-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #51 from MeasureAuthoringTool/slack/addingNpmPubli…
…shWorkflow slack/addingNpmPublishWorkflow: Adding .github directory with actions…
- Loading branch information
Showing
65 changed files
with
52,453 additions
and
54,725 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| # Code owners: | ||
| * @MeasureAuthoringTool/madie-developers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| ## MADiE PR | ||
|
|
||
| Jira Ticket: [MAT-0000](https://jira.cms.gov/browse/MAT-0000) | ||
| (Optional) Related Tickets: | ||
|
|
||
| ### Summary | ||
|
|
||
| ### All Submissions | ||
| * [ ] This PR has the JIRA linked. | ||
| * [ ] Required tests are included. | ||
| * [ ] No extemporaneous files are included (i.e Complied files or testing results). | ||
| * [ ] This PR is merging into the **correct branch**. | ||
| * [ ] All Documentation needed for this PR is Complete (or noted in a TODO or other Ticket). | ||
| * [ ] Any breaking changes or failing automations are noted by placing a comment on this PR. | ||
|
|
||
| ### DevSecOps | ||
| If there is a question if this PR has a security or infrastructure impact, please contact the Security or DevOps engineer assigned to this project to discuss it further. | ||
|
|
||
| * [ ] This PR has NO significant security impact (i.e Changing auth methods, Adding a new user type, Adding a required but vulnerable package). | ||
| * [ ] All CDN/Web dependencies are hosted internally (i.e MADiE-Root Repo). | ||
|
|
||
| ### Reviewers | ||
| By Approving this PR you are attesting to the following: | ||
|
|
||
| * Code is maintainable and reusable, reuses existing code and infrastructure where appropriate, and accomplishes the task’s purpose. | ||
| * The tests appropriately test the new code, including edge cases. | ||
| * If you have any concerns they are brought up either to the developer assigned, security engineer, or leads. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: Github Secrets Scanner | ||
|
|
||
| on: [push] | ||
|
|
||
| jobs: | ||
| gitleaks_scan: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| REPO: https://github.com/MeasureAuthoringTool/madie-design-system | ||
| REMOTE_EXCLUDES_URL: https://raw.githubusercontent.com/semanticbits/bmat-gitleaks-automation/master/madie-design-systems/gitleaks.toml | ||
| GITLEAKS_VERSION: v7.5.0 | ||
| steps: | ||
| - name: Execute Gitleaks | ||
| run: | | ||
| wget ${REMOTE_EXCLUDES_URL} -O gitleaks.toml | ||
| wget https://github.com/zricethezav/gitleaks/releases/download/${GITLEAKS_VERSION}/gitleaks-linux-amd64 -O gitleaks | ||
| chmod +x gitleaks | ||
| echo ${GITHUB_SHA} | ||
| echo "gitleaks --repo-url=${REPO} -v --redact --commit=${GITHUB_SHA} --config-path=gitleaks.toml" | ||
| ./gitleaks --repo-url=${REPO} -v --redact --commit=${GITHUB_SHA} --config-path=gitleaks.toml | ||
| - name: Slack notification | ||
| if: failure() | ||
| env: | ||
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | ||
| uses: Ilshidur/action-slack@master | ||
| with: | ||
| args: "Potential Secrets found in: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }} Link to build with full gitleaks output: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }}/checks" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| name: npm-publish | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| jobs: | ||
| npm-publish: | ||
| name: npm-publish | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Use Node.js 14.x | ||
| uses: actions/setup-node@v2-beta | ||
| with: | ||
| node-version: 14.x | ||
|
|
||
| - name: Cache node modules | ||
| uses: actions/cache@v2 | ||
| env: | ||
| cache-name: cache-node-modules | ||
| with: | ||
| path: ~/.npm | ||
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-build-${{ env.cache-name }}- | ||
| ${{ runner.os }}-build- | ||
| ${{ runner.os }}- | ||
| - name: Install node dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Audit dependencies for security vulnerabilities | ||
| run: npm audit | ||
|
|
||
| - name: Lint the source code | ||
| run: npm run-script lint | ||
|
|
||
| - name: Check prettier formatting | ||
| run: npm run-script check-format | ||
|
|
||
| - name: Build the source code | ||
