Build #2195
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) Microsoft Corporation. | |
# Licensed under the MIT License. | |
--- | |
name: Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
merge_group: | |
types: | |
- checks_requested | |
schedule: | |
- cron: 0 0 * * 1 | |
workflow_dispatch: null | |
permissions: {} | |
jobs: | |
update-code: | |
name: Update Code | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ github.HEAD_REF }} | |
# Fine-grained Personal Access Token (PAT) with the following permissions for microsoft/PR-Metrics: | |
# - Read access to Metadata | |
# - Read and Write access to Code (aka Contents) | |
token: ${{ secrets.BUILD_UPDATE_CODE_CHECKOUT }} | |
- name: Install Node.js | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: 20.14.0 | |
- name: npm – Install Dependencies | |
run: npm ci | |
- name: npm – Lint | |
run: npm run lint | |
- name: npm – Build Package | |
run: npm run build:package | |
- name: Git – Add Changed Files | |
run: git add -A | |
- name: Detect Changes | |
id: detect-changes | |
shell: pwsh | |
run: |- | |
$GitStatus = git status | |
Write-Output -InputObject $GitStatus | |
$NoChangesPresent = $GitStatus.Contains("nothing to commit, working tree clean") | |
Write-Output -InputObject $NoChangesPresent | |
Write-Output -InputObject "NO_CHANGES_PRESENT=$NoChangesPresent" >> $Env:GITHUB_OUTPUT | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Set Name | |
run: git config --global user.name "github-actions[bot]" | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Set Email | |
run: git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Commit Changed Files | |
run: git commit -m "Fixing linting, Updating dist folder" | |
- if: ${{ steps.detect-changes.outputs.NO_CHANGES_PRESENT == 'False' }} | |
name: Git – Push Changed Files | |
run: git push | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Install Node.js | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: 20.14.0 | |
- name: npm – Install Dependencies | |
run: npm ci | |
- name: npm – Test Clean | |
run: npm run clean | |
- name: npm – Build | |
run: npm run build | |
- name: npm – Test | |
run: npm run test | |
- name: Release – Create | |
run: npx tfx-cli extension create --manifest-globs vss-extension.json --output-path ../ms-omex.PRMetrics.vsix | |
working-directory: ${{ github.workspace }}/release | |
- name: Release – Upload | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: PRMetrics | |
path: ${{ github.workspace }}/ms-omex.PRMetrics.vsix | |
test-github-action: | |
name: Test GitHub Action | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
statuses: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 0 | |
- name: PR Metrics | |
uses: ./ | |
env: | |
PR_METRICS_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
file-matching-patterns: | | |
**/* | |
!dist/* | |
!package-lock.json | |
validate: | |
name: Validate | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Validate Markdown Links | |
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # 1.0.15 | |
with: | |
config-file: .github/linters/markdown-link-check.json | |
- name: Initialize | |
uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 | |
with: | |
build-mode: none | |
config-file: .github/linters/codeql.yml | |
languages: javascript-typescript | |
queries: security-extended,security-and-quality | |
- name: Analyze | |
uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 | |
with: | |
category: TypeScript | |
validate-linter: | |
name: Validate – Linter | |
runs-on: ubuntu-latest | |
permissions: | |
statuses: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 0 | |
- name: Super Linter | |
uses: github/super-linter@4e51915f4a812abf59fed160bb14595c0a38a9e7 # v6 | |
env: | |
EDITORCONFIG_FILE_NAME: ../../.editorconfig | |
FILTER_REGEX_EXCLUDE: .*dist/.* | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITLEAKS_CONFIG_FILE: gitleaks.toml | |
MARKDOWN_CONFIG_FILE: ../../.markdownlint.json | |
VALIDATE_JAVASCRIPT_STANDARD: false | |
VALIDATE_JSON: false | |
VALIDATE_TYPESCRIPT_ES: false | |
VALIDATE_TYPESCRIPT_STANDARD: false | |
dependabot: | |
if: ${{ github.actor == 'dependabot[bot]' }} | |
name: Dependabot | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Enable Auto-Merge | |
run: gh pr merge --auto --delete-branch --squash "${{ github.event.pull_request.html_url }}" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
... |