-
Notifications
You must be signed in to change notification settings - Fork 2
163 lines (143 loc) · 5.44 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
name: CI
on:
pull_request:
branches: [main]
types: [opened, synchronize, reopened]
pull_request_target:
types: [closed]
jobs:
setup:
runs-on: ubuntu-latest
outputs:
package-lock-hash: ${{ runner.os }}-repo-${{ steps.hash.outputs.hash }}
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "22"
- name: Install dependencies
run: npm ci
- name: Calculate package-lock.json hash
id: hash
run: echo "hash=$(sha256sum package-lock.json | awk '{ print $1 }')" >> "$GITHUB_OUTPUT"
- name: Cache repository
uses: actions/cache@v4
with:
path: .
key: ${{ runner.os }}-repo-${{ steps.hash.outputs.hash }}
package:
runs-on: ubuntu-latest
needs: setup
steps:
- name: Restore repository cache
uses: actions/cache@v4
with:
path: .
key: ${{ needs.setup.outputs.package-lock-hash }}
fail-on-cache-miss: true
- name: Install vsce
run: npm install -g vsce
- name: Get latest tag
run: |
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "0.0.0")
echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
- name: Get latest commit
run: |
LAT_COMMIT=${{ github.event.pull_request.head.sha }}
echo "LAT_COMMIT=$LAT_COMMIT" >> $GITHUB_ENV
- name: Update version in package.json
run: |
jq ".version = \"$LATEST_TAG+$LAT_COMMIT-review\"" package.json > package.tmp.json
mv package.tmp.json package.json
shell: bash
- name: Verify updated package.json
run: cat package.json
- name: Package VS Code Extension
run: vsce package
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
SENTRY_URL: ${{ secrets.SENTRY_URL }}
- name: Upload VSIX artifact
uses: actions/upload-artifact@v4
with:
name: vsce-package
path: "*.vsix"
retention-days: 10
test:
runs-on: ubuntu-latest
needs: setup
env:
NODE_ENV: test
steps:
- name: Restore repository cache
uses: actions/cache@v4
with:
path: .
key: ${{ needs.setup.outputs.package-lock-hash }}
fail-on-cache-miss: true
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libasound2 libgbm1 libgtk-3-0 libnss3 xvfb
- name: Run tests
run: xvfb-run -a npm run test
- name: Upload coverage
uses: actions/upload-artifact@v4
with:
name: coverage
path: coverage/
retention-days: 10
if-no-files-found: warn
compression-level: 6
overwrite: false
include-hidden-files: false
cleanup:
runs-on: ubuntu-latest
needs: [setup, package]
if: always()
steps:
- name: Cleanup
run: npm cache clean --force
- name: Delete GitHub Actions cache
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
CACHE_KEY="${{ needs.setup.outputs.package-lock-hash }}"
if [ -n "$CACHE_KEY" ]; then
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token $GH_TOKEN" \
"https://api.github.com/repos/${{ github.repository }}/actions/caches?key=$CACHE_KEY"
echo "Cache deleted successfully"
else
echo "No matching cache found"
fi
delete-branch:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Delete branch
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
BRANCH_REF=${{ github.event.pull_request.head.ref }}
REPO=${{ github.repository }}
if [ "$BRANCH_REF" != "main" ]; then
curl -X DELETE -H "Authorization: token $GH_TOKEN" \
"https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_REF"
echo "Branch '$BRANCH_REF' deleted successfully"
else
echo "Main branch not deleted"
fi
vulnerabilities-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: debricked/actions@v4
env:
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}