update documentation #151
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a basic workflow to help you get started with Actions | |
name: CI | |
# Controls when the action will run. Triggers the workflow on push or pull request | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
types: [opened, synchronize, reopened] | |
workflow_call: | |
secrets: | |
CODECOV_TOKEN: | |
required: true | |
SONAR_TOKEN: | |
required: true | |
SNYK_TOKEN: | |
required: true | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
prepare: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: lts/* | |
- uses: pnpm/action-setup@v2 | |
name: Install pnpm | |
id: pnpm-install | |
with: | |
run_install: true | |
version: latest | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: pnpm install | |
list-packages: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: pnpm/action-setup@v2 | |
name: Install pnpm | |
id: pnpm-install | |
with: | |
run_install: true | |
version: latest | |
- id: set-matrix | |
run: | | |
export MATRIX=$(pnpm -s m ls --depth -1 -F "./packages/**" --json | jq -c) | |
echo "matrix=${MATRIX}" | tee -a $GITHUB_OUTPUT | |
tests: | |
needs: [prepare, list-packages] | |
strategy: | |
fail-fast: false | |
matrix: | |
package: ${{ fromJson(needs.list-packages.outputs.matrix) }} | |
node-version: [ lts/*, 16, 18, 20, latest ] | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
name: Test package ${{ matrix.package.name }} with node ${{ matrix.node-version }} | |
permissions: | |
checks: write | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- uses: ./.github/workflows/build_and_test | |
with: | |
node-version: ${{ matrix.node-version }} | |
package_path: ${{ matrix.package.path }} | |
package_name: ${{ matrix.package.name }} | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
metrics: | |
needs: [prepare, list-packages] | |
strategy: | |
fail-fast: false | |
matrix: | |
package: ${{ fromJson(needs.list-packages.outputs.matrix) }} | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
name: Test and send metrics | |
permissions: | |
checks: write | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- uses: ./.github/workflows/build_and_test | |
with: | |
node-version: ${{ matrix.node-version }} | |
package_path: ${{ matrix.package.path }} | |
check: "true" | |
package_name: ${{ matrix.package.name }} | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
security: | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: lts/* | |
- uses: pnpm/action-setup@v2 | |
name: Install pnpm | |
id: pnpm-install | |
with: | |
run_install: true | |
version: latest | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: pnpm install | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/node@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
args: --sarif-file-output=snyk.sarif --all-projects --exclude=examples,dev | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: snyk.sarif |