Build

chore(deps): lock file maintenance #1946

Workflow file for this run

	name: Build

	on: [push]

	jobs:

	# -- TESTS ------------------------------------------------------------------
	tests:
	name: Tests
	runs-on: ubuntu-latest

	strategy:
	matrix:
	node: ['16']

	steps:
	- name: Harden GitHub Actions Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Setup Node.js ${{ matrix.node }}
	uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
	with:
	node-version: ${{ matrix.node }}
	check-latest: true

	- name: Install dependencies
	run: npm install

	- name: Run Unit-Tests + Code Coverage
	run: npm run test:coverage

	- name: Save Code Coverage
	uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1
	with:
	name: code-coverage
	path: coverage

	# -- SONARCLOUD -------------------------------------------------------------
	code-quality:
	name: Code Quality
	runs-on: ubuntu-latest
	needs: tests

	steps:
	- name: Harden GitHub Actions Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Download Code Coverage
	uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
	with:
	name: code-coverage
	path: coverage

	- name: Get App Version
	run: ./scripts/version.sh

	- name: SonarCloud Scan
	uses: sonarsource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	# -- SAST SCAN --------------------------------------------------------------
	code-security:
	name: Code Security
	runs-on: ubuntu-latest
	needs: tests
	# Skip any PR created by dependabot to avoid permission issues
	if: (github.actor != 'dependabot[bot]')

	steps:
	- name: Harden GitHub Actions Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Perform Scan
	uses: ShiftLeftSecurity/scan-action@master

	env:
	WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SCAN_ANNOTATE_PR: true

	- uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1
	with:
	name: reports
	path: reports

	# -- RELEASE ----------------------------------------------------------------
	release:
	name: Release
	runs-on: ubuntu-latest
	needs:
	- code-quality
	- code-security
	if: github.ref == 'refs/heads/main'

	steps:
	- name: Harden GitHub Actions Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Semantic Release
	uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d # v3.4.2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	# -- BUILD ------------------------------------------------------------------
	# build:
	# name: Build
	# runs-on: ubuntu-latest
	# needs: release
	# if: github.ref == 'refs/heads/master'

	# steps:
	# - name: Harden GitHub Actions Runner
	# uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813
	# with:
	# egress-policy: audit

	# - name: Checkout
	# uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0

	# - name: Docker meta
	# id: meta
	# uses: docker/metadata-action@f2a13332ac1ce8c0a71aeac48a150dbb1838ab67 # tag=v3.7.0
	# with:
	# images: ${{ github.repository }}
	# tags: \|
	# type=schedule
	# type=ref,event=branch
	# type=ref,event=pr
	# type=semver,pattern={{version}}
	# type=semver,pattern={{major}}.{{minor}}
	# type=semver,pattern={{major}}
	# type=sha
	# type=raw,value=latest

	# - name: Set up QEMU
	# uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # tag=v1.2.0

	# - name: Set up Docker Buildx
	# uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # tag=v1.6.0

	# - name: Login to DockerHub
	# uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # tag=v1.14.1
	# with:
	# username: ${{ secrets.DOCKER_USERNAME }}
	# password: ${{ secrets.DOCKER_PASSWORD }}

	# - name: Build and push
	# uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # tag=v2.10.0
	# with:
	# context: .
	# push: true
	# tags: ${{ steps.meta.outputs.tags }}
	# labels: ${{ steps.meta.outputs.labels }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): lock file maintenance #1946

Workflow file

chore(deps): lock file maintenance #1946

Jobs

Run details

Workflow file for this run