vscode-cmsis-debugger/.github/workflows/nightly.yml at 0caa1c40e8ea0b0dd39e8f009f5b2764882e1b65 · Open-CMSIS-Pack/vscode-cmsis-debugger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: Nightly

on:
  schedule:
    - cron: '0 3 * * *'  # nightly at 03:00 UTC
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  build:
    strategy:
      matrix:
        platform: [ubuntu-24.04, windows-2022, macos-14]
        include:
          - platform: ubuntu-24.04
            target: linux
          - platform: windows-2022
            target: windows
          - platform: macos-14
            target: darwin
    runs-on: ${{ matrix.platform }}
    permissions:
      packages: read
    name: 'Build and test (${{ matrix.target }})'

    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - run: git config --global core.autocrlf false
      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          fetch-depth: 0
          submodules: true

      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          node-version-file: package.json
          registry-url: https://npm.pkg.github.com
          always-auth: true
          package-manager-cache: false

      - name: Set version
        if: runner.os == 'Linux' && github.repository_owner == 'Open-CMSIS-Pack'
        run: |
          DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+')
          QUALIFIER=$(git describe --tags | grep -Eo '[0-9]+\-g[0-9a-f]+$')
          yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}"
          yarn version --no-git-tag-version --prepatch --preid "${{ github.ref_name }}${QUALIFIER}"
          VERSION="$(jq -r ".version" < package.json)"
          sed -i "s/## Unreleased/## ${VERSION}/" CHANGELOG.md
          echo "Version is ${VERSION}"

      - name: Remove badges
        if: runner.os == 'Linux'
        run: |
          sed -i "/https:\/\/qlty\.sh\/gh/d" README.md
          sed -i "/https:\/\/securityscorecards\.dev\/viewer/d" README.md

      - name: Install dependencies
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: yarn --frozen-lockfile --prefer-offline --ignore-scripts

      - name: Build on Windows or macOS
        if: runner.os != 'Linux'
        run: yarn build:no-lint

      - name: Build on Linux
        if: runner.os == 'Linux'
        run: yarn build

      - name: Check copyright
        run: yarn copyright:check

      - name: Test
        run: yarn test

      - name: Upload dist
        if: runner.os == 'Linux'
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: dist
          path: |
            ./README.md
            ./CHANGELOG.md
            ./package.json
            ./dist
          retention-days: 1

      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        if: runner.os == 'Linux'
        with:
          name: test-coverage
          path: ./coverage

      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: test-report-${{ matrix.target }}
          path: ./test-report.html

      - name: Publish coverage report to QLTY
        if: github.repository_owner == 'Open-CMSIS-Pack' && runner.os == 'Linux'
        uses: qltysh/qlty-action/coverage@a19242102d17e497f437d7466aa01b528537e899 # v1
        with:
          token: ${{ secrets.QLTY_COVERAGE_TOKEN }}
          files: coverage/lcov.info

  package:
    name: Package
    runs-on: [ubuntu-latest]
    needs: build
    strategy:
      fail-fast: true
      matrix:
        target:
          - win32-x64
          - win32-arm64
          - linux-x64
          - linux-arm64
          - darwin-arm64
    permissions:
      packages: read
      actions: read # For fetching workflow artifacts with 'download-tools --nightly'
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0

      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          node-version-file: package.json
          registry-url: https://npm.pkg.github.com
          always-auth: true
          package-manager-cache: false

      - name: Download dist
        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
        with:
          name: dist
          path: .

      - name: Download tools (Nightly Builds)
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          yarn --frozen-lockfile --ignore-scripts --prefer-offline
          yarn download-tools:nightly --target ${{ matrix.target }} --no-cache

      - name: Create vsix package
        run: |
          yarn package --target ${{ matrix.target }}

      - name: Upload package
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: vsix-package-${{ matrix.target }}
          path: ./*.vsix
          retention-days: 1