Skip to content

Commit

Permalink
Merge pull request #14 from NatLibFi/next
Browse files Browse the repository at this point in the history
GitHub Actions
  • Loading branch information
ammsalme authored Sep 1, 2022
2 parents 7f44b52 + e5752d3 commit a1b623c
Show file tree
Hide file tree
Showing 6 changed files with 1,125 additions and 939 deletions.
81 changes: 0 additions & 81 deletions .drone.yml

This file was deleted.

9 changes: 9 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# With this line @NatLibFi/melinda-js-lead owns any files in the /.github/
# directory at the root of the repository and any of its
# subdirectories.
/.github/ @NatLibFi/melinda-js-lead

# With this line @NatLibFi/melinda-js-lead owns any files in the /src/
# directory at the root of the repository and any of its
# subdirectories.
/src/ @NatLibFi/melinda-js-lead
41 changes: 41 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# NatLibFi/Melinda maintenance strategy
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates

version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
time: "06:30"
timezone: "Europe/Helsinki"


# Minor updates to npm production dependencies daily
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
time: "06:45"
timezone: "Europe/Helsinki"
versioning-strategy: lockfile-only
labels:
- "npm minor dependencies"
allow:
- dependency-type: "production"

# Major updates to npm dependencies weekly @tuesday
# Not possible yet https://github.com/dependabot/dependabot-core/issues/1778
# - package-ecosystem: "npm"
# directory: "/"
# schedule:
# interval: "weekly"
# day: "tuesday"
# time: "07:00"
# timezone: "Europe/Helsinki"
# versioning-strategy: increase-if-necessary
# labels:
# - "npm major dependencies"
# reviewers:
# - "natlibfi/melinda-js-lead"
70 changes: 70 additions & 0 deletions .github/workflows/melinda-node-tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# Melinda node tests

name: Melinda node tests

on: push

jobs:
build-node-versions:
name: Node version matrix
runs-on: ubuntu-latest

strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/

steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v2
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
env:
NPM_CONFIG_IGNORE_SCRIPTS: true
- run: npm audit --package-lock-only --production --audit-level=moderate
- run: npm ci
- run: npm test
- run: npm run build --if-present

license-scan:
name: License compliance check
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- uses: mikaelvesavuori/license-compliance-action@v1.0.2
with:
exclude_pattern: /^@natlibfi/

njsscan:
name: Njsscan check
runs-on: ubuntu-latest

steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: nodejsscan scan
id: njsscan
uses: ajinabraham/njsscan-action@master
with:
args: '.'

publish:
runs-on: ubuntu-latest
needs: [build-node-versions, njsscan]
if: contains(github.ref, 'refs/tags/')

steps:
- uses: actions/checkout@v3
# Setup .npmrc file to publish to npm
- uses: actions/setup-node@v3
with:
node-version: '14.x'
registry-url: 'https://registry.npmjs.org'
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.ESLINT_CONFIG_MELINDA_BACKEND_NPM_TOKEN }}
Loading

0 comments on commit a1b623c

Please sign in to comment.