Skip to content

Merge pull request #2 from step-security-bot/stepsecurity_remediation… #4

Merge pull request #2 from step-security-bot/stepsecurity_remediation…

Merge pull request #2 from step-security-bot/stepsecurity_remediation… #4

Workflow file for this run

on: push
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
name: CI
jobs:
eslint:
name: ESLint
runs-on: ubuntu-latest
timeout-minutes: 5
env:
LINT: 1
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- name: Set running flag
run: echo "RUNNING=1" >> $GITHUB_ENV
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: technote-space/get-git-comment-action@452f5ad96363fd079a9a36ac980b943eedf327df # v1.2.3
- uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2
with:
PATTERNS: +(src|__tests__)/**/*.+(js|ts)
FILES: |
yarn.lock
.eslintrc
if: "! contains(env.COMMIT_MESSAGE, '[skip ci]') && ! contains(env.COMMIT_MESSAGE, '[ci skip]')"
- name: Set running flag
run: echo "RUNNING=" >> $GITHUB_ENV
if: "! env.GIT_DIFF"
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
with:
node-version: 16
cache: yarn
if: env.RUNNING
- name: Install Package dependencies
run: yarn install
if: env.RUNNING
- name: Check code style
run: yarn eslint ${{ env.GIT_DIFF_FILTERED }}
if: env.RUNNING && !env.MATCHED_FILES
- name: Check code style
run: yarn lint
if: env.RUNNING && env.MATCHED_FILES
cover:
name: Coverage
needs: eslint
runs-on: ${{matrix.os}}
timeout-minutes: 10
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-22.04, ubuntu-latest, macos-latest]
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- name: Set running flag
run: echo "RUNNING=1" >> $GITHUB_ENV
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: technote-space/get-git-comment-action@452f5ad96363fd079a9a36ac980b943eedf327df # v1.2.3
- uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2
with:
PATTERNS: +(src|__tests__)/**/*.+(js|ts|snap)
FILES: |
yarn.lock
jest.config.js
vite.config.ts
if: "! contains(env.COMMIT_MESSAGE, '[skip ci]') && ! contains(env.COMMIT_MESSAGE, '[ci skip]')"
- name: Set running flag
run: echo "RUNNING=" >> $GITHUB_ENV
if: "! env.GIT_DIFF"
- name: Set running flag
if: "matrix.os == 'ubuntu-latest' && ! startsWith(github.ref, 'refs/tags/') && github.event.base_ref == format('refs/heads/{0}', github.event.repository.default_branch)"
run: echo "RUNNING=1" >> $GITHUB_ENV
- name: Set running flag
if: "matrix.os == 'ubuntu-latest' && ! startsWith(github.ref, 'refs/tags/') && startsWith(github.base_ref, 'refs/heads/develop/v')"
run: echo "RUNNING=1" >> $GITHUB_ENV
- name: Set running flag
if: matrix.os == 'ubuntu-latest' && startsWith(github.ref, 'refs/tags/v')
run: echo "RUNNING=1" >> $GITHUB_ENV
- name: Set running flag
run: |
if [[ ! -f package.json ]] || ! < package.json jq -r '.scripts | keys[]' | grep -qe '^cover$'; then
echo "RUNNING=" >> $GITHUB_ENV
fi
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
with:
node-version: 16
cache: yarn
if: env.RUNNING
- name: Install Package dependencies
run: yarn install
if: env.RUNNING
- name: Run tests
run: yarn cover
if: env.RUNNING
- name: Codecov
run: |
if [ -n "$CODECOV_TOKEN" ]; then
curl -s https://codecov.io/bash | bash -s -- -t $CODECOV_TOKEN -f $COVERAGE_FILE
fi
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
COVERAGE_FILE: ./coverage/lcov.info
if: env.RUNNING && matrix.os == 'ubuntu-latest'
slack:
name: Slack
runs-on: ubuntu-latest
timeout-minutes: 3
if: always()
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: technote-space/workflow-conclusion-action@82dd67fd29a53f18f33a99e0bbfb138318a80dcd # gh-actions
- uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2
with:
status: failure
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: env.WORKFLOW_CONCLUSION == 'failure' && env.SLACK_WEBHOOK_URL