This repository has been archived by the owner on Dec 30, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
167 lines (150 loc) · 5.74 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow
---
# NOTE: CI -> Continuous Integration
# NOTE: CD -> Continuous Deployment
name: CI & CD
on:
pull_request:
branches: ["*"]
push:
branches: [main]
workflow_dispatch:
inputs:
reason:
description: Reason of re-running this workflow
required: false
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.sha }}
cancel-in-progress: true
defaults:
run:
shell: bash
env:
CI: true
jobs:
lint_depcheck:
# Analyze dependencies usage in package.json files
name: Lint
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/nodejs-script.yml
uses: terminal-nerds/.github/.github/workflows/nodejs-script.yml@main
with:
job-name: depcheck
step-name: Lint dependencies with depcheck
run: pnpm turbo run lint:deps
lint_eslint:
# Analyze the JavaScript codebase
name: Lint
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/nodejs-script.yml
uses: terminal-nerds/.github/.github/workflows/nodejs-script.yml@main
with:
job-name: ESLint
step-name: Lint with ESLint
# https://eslint.org/docs/user-guide/command-line-interface
run: pnpm turbo run lint:js
lint_markdownlint:
# Analyze the markdownlint files
name: Lint
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/nodejs-script.yml
uses: terminal-nerds/.github/.github/workflows/nodejs-script.yml@main
with:
job-name: markdownlint
step-name: Lint with markdownlint
# https://github.com/igorshubovych/markdownlint-cli#usage
run: pnpm turbo run lint:md
lint_prettier:
# Analyze the code format style
name: Lint
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/nodejs-script.yml
uses: terminal-nerds/.github/.github/workflows/nodejs-script.yml@main
with:
job-name: Prettier
step-name: Lint the code format with "pretty-quick"
# https://github.com/azz/pretty-quick#usage
run: pnpm turbo run lint:format
lint_syncpack:
# Analyze the package.json files to find dependencies mismatches
name: Lint
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/nodejs-script.yml
uses: terminal-nerds/.github/.github/workflows/nodejs-script.yml@main
with:
job-name: syncpack
step-name: Lint package.json file(s) with syncpack
# https://github.com/JamieMason/syncpack
run: pnpm turbo run lint:pkg
security_codeql:
if: github.ref_name == 'main'
name: Security
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/codeql.yml
uses: terminal-nerds/.github/.github/workflows/codeql.yml@main
security_git-guardian:
if: github.ref_name == 'main'
name: Security
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/git-guardian.yml
uses: terminal-nerds/.github/.github/workflows/git-guardian.yml@main
secrets:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
# security_snyk:
# if: github.ref_name == 'main'
# name: Security
# # https://github.com/terminal-nerds/.github/blob/main/.github/workflows/snyk.yml
# uses: terminal-nerds/.github/.github/workflows/snyk.yml@main
# secrets:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
build:
name: Build
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/build.yml
uses: terminal-nerds/.github/.github/workflows/build.yml@main
with:
artifact-path: |
./packages/*/dist/
./scripts/*/dist/
artifact-upload: true
include: "./packages/*/dist/**/*.{js,cjs,json}"
script-build: build:pkgs
test:
name: Test
needs: [build]
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/test.yml
uses: terminal-nerds/.github/.github/workflows/test.yml@main
with:
job-name: Unit
script-test: pnpm test:unit
upload-coverage: true
coverage:
name: Coverage
needs: [test]
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/coverage.yml
uses: terminal-nerds/.github/.github/workflows/coverage.yml@main
secrets:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
scan:
name: Scan
needs: [test]
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/sonar-cloud.yml
uses: terminal-nerds/.github/.github/workflows/sonar-cloud.yml@main
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
sonar-project-key: terminal-nerds_snippets
release:
# prettier-ignore
name: Release
needs: [
security_codeql,
security_git-guardian,
# security_snyk,
lint_depcheck,
lint_eslint,
lint_markdownlint,
lint_prettier,
lint_syncpack,
build,
test,
coverage,
scan
]
# https://github.com/terminal-nerds/.github/blob/main/.github/workflows/release.yml
uses: terminal-nerds/.github/.github/workflows/release.yml@main
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}