Skip to content

feat: implement prepare step #63

feat: implement prepare step

feat: implement prepare step #63

Workflow file for this run

name: Test
on:
push:
pull_request:
branches:
- dev
- main
workflow_call:
secrets:
SONAR_TOKEN:
required: true
permissions:
contents: read
jobs:
# ignore the push event trigger if a PR is open for the current branch
prevent-duplicate-checks:
runs-on: ubuntu-latest
steps:
- uses: insurgent-lab/is-in-pr-action@78ecb5daf15aca198aeb2b6f208aabd06b2cb716 # v0.1.4
id: isInPR
outputs:
should-run: ${{ !(steps.isInPR.outputs.result == 'true' && github.event_name == 'push') }}
test_matrix:
strategy:
matrix:
node-version: [16, 18, 20]
runs-on: ubuntu-latest
timeout-minutes: 5
needs: prevent-duplicate-checks
if: ${{ needs.prevent-duplicate-checks.outputs.should-run == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
registry.npmjs.org:443
storage.googleapis.com:443
tuf-repo-cdn.sigstore.dev:443
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
with:
node-version: ${{ matrix.node-version }}
cache: npm
- name: Install packages
run: npm ci
- name: Audit npm signatures
run: npm audit signatures
- name: Check codestyle compliance
run: npm run lint
- name: Run tests
run: npm test
- name: Upload coverage report
if: strategy.job-index == 0
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
with:
name: coverage-report
path: coverage/lcov.info
sonarcloud:
runs-on: ubuntu-latest
needs:
- prevent-duplicate-checks
- test_matrix
if: ${{ needs.prevent-duplicate-checks.outputs.should-run == 'true' }}
permissions:
pull-requests: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
*.amazonaws.com:443
github.com:443
sonarcloud.io:443
*.sonarcloud.io:443
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Download coverage report
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
with:
name: coverage-report
path: coverage/
- name: Run SonarCloud scan
uses: SonarSource/sonarcloud-github-action@c25d2e7e3def96d0d1781000d3c429da22cd6252 # v2.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# separate job to set as required status check in branch protection
required_check:
runs-on: ubuntu-latest
needs:
- test_matrix
- sonarcloud
if: always()
steps:
- name: All required jobs and matrix versions passed
if: ${{ !(contains(needs.*.result, 'failure')) }}
run: exit 0
- name: Some required jobs or matrix versions failed
if: ${{ contains(needs.*.result, 'failure') }}
run: exit 1