-
Notifications
You must be signed in to change notification settings - Fork 4
146 lines (115 loc) · 3.58 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# GitHub Actions docs
# https://help.github.com/en/articles/about-github-actions
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
name: CI
on:
# Trigger the workflow on push or pull request,
# but only for the master branch
push:
branches:
- master
pull_request:
branches:
- master
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint-typescript:
name: Lint application code
runs-on: ubuntu-latest
steps:
- name: Make checkout
uses: actions/[email protected]
- name: Use Node.js 23.5.0
uses: actions/[email protected]
with:
node-version: 23.5.0
- name: Install dependencies
run: yarn install
- name: Run `yarn lint:ts`
run: yarn lint:ts
lint-scss:
name: Lint application SCSS files
runs-on: ubuntu-latest
steps:
- name: Make checkout
uses: actions/[email protected]
- name: Use Node.js 23.5.0
uses: actions/[email protected]
with:
node-version: 23.5.0
- name: Install dependencies
run: yarn install
- name: Run `yarn lint:scss`
run: yarn lint:scss
lint-documentation:
name: Lint documentation files
runs-on: ubuntu-latest
steps:
- name: Make checkout
uses: actions/[email protected]
- name: Lint `./README.md`
uses: avto-dev/[email protected]
with:
config: './markdown-lint.yml'
args: './README.md'
- name: Lint all the resource docs under `./doc/` directory
uses: avto-dev/[email protected]
with:
config: './markdown-lint.yml'
args: './doc/*.md'
check-translations:
name: Check that translations are up-to-date
runs-on: ubuntu-latest
steps:
- name: Make checkout
uses: actions/[email protected]
- name: Use Node.js 23.5.0
uses: actions/[email protected]
with:
node-version: 23.5.0
- name: Install dependencies
run: yarn install
- name: Run `yarn run extract-translations && git diff --exit-code`
run: yarn run extract-translations && git diff --exit-code
check-untranslated-text-tags:
name: Check that there are no untranslated text tags
runs-on: ubuntu-latest
steps:
- name: Make checkout
uses: actions/[email protected]
- name: Use Node.js 23.5.0
uses: actions/[email protected]
with:
node-version: 23.5.0
- name: Install dependencies
run: yarn install
- name: Run `yarn run check-translations`
run: yarn run check-translations
build:
name: Build application Docker image
runs-on: ubuntu-latest
needs:
- lint-typescript
- lint-scss
- lint-documentation
- check-translations
- check-untranslated-text-tags
steps:
- name: Make checkout
uses: actions/[email protected]
- name: Set tag var
id: vars
run: echo "DOCKER_TAG=$(echo ${GITHUB_REF} | sed -r 's/[\/()\.]+/_/g')-${GITHUB_SHA}" >> $GITHUB_OUTPUT
- name: Build the Docker image
run: docker build . --file Dockerfile --tag angular-ngrx-frontend:${{ steps.vars.outputs.DOCKER_TAG }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: 'angular-ngrx-frontend:${{ steps.vars.outputs.DOCKER_TAG }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'