Fix Readme #517
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| NX_CLOUD_ACCESS_TOKEN: ${{secrets.NX_CLOUD_ACCESS_TOKEN}} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 7 | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Set base and head SHAs for nx | |
| uses: nrwl/nx-set-shas@v3 | |
| - name: Run linting | |
| run: NX_BRANCH=$GITHUB_HEAD_REF pnpx nx affected --target=lint --parallel=10 | |
| # +++ COMMENTED OUT BECAUSE THIS IS A SEPARATE ISSUE: https://github.com/Frachtwerk/essencium-frontend/issues/221 +++ | |
| # unit-tests: | |
| # name: Unit Tests | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout repo | |
| # uses: actions/checkout@v3 | |
| # with: | |
| # fetch-depth: 0 | |
| # - name: Install pnpm | |
| # uses: pnpm/action-setup@v2 | |
| # with: | |
| # version: 7 | |
| # - name: Setup Node | |
| # uses: actions/setup-node@v3 | |
| # with: | |
| # node-version: 18 | |
| # cache: 'pnpm' | |
| # - name: Install dependencies | |
| # run: pnpm install --frozen-lockfile | |
| # - name: Set base and head SHAs for nx | |
| # uses: nrwl/nx-set-shas@v3 | |
| # - name: Run unit tests | |
| # run: NX_BRANCH=$GITHUB_HEAD_REF pnpx nx affected --target=test:unit --parallel=10 | |
| # e2e-tests: | |
| # name: E2E Tests | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout repo | |
| # uses: actions/checkout@v3 | |
| # with: | |
| # fetch-depth: 0 | |
| # - name: Install pnpm | |
| # uses: pnpm/action-setup@v2 | |
| # with: | |
| # version: 7 | |
| # - name: Setup Node | |
| # uses: actions/setup-node@v3 | |
| # with: | |
| # node-version: 18 | |
| # cache: 'pnpm' | |
| # - name: Install dependencies | |
| # run: pnpm install --frozen-lockfile | |
| # - name: Get installed Playwright version | |
| # run: echo "PLAYWRIGHT_VERSION=$(node -e "console.log(require('./packages/app/package.json').dependencies['@playwright/test'])")" >> $GITHUB_ENV | |
| # - name: Cache Playwright | |
| # uses: actions/cache@v3 | |
| # id: playwright-cache | |
| # with: | |
| # path: ~/.cache/ms-playwright | |
| # key: ${{ runner.os }}-playwright-${{ env.PLAYWRIGHT_VERSION }} | |
| # - name: Install Playwright | |
| # run: pnpx playwright install --with-deps | |
| # - name: Run E2E tests | |
| # run: pnpm test:e2e | |
| # env: | |
| # ADMIN_USERNAME: ${{ secrets.ADMIN_USERNAME }} | |
| # ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }} | |
| # Not active as long as repo is private, because otherwise the Artifact storage quota will be exceeded. | |
| # - name: Upload E2E test results | |
| # uses: actions/upload-artifact@v3 | |
| # if: always() | |
| # with: | |
| # name: e2e-test-results | |
| # path: | | |
| # packages/app/test-results | |
| # packages/app/playwright-report | |
| security: | |
| name: Vulnerability Scan | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| ignore-unfixed: true | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 7 | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Set base and head SHAs for nx | |
| uses: nrwl/nx-set-shas@v3 | |
| - name: Build | |
| if: steps.cache-dist.outputs.cache-hit != 'true' | |
| run: NX_BRANCH=$GITHUB_HEAD_REF pnpx nx build @frachtwerk/essencium-app | |
| env: | |
| ADMIN_USERNAME: ${{ secrets.ADMIN_USERNAME }} | |
| ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }} | |
| - name: Upload 'lib' dist folder | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: lib-dist | |
| path: packages/lib/dist | |
| - name: Upload 'types' dist folder | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: types-dist | |
| path: packages/types/dist | |
| - name: Cache dist folder for 'app' package | |
| id: cache-dist | |
| uses: actions/cache@v3 | |
| env: | |
| cache-name: cache-dist | |
| with: | |
| path: packages/app/dist | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('pnpm-lock.yaml') }} | |
| release: | |
| name: Release | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| needs: [lint, build, security] # [lint, unit-tests, e2e-tests, build, security] | |
| steps: | |
| - name: Release Please | |
| uses: google-github-actions/release-please-action@v3 | |
| id: release | |
| with: | |
| release-type: node | |
| command: manifest | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: 7 | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| cache: 'pnpm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Download 'lib' dist folder | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: lib-dist | |
| path: packages/lib/dist | |
| - name: Download 'types' dist folder | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: types-dist | |
| path: packages/types/dist | |
| - name: Publish 'lib' package | |
| run: pnpm publish --filter "@frachtwerk/essencium-lib" --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish 'types' package | |
| run: pnpm publish --filter "@frachtwerk/essencium-types" --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish 'prettier-config-essencium' package | |
| run: pnpm publish --filter "@frachtwerk/prettier-config-essencium" --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish 'eslint-config-essencium' package | |
| run: pnpm publish --filter "@frachtwerk/eslint-config-essencium" --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |