vscode-cmsis-debugger/.github/workflows/ci.yml at f2456fe69e4172420ecd2ee547b222650c1a5a55 · Open-CMSIS-Pack/vscode-cmsis-debugger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
name: CI

on:
  push:
    branches:
      - main
    paths-ignore:
      - '**/*.md'
  pull_request:
    branches:
      - main
    paths-ignore:
      - '**/*.md'
  workflow_dispatch:
  merge_group:
  release:
    types: [published]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  build:
    name: Build and test
    runs-on: [ubuntu-latest]
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
          submodules: true

      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: package.json
          registry-url: https://npm.pkg.github.com
          always-auth: true
          cache: 'yarn'

      - name: Set version
        if: github.repository_owner == 'Open-CMSIS-Pack'
        run: |
          case ${{ github.event_name }} in
            release)
              TAG="${{ github.event.release.tag_name }}"
              yarn version --no-git-tag-version --new-version "${TAG#v}"
              ;;
            pull_request)
              DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+')
              QUALIFIER=$(git describe --tags | grep -Eo '\-g[0-9a-f]+$')
              yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}"
              yarn version --no-git-tag-version --prepatch --preid "pr${{ github.event.number }}${QUALIFIER}"
              ;;
            *)
              DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+')
              QUALIFIER=$(git describe --tags | grep -Eo '[0-9]+\-g[0-9a-f]+$')
              yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}"
              yarn version --no-git-tag-version --prepatch --preid "${{ github.ref_name }}${QUALIFIER}"
              ;;
          esac
          VERSION="$(jq -r ".version" < package.json)"
          sed -i "s/## Unreleased/## ${VERSION}/" CHANGELOG.md
          echo "Version is ${VERSION}"

      - name: Remove Badges for dist
        run: |
          sed -i "/https:\/\/qlty\.sh\/gh/d" README.md
          sed -i "/https:\/\/securityscorecards\.dev\/viewer/d" README.md

      - name: Build
        env:
          GITHUB_TOKEN: ${{github.token}}
        run: yarn --frozen-lockfile --prefer-offline

      - name: Check copyright
        run: yarn copyright:check

      - name: Test
        run: yarn test

      - name: Upload dist
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: dist
          path: |
            ./README.md
            ./CHANGELOG.md
            ./package.json
            ./dist
          retention-days: 1

      - name: Commit changelog
        if: false && github.event_name == 'release'
        run: |
          sed -i '3i ## Unreleased\n' CHANGELOG.md
          git checkout main
          git config user.name github-actions
          git config user.email git@github.com
          git add CHANGELOG.md
          git commit -m "Update CHANGELOG.md after release [skip ci]"
          git push

      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: test-coverage
          path: ./coverage

      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: test-report
          path: ./test-report.html

      - name: Publish coverage report to QLTY
        if: github.repository_owner == 'Open-CMSIS-Pack'
        uses: qltysh/qlty-action/coverage@f13b3559771beedd11e68b03d49512f3c21a75ba # v1
        with:
          token: ${{ secrets.QLTY_COVERAGE_TOKEN }}
          files: coverage/lcov.info

  package:
    name: Package
    runs-on: [ubuntu-latest]
    needs: build
    strategy:
      fail-fast: true
      matrix:
        target:
          - win32-x64
          - linux-x64
          - linux-arm64
          - darwin-arm64
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: package.json
          registry-url: https://npm.pkg.github.com
          always-auth: true
          cache: 'yarn'

      - name: Download dist
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: dist
          path: .

      - name: Cache tools
        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.6
        with:
          path: tools
          key: tools-${{ matrix.target }}-${{ github.head_ref || github.ref_name }}
          restore-keys: |
            tools-${{ matrix.target }}-${{ github.base_ref || 'main' }}
            tools-${{ matrix.target }}-

      - name: Download tools
        run: |
          yarn --frozen-lockfile --ignore-scripts --prefer-offline
          yarn download-tools --target ${{ matrix.target }} --no-cache

      - name: Create vsix package
        run: |
          yarn package --target ${{ matrix.target }}

      - name: Upload package
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: vsix-package-${{ matrix.target }}
          path: ./*.vsix
          retention-days: 1

  publish:
    name: Publish release
    runs-on: [ubuntu-latest]
    if: github.event_name == 'release'
    needs: package
    permissions:
      contents: write  # for softprops/action-gh-release to create a GitHub release
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Download packages
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          pattern: vsix-package-*

      - name: Download coverage report
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          pattern: test-coverage

      - name: Download test report
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          pattern: test-report

      - name: Zip test report
        run: zip -r test-report.zip *
        working-directory: test-report

      - name: Zip test coverage
        run: zip -r test-coverage.zip *
        working-directory: test-coverage

      - name: Attach packages
        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
        with:
          files: |
            **/*.vsix
            test-coverage/test-coverage.zip
            test-report/test-report.zip