fix(sdk): fix the wrong test case assertion (#7) #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| pr-title-lint: | |
| name: Validate PR title | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: amannn/action-semantic-pull-request@v5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| # Configure which types are allowed (newline-delimited). | |
| # Default: https://github.com/commitizen/conventional-commit-types | |
| types: | | |
| fix | |
| feat | |
| docs | |
| refactor | |
| perf | |
| test | |
| build | |
| revert | |
| # Configure which scopes are allowed (newline-delimited). | |
| # These are regex patterns auto-wrapped in `^ $`. | |
| scopes: | | |
| sdk | |
| api | |
| portal | |
| misc | |
| # Configure that a scope must always be provided. | |
| requireScope: true | |
| # Configure which scopes are disallowed in PR titles (newline-delimited). | |
| # For instance by setting the value below, `chore(release): ...` (lowercase) | |
| # and `ci(e2e,release): ...` (unknown scope) will be rejected. | |
| # These are regex patterns auto-wrapped in `^ $`. | |
| disallowScopes: | | |
| release | |
| [A-Z]+ | |
| # Configure additional validation for the subject based on a regex. | |
| # This example ensures the subject doesn't start with an uppercase character. | |
| subjectPattern: ^(?![A-Z]).+$ | |
| # If `subjectPattern` is configured, you can use this property to override | |
| # the default error message that is shown when the pattern doesn't match. | |
| # The variables `subject` and `title` can be used within the message. | |
| subjectPatternError: | | |
| The subject "{subject}" found in the pull request title "{title}" | |
| didn't match the configured pattern. Please ensure that the subject | |
| doesn't start with an uppercase character. | |
| # If the PR contains one of these newline-delimited labels, the | |
| # validation is skipped. If you want to rerun the validation when | |
| # labels change, you might want to use the `labeled` and `unlabeled` | |
| # event triggers in your workflow. | |
| ignoreLabels: | | |
| bot | |
| ignore-semantic-pull-request | |
| # If you're using a format for the PR title that differs from the traditional Conventional | |
| # Commits spec, you can use these options to customize the parsing of the type, scope and | |
| # subject. The `headerPattern` should contain a regex where the capturing groups in parentheses | |
| # correspond to the parts listed in `headerPatternCorrespondence`. | |
| # See: https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-commits-parser#headerpattern | |
| headerPattern: '^(\w*)(?:\(([\w$.\-*/ ]*)\))?: (.*)$' | |
| headerPatternCorrespondence: type, scope, subject | |
| vulnerability-scan: | |
| name: vulnerability-scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| statuses: read | |
| checks: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - uses: anchore/scan-action/download-grype@v4 | |
| id: grype | |
| - name: code scan | |
| run: ${{steps.grype.outputs.cmd}} -v -o json --file output.json --fail-on high --only-fixed dir:. | |
| - name: Output results to markdown table as a comment on the PR | |
| if: (success() || failure()) && github.event_name == 'pull_request' | |
| run: | | |
| echo '### Library Vulnerability scan results' > table.txt | |
| echo -e 'The following vulnerabilities have been found in libraries included in the repository (some might be dependencies of dependencies).\n' >> table.txt | |
| echo -e 'Critical and High severity vulnerabilities **must** be fixed before the PR can be merged, even if they are dependencies of dependencies.\n' >> table.txt | |
| jq -r '.matches[] | [.artifact.name, .artifact.version, .vulnerability.severity, .vulnerability.fix.versions[0], .vulnerability.id, .vulnerability.dataSource] | @tsv' output.json | awk -v FS="\t" 'BEGIN{print "| Library | Vulnerable version | Severity | Fix version | Vulnerability ID |";print "| ------------ | ------------ | ------------ | ------------ | ------------ |"}{printf "| %s | %s | %s | %s | [%s](%s) |%s",$1,$2,$3,$4,$5,$6,ORS}' >> table.txt | |
| sed -ie 's/Critical/**Critical** :red_circle:/g' table.txt | |
| sed -ie 's/High/**High** :yellow_circle:/g' table.txt | |
| cat table.txt | |
| PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") | |
| gh pr comment $PR_NUMBER -F table.txt | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| unit-test: | |
| name: unit-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: 'zulu' # Alternative distribution options are available. | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Build and analyze SDK | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| run: | | |
| mvn -B verify | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20.12 | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Get npm cache directory | |
| id: npm-cache-dir | |
| shell: bash | |
| working-directory: ./kraken-app/kraken-app-portal | |
| run: echo "dir=$(npm config get cache)" >> "${GITHUB_OUTPUT}" | |
| - uses: actions/cache@v3 | |
| id: npm-cache # use this to check for `cache-hit` ==> if: steps.npm-cache.outputs.cache-hit != 'true' | |
| with: | |
| path: ${{ steps.npm-cache-dir.outputs.dir }} | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - uses: browser-actions/setup-chrome@latest | |
| # Skip post-install scripts here, as a malicious | |
| # script could steal NODE_AUTH_TOKEN. | |
| - run: npm ci --ignore-scripts --legacy-peer-deps | |
| working-directory: ./kraken-app/kraken-app-portal | |
| - run: npm run build --if-present | |
| working-directory: ./kraken-app/kraken-app-portal | |
| # some repos don't have unit test now, need to add in future. | |
| - run: CHROME_BIN=$(which chrome) npm run test:coverage -- -u | |
| working-directory: ./kraken-app/kraken-app-portal |