:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: yarn
- run: yarn install --frozen-lockfile
- name: Lint sources
run: |
make lint
yarn lint
test:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: yarn
- name: Setup Go environment
uses: actions/setup-go@v5
with:
go-version: stable
- run: yarn install --frozen-lockfile
- name: Execute tests
run: |
make test
make test-integration
yarn test
make coverage
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
build:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- id: extract_ref
run: echo ::set-output name=GIT_REF::$(echo ${GITHUB_REF##*/})
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: yarn
- name: Setup Go environment
uses: actions/setup-go@v5
with:
go-version: stable
- run: yarn install --frozen-lockfile
- name: Build
run: |
make VERSION=${{ steps.extract_ref.outputs.GIT_REF }} RELEASE=1 release
make VERSION=${{ steps.extract_ref.outputs.GIT_REF }} build-docker
make VERSION=${{ steps.extract_ref.outputs.GIT_REF }} start-docker
- if: startsWith(github.ref, 'refs/tags/')
uses: actions/upload-artifact@v3
with:
name: smocker-bin
path: ./build/smocker.tar.gz
deploy:
needs: [lint, test, build]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- id: extract_ref
run: echo ::set-output name=GIT_REF::$(echo ${GITHUB_REF##*/})
- uses: actions/download-artifact@v3
with:
name: smocker-bin
path: ./build
- run: cd build && tar -xvf smocker.tar.gz
- name: Docker login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Deploy on Docker registry
run: make VERSION=${{ steps.extract_ref.outputs.GIT_REF }} deploy-docker
- name: Deploy on GitHub releases
uses: softprops/action-gh-release@v2
with:
files: build/smocker.tar.gz
token: ${{ secrets.GITHUB_TOKEN }}