-
Notifications
You must be signed in to change notification settings - Fork 1
137 lines (111 loc) · 3.36 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Docs:
# https://help.github.com/en/actions/automating-your-workflow-with-github-actions
name: CI/CD
on:
push:
branches: ["master"]
pull_request:
branches: ["master"]
jobs:
unit:
name: Unit Tests
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
disable-file-monitoring: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
codecov.io:443
github.com:443
objects.githubusercontent.com:443
registry.npmjs.org:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 18.18.2
- name: Install dependencies
run: npm install
- name: Build application
run: npm run build
env:
# Disable warnings due to https://github.com/twbs/bootstrap/pull/36258
CI: "false"
- name: Run unit tests
run: npm test -- --ci --watchAll=false --coverage
- name: "Upload coverage to Codecov"
uses: codecov/[email protected]
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage/coverage-final.json
env_vars: GITHUB_REF,GITHUB_COMMIT,GITHUB_USER,GITHUB_WORKFLOW
fail_ci_if_error: true
verbose: true
env:
GITHUB_REF: ${{ github.ref }}
GITHUB_COMMIT: ${{ github.sha }}
GITHUB_USER: ${{ github.actor }}
GITHUB_WORKFLOW: ${{ github.workflow }}
docker:
name: Build Docker image
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Harden Runner
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
auth.docker.io:443
github.com:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
registry.npmjs.org:443
- name: Checkout source code
uses: actions/checkout@v4
- name: Build Docker image
run: ./bin/build;
- name: Save Docker image
run: |
mkdir images;
docker image save ranger-ims-web:dev | gzip -6 > images/web.tgz;
- name: Upload Docker image artifact
uses: actions/upload-artifact@v4
with:
name: images
path: images
test-docker:
name: Test Docker image
needs: [docker]
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Checkout source code
uses: actions/checkout@v4
- name: Download Docker image artifact
uses: actions/download-artifact@v4
with:
name: images
path: images
- name: Load Docker image
run: gzip --uncompress --stdout images/web.tgz | docker image load;
- name: Test Docker image
run: ./bin/test_docker;