This repository has been archived by the owner on Aug 13, 2024. It is now read-only.

Build

Build #3655

Workflow file for this run

	name: Build
	on:
	pull_request:
	branches: [main]
	push:
	branches: [main]
	schedule:
	- cron: '32 13 * * 5'


	permissions:
	contents: read

	concurrency:
	# only run a single build wf per PR, cancel any existing (preceding) runs
	# for this PR.
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	jobs:
	lint:
	name: 'Lint'
	if: "!contains(github.event.head_commit.message, 'skip ci')
	&& github.event_name != 'schedule'
	"
	runs-on: ubuntu-latest

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
	with:
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	codeload.github.com:443
	github.com:443
	registry.yarnpkg.com:443
	registry.npmjs.org:443

	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Setup
	uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
	with:
	node-version: 'lts/*'
	cache: yarn

	- name: Install
	run: yarn install --immutable

	- name: Lint
	run: yarn run lint

	testprojects:
	name: 'Determine test projects'
	runs-on: ubuntu-latest
	if: "!contains(github.event.head_commit.message, 'skip ci')
	&& github.event_name != 'schedule'
	"

	outputs:
	projects: ${{ steps.set-projects.outputs.projects }}

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	codeload.github.com:443
	github.com:443
	registry.yarnpkg.com:443
	registry.npmjs.org:443

	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Setup
	uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
	with:
	node-version: 'lts/*'
	cache: yarn

	- name: Install
	run: yarn install --immutable

	- id: set-projects
	name: Determine jest project names
	run: \|
	PROJECTS=$(yarn run jest --showConfig \| jq -c '.globalConfig.projects \| map(.displayName)')
	echo "projects=${PROJECTS}" >> $GITHUB_OUTPUT

	test:
	name: Test ${{ matrix.project }}
	if: "!contains(github.event.head_commit.message, 'skip ci')
	&& github.event_name != 'schedule'
	"
	needs: testprojects
	runs-on: ubuntu-latest
	strategy:
	fail-fast: true
	matrix:
	project: ${{ fromJSON( needs.testprojects.outputs.projects ) }}

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
	with:
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	codeload.github.com:443
	github.com:443
	registry.yarnpkg.com:443
	registry.npmjs.org:443
	uploader.codecov.io:443
	codecov.io:443
	storage.googleapis.com:443

	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Setup
	uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
	with:
	node-version: 'lts/*'
	cache: yarn

	- name: Install
	run: yarn install --immutable

	- name: Run tests
	run: yarn test --coverage --selectProjects "${{ matrix.project }}"

	- name: Upload coverage reports to Codecov
	uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3.1.6
	with:
	directory: coverage
	flags: ${{ matrix.project }}
	token: ${{ secrets.CODECOV_TOKEN }}

	test-summary:
	name: Test matrix status
	runs-on: ubuntu-latest
	needs: [test]
	if: "always()
	&& !contains(github.event.head_commit.message, 'skip ci')
	&& github.event_name != 'schedule'
	"
	steps:
	- name: Decide whether the needed jobs succeeded or failed
	uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
	with:
	jobs: ${{ toJSON(needs) }}

	analyze:
	name: Analyze
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
	with:
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	codeload.github.com:443
	github.com:443
	uploads.github.com:443
	objects.githubusercontent.com:443

	- name: Checkout repository
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
	with:
	languages: javascript

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
	with:
	category: "/language:javascript"

	release:
	name: Release
	if: "!contains(github.event.head_commit.message, 'skip ci')
	&& github.event_name == 'push'
	"
	needs:
	- lint
	- test-summary
	- analyze
	runs-on: ubuntu-latest

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
	with:
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	codeload.github.com:443
	github.com:443
	registry.yarnpkg.com:443
	registry.npmjs.org:443
	uploads.github.com:443

	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	with:
	token: ${{ secrets.DEPLOY_TOKEN }}
	ref: ${{ github.event.workflow_run.head_branch }}

	- name: Setup
	uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
	with:
	node-version: 'lts/*'
	cache: yarn

	- name: Install
	run: yarn install --immutable

	- name: Release
	env:
	GH_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
	HUSKY: 0
	run: yarn run release

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build #3655

Workflow file

Build #3655

Jobs

Run details

Workflow file for this run