| run: npm run build | ||
|
|
||
| - name: Execute test coverage | ||
| run: npm run-script coverage | ||
|
|
||
| - name: Publish if version has been updated | ||
| uses: pascalgn/npm-publish-action@master | ||
| with: # All of theses inputs are optional | ||
| tag_name: "v%s" | ||
| tag_message: "v%s" | ||
| commit_pattern: "[\\s\\S]*Release (\\S+)" | ||
| publish_args: " --access public" | ||
| env: # More info about the environment variables in the README | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Leave this as is, it's automatically generated | ||
| NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| name: Storybook | ||
| on: | ||
| push: | ||
| branches: | ||
| - develop # if any push happens on branch `develop`, run this workflow. You could also add `paths` to detect changes in specific folder | ||
|
|
||
| jobs: | ||
| build-and-deploy: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/[email protected] | ||
|
|
||
| - name: Install and Build | ||
| run: | | ||
| npm ci | ||
| npm run build-storybook | ||
| - name: Deploy | ||
| uses: "@madie/madie-design-system/[email protected]" | ||
| with: | ||
| branch: develop | ||
| folder: storybook-static # output folder from `npm run build-storybook` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| # This workflow will do the following: | ||
| # - perform a clean install of node dependencies | ||
| # - lint the source code for errors | ||
| # - build the source code | ||
| # - run tests and capture code coverage | ||
| # - run end-to-end tests | ||
| # - upload the code coverage report to Codacy | ||
| # - upload the code coverage report to Codecov | ||
|
|
||
| name: Continuous Integration | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, develop] | ||
| pull_request: | ||
| branches: [main, develop] | ||
|
|
||
| jobs: | ||
| node_matrix: | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| version: [14, 16] | ||
| name: Checkout, install, lint, build and test with coverage | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Use Node.js (matrix) | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: ${{ matrix.version }} | ||
|
|
||
| - name: Cache node modules | ||
| uses: actions/cache@v3 | ||
| env: | ||
| cache-name: cache-node-modules | ||
| with: | ||
| path: ~/.npm | ||
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-build-${{ env.cache-name }}- | ||
| ${{ runner.os }}-build- | ||
| ${{ runner.os }}- | ||
| - name: Install node dependencies | ||
| working-directory: ./react | ||
| run: npm ci | ||
|
|
||
| - name: Audit dependencies for security vulnerabilities | ||
| working-directory: ./react | ||
| run: npm audit --production | ||
|
|
||
| - name: Lint the source code | ||
| working-directory: ./react | ||
| run: npm run-script lint | ||
|
|
||
| - name: Check prettier formatting | ||
| working-directory: ./react | ||
| run: npm run-script check-format | ||
|
|
||
| - name: Build the source code | ||
| working-directory: ./react | ||
| run: npm run build | ||
|
|
||
| - name: Execute test coverage | ||
| working-directory: ./react | ||
| run: npm run-script coverage | ||
|
|
||
| - name: Store the coverage report as an artifact | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: coverage | ||
| path: react/coverage/lcov.info | ||
|
|
||
| upload-codacy-coverage: | ||
| name: Upload code coverage to Codacy | ||
| needs: node_matrix | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Download coverage artifact | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: coverage | ||
|
|
||
| - name: Upload code coverage to Codacy | ||
| uses: codacy/codacy-coverage-reporter-action@master | ||
| with: | ||
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | ||
| coverage-reports: lcov.info | ||
|
|
||
| upload-codecov-coverage: | ||
| name: Upload code coverage to Codecov | ||
| needs: node_matrix | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
| - name: Download coverage artifact | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: coverage | ||
|
|
||
| - name: Upload code coverage to Codecov | ||
| uses: codecov/codecov-action@v2 | ||
| with: | ||
| file: lcov.info | ||
| fail_ci_if_error: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.