forked from RaminNietzsche/CVE-Radar
-
Notifications
You must be signed in to change notification settings - Fork 0
118 lines (99 loc) · 3.23 KB
/
Copy pathci-app.yml
File metadata and controls
118 lines (99 loc) · 3.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Category: CI | App quality gate — lint, format, typecheck, tests, OpenAPI, build.
# GitHub only loads workflows directly under .github/workflows/ (not subfolders).
# PR path filters: run workflow_dispatch on this file if required checks were skipped.
name: CI / App
on:
pull_request:
branches: [main]
paths: &app-paths
- "src/**"
- "server/**"
- "shared/**"
- "tests/**"
- "public/**"
- "package.json"
- "package-lock.json"
- "tsconfig*.json"
- "vite.config.ts"
- "eslint.config.js"
- "index.html"
- "Makefile"
- "scripts/check-*.sh"
- "scripts/icons/**"
- "server/openapi/**"
- "extended-docs/docs/assets/cve-openapi.json"
- ".github/workflows/ci-app.yml"
- ".github/workflows/security-audit.yml"
push:
branches: [main]
paths: *app-paths
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ci-app-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
app:
name: App (lint · typecheck · build)
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- name: Setup Node.js
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version-file: .nvmrc
cache: npm
- name: Install dependencies
run: npm ci
- name: ESLint
run: npm run lint
- name: Prettier
run: npm run format:check
- name: TypeScript
run: npm run typecheck
- name: Check Mergify token
id: mergify
env:
TOKEN: ${{ secrets.MERGIFY_TOKEN }}
run: |
if [ -n "$TOKEN" ]; then
echo "configured=true" >> "$GITHUB_OUTPUT"
else
echo "configured=false" >> "$GITHUB_OUTPUT"
echo "::warning::MERGIFY_TOKEN is not set — Test Insights JUnit upload skipped. See .github/MERGIFY.md"
fi
- name: Tests
id: tests
continue-on-error: true
run: npm run test:ci
- name: Verify JUnit report
if: ${{ !cancelled() && steps.tests.outcome != 'skipped' }}
run: npm run verify:junit
- name: Upload test results to Mergify
if: always() && steps.tests.outcome != 'skipped' && steps.mergify.outputs.configured == 'true'
continue-on-error: true
uses: mergifyio/gha-mergify-ci@b84ac7a157d960a0763fc24243af0bdafa2d3241 # v19
with:
action: junit-process
token: ${{ secrets.MERGIFY_TOKEN }}
report_path: junit.xml
test_step_outcome: ${{ steps.tests.outcome }}
- name: Fail if tests failed
if: steps.tests.outcome == 'failure'
run: exit 1
- name: OpenAPI sync
run: npm run check:openapi
- name: Brand icons sync
run: npm run icons:check
- name: Production build
run: npm run build && npm run build:server
- name: Upload dist artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: dist
path: dist/
retention-days: 7
if-no-files-found: error