Merge pull request #186 from noctua84/dependabot/npm_and_yarn/ejs-3.1.10 #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Main workflow for this application to provide continuous integration steps like | |
# - check for dependency updates (ncu) | |
# - coverage | |
# - build | |
# - release and changelog automation | |
name: CI Pipeline | |
# settings when the pipeline is triggered | |
on: | |
push: | |
branches: | |
- main | |
# allow manual runs | |
workflow_dispatch: | |
# permissions for this workflow | |
permissions: | |
contents: write | |
pull-requests: write | |
packages: write | |
# The jobs, this workflow runs | |
jobs: | |
check_dependencies: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install dependencies | |
run: npm install | |
- name: Check for package updates | |
run: npx ncu -d -u | |
- name: Reinstall dependencies | |
id: reinstall_dependencies | |
run: npm ci || echo "reinstall_failed=true" >> "$GITHUB_OUTPUT" | |
- name: Check if package.json has changed | |
id: check_package_json | |
if: steps.reinstall_dependencies.outputs.reinstall_failed != 'true' | |
run: git diff --quiet HEAD -- package.json || echo "changed=true" >> "$GITHUB_OUTPUT" | |
- name: Persist changes in package.json | |
if: steps.check_package_json.outputs.changed == 'true' | |
run: | | |
git add package.json package-lock.json | |
git config user.name "GitHub Actions" | |
git config user.email "[email protected]" | |
git commit -m "chore: Update dependencies" | |
git push | |
coverage: | |
name: Coverage Report (CodeCov) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install Dependencies | |
run: npm ci | |
- name: Create Coverage Report | |
run: npm run test:cov | |
- name: Upload Coverage Report | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
sonarcloud: | |
name: SonarCloud | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install Dependencies | |
run: npm ci | |
- name: SonarCloud Scan | |
uses: sonarsource/sonarcloud-github-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
build: | |
runs-on: ubuntu-latest | |
needs: [ check_dependencies ] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Check for dependency updates | |
id: check_updates | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
current_sha=$(git rev-parse HEAD) | |
latest_sha=$(curl --silent --header "Authorization: token $GITHUB_TOKEN" \ | |
https://api.github.com/repos/${{ github.repository }}/commits/${{ github.head_ref }} \ | |
| jq -r '.sha') | |
if [[ "$current_sha" != "$latest_sha" ]]; then | |
echo "updated=true" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Pull latest changes | |
if: steps.check_updates.outputs.updated == 'true' | |
run: git pull | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install dependencies | |
run: npm ci | |
- name: Build the application | |
run: npm run build | |
release-please: | |
needs: | |
- build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Check for dependency updates | |
id: check_updates | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
current_sha=$(git rev-parse HEAD) | |
latest_sha=$(curl --silent --header "Authorization: token $GITHUB_TOKEN" \ | |
https://api.github.com/repos/${{ github.repository }}/commits/${{ github.head_ref }} \ | |
| jq -r '.sha') | |
if [[ "$current_sha" != "$latest_sha" ]]; then | |
echo "updated=true" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Pull latest changes | |
if: steps.check_updates.outputs.updated == 'true' | |
run: git pull | |
- name: Create Release and Changelog | |
id: create_release | |
uses: google-github-actions/release-please-action@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
release-type: node | |
- name: Add Label to Release-PR | |
id: add_label | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
result-encoding: string | |
retries: 3 | |
script: | | |
const script = require('./.github/scripts/addLabelToRelease.js'); | |
await script({ github, context, core }); | |
- name: Check PR Status | |
id: check_pr_status | |
if: steps.add_label.outputs.labelAdded == 'true' | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
result-encoding: string | |
retries: 3 | |
script: | | |
const script = require('./.github/scripts/checkPrStatus.js'); | |
await script({ github, context, core }); | |
- name: Merge Release PR | |
if: steps.check_pr_status.outputs.ready == 'true' | |
uses: pascalgn/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
MERGE_DELETE_BRANCH: "true" | |
MERGE_RETRIES: 3 | |
MERGE_RETRY_SLEEP: 100 | |
LOG: "DEBUG" | |