Build

Merge pull request #142 from timoa/snyk-fix-0fd47de901fe9854a345b7d61… #2063

Workflow file for this run

	name: Build

	on: [push]

	jobs:

	# -- TESTS ------------------------------------------------------------------
	tests:
	runs-on: ubuntu-latest

	strategy:
	matrix:
	node: ['16']

	steps:
	- name: Checkout
	uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0

	- name: Setup Node.js ${{ matrix.node }}
	uses: actions/setup-node@5b52f097d36d4b0b2f94ed6de710023fbb8b2236 # tag=v3.1.0
	with:
	node-version: ${{ matrix.node }}
	check-latest: true

	- name: Install dependencies
	run: npm install

	- name: Run unit-tests + Code Coverage
	run: npm run test:coverage

	- name: Save Code Coverage
	uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
	with:
	name: code-coverage
	path: coverage

	# -- SONARCLOUD -------------------------------------------------------------
	code-quality:
	runs-on: ubuntu-latest
	needs: tests

	steps:
	- name: Checkout
	uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0

	- name: Download Code Coverage
	uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0
	with:
	name: code-coverage
	path: coverage

	- name: Get App Version
	run: ./scripts/version.sh

	- name: SonarCloud Scan
	uses: sonarsource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	# -- SAST SCAN --------------------------------------------------------------
	code-security:
	runs-on: ubuntu-latest
	needs: tests
	# Skip any PR created by dependabot to avoid permission issues
	if: (github.actor != 'dependabot[bot]')

	steps:
	- name: Checkout
	uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # tag=v3

	- name: Perform Scan
	uses: ShiftLeftSecurity/scan-action@master

	env:
	WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SCAN_ANNOTATE_PR: true

	- uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
	with:
	name: reports
	path: reports

	# -- RELEASE ----------------------------------------------------------------
	release:
	runs-on: ubuntu-latest
	needs:
	- code-quality
	- code-security
	if: github.ref == 'refs/heads/master'

	steps:
	- name: Checkout
	uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # tag=v3

	- name: Semantic Release
	uses: cycjimmy/semantic-release-action@3b88c82b34098e8b51e401c1082c9170b0a3ec3c # tag=v3.0.0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	# -- BUILD ------------------------------------------------------------------
	build:
	runs-on: ubuntu-latest
	needs: release

	strategy:
	matrix:
	node: ['16']

	steps:
	- name: Checkout
	uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0

	- name: Setup Node.js ${{ matrix.node }}
	uses: actions/setup-node@5b52f097d36d4b0b2f94ed6de710023fbb8b2236 # tag=v3.1.0
	with:
	node-version: ${{ matrix.node }}
	check-latest: true

	- name: Install dependencies
	run: npm install

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #142 from timoa/snyk-fix-0fd47de901fe9854a345b7d61… #2063

Workflow file

Merge pull request #142 from timoa/snyk-fix-0fd47de901fe9854a345b7d61… #2063

Jobs

Run details

Workflow file for this run