-
Notifications
You must be signed in to change notification settings - Fork 0
87 lines (77 loc) · 2.74 KB
/
development-workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: development pipeline
on:
# Runs on pushes targeting the default branch
push:
branches: ["develop", "feature/*"]
pull_request:
branches: ["develop", "feature/*"]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
id-token: write
jobs:
# Build job
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Detect package manager
id: detect-package-manager
run: |
if [ -f "${{ github.workspace }}/yarn.lock" ]; then
echo "manager=yarn" >> $GITHUB_OUTPUT
echo "command=install" >> $GITHUB_OUTPUT
echo "runner=yarn" >> $GITHUB_OUTPUT
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "manager=npm" >> $GITHUB_OUTPUT
echo "command=ci" >> $GITHUB_OUTPUT
echo "runner=npx --no-install" >> $GITHUB_OUTPUT
exit 0
else
echo "Unable to determine package manager" >&2
exit 1
fi
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: "20"
cache: ${{ steps.detect-package-manager.outputs.manager }}
- name: Restore cache
uses: actions/cache@v3
with:
path: |
.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-
- name: Install dependencies
run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
- name: Build with Next.js
run: npm run build
# Snyk security scan job
snyk_scan:
runs-on: ubuntu-latest
needs: build # Ensure the build job completes before running Snyk scan
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Snyk CLI
run: npm install -g snyk # Install Snyk CLI globally
- name: Authenticate with Snyk
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: npx snyk auth $SNYK_TOKEN
- name: Run Snyk security scan
run: npx snyk test
- name: Upload Snyk results
uses: actions/upload-artifact@v2
with:
name: snyk-results
path: snyk-output.json