Nightly #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Nightly | |
| on: | |
| schedule: | |
| - cron: '0 3 * * *' # nightly at 03:00 UTC | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| platform: [ubuntu-24.04, windows-2022, macos-14] | |
| include: | |
| - platform: ubuntu-24.04 | |
| target: linux | |
| - platform: windows-2022 | |
| target: windows | |
| - platform: macos-14 | |
| target: darwin | |
| runs-on: ${{ matrix.platform }} | |
| permissions: | |
| packages: read | |
| name: 'Build and test (${{ matrix.target }})' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - run: git config --global core.autocrlf false | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| node-version-file: package.json | |
| registry-url: https://npm.pkg.github.com | |
| always-auth: true | |
| package-manager-cache: false | |
| - name: Set version | |
| if: runner.os == 'Linux' && github.repository_owner == 'Open-CMSIS-Pack' | |
| run: | | |
| DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+') | |
| QUALIFIER=$(git describe --tags | grep -Eo '[0-9]+\-g[0-9a-f]+$') | |
| yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}" | |
| yarn version --no-git-tag-version --prepatch --preid "${{ github.ref_name }}${QUALIFIER}" | |
| VERSION="$(jq -r ".version" < package.json)" | |
| sed -i "s/## Unreleased/## ${VERSION}/" CHANGELOG.md | |
| echo "Version is ${VERSION}" | |
| - name: Remove badges | |
| if: runner.os == 'Linux' | |
| run: | | |
| sed -i "/https:\/\/qlty\.sh\/gh/d" README.md | |
| sed -i "/https:\/\/securityscorecards\.dev\/viewer/d" README.md | |
| - name: Install dependencies | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: yarn --frozen-lockfile --prefer-offline --ignore-scripts | |
| - name: Build on Windows or macOS | |
| if: runner.os != 'Linux' | |
| run: yarn build:no-lint | |
| - name: Build on Linux | |
| if: runner.os == 'Linux' | |
| run: yarn build | |
| - name: Check copyright | |
| run: yarn copyright:check | |
| - name: Test | |
| run: yarn test | |
| - name: Upload dist | |
| if: runner.os == 'Linux' | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: dist | |
| path: | | |
| ./README.md | |
| ./CHANGELOG.md | |
| ./package.json | |
| ./dist | |
| retention-days: 1 | |
| - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: runner.os == 'Linux' | |
| with: | |
| name: test-coverage | |
| path: ./coverage | |
| - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-report-${{ matrix.target }} | |
| path: ./test-report.html | |
| - name: Publish coverage report to QLTY | |
| if: github.repository_owner == 'Open-CMSIS-Pack' && runner.os == 'Linux' | |
| uses: qltysh/qlty-action/coverage@a19242102d17e497f437d7466aa01b528537e899 # v1 | |
| with: | |
| token: ${{ secrets.QLTY_COVERAGE_TOKEN }} | |
| files: coverage/lcov.info | |
| package: | |
| name: Package | |
| runs-on: [ubuntu-latest] | |
| needs: build | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| target: | |
| - win32-x64 | |
| - win32-arm64 | |
| - linux-x64 | |
| - linux-arm64 | |
| - darwin-arm64 | |
| permissions: | |
| packages: read | |
| actions: read # For fetching workflow artifacts with 'download-tools --nightly' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| node-version-file: package.json | |
| registry-url: https://npm.pkg.github.com | |
| always-auth: true | |
| package-manager-cache: false | |
| - name: Download dist | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: dist | |
| path: . | |
| - name: Download tools (Nightly Builds) | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| yarn --frozen-lockfile --ignore-scripts --prefer-offline | |
| yarn download-tools:nightly --target ${{ matrix.target }} --no-cache | |
| - name: Create vsix package | |
| run: | | |
| yarn package --target ${{ matrix.target }} | |
| - name: Upload package | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: vsix-package-${{ matrix.target }} | |
| path: ./*.vsix | |
| retention-days: 1 |