Update workflow to do release and added overview.md to listing

underrobyn · Jan 3, 2024 · 456d841 · 456d841
1 parent e9ed19f
commit 456d841
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 3 deletions.
diff --git a/.github/workflows/build-tfx.yml b/.github/workflows/build-tfx.yml
@@ -1,5 +1,8 @@
 name: Build
 
+env:
+  TFX_VERSION: "0.16.0"
+
 on:
   push:
     branches:
@@ -45,6 +48,9 @@ jobs:
           
           echo -e "New versions are ->\n\tDev: 0.$updated_version\n\tProd: $updated_version"
 
+      - name: Copy Files
+        run: cp $GITHUB_WORKSPACE/README.md $GITHUB_WORKSPACE/src/overview.md
+
       - name: Install
         run: npm install
         working-directory: '${{ github.workspace }}/src'
@@ -54,7 +60,7 @@ jobs:
         working-directory: '${{ github.workspace }}/src'
 
       - name: Install tfx-cli
-        run: npm i -g tfx-cli@0.16.0
+        run: npm i -g tfx-cli@$TFX_VERSION
 
       - name: Package (Dev)
         run: >
@@ -76,4 +82,40 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           path: ${{ github.workspace }}/builds/*
-          name: 'task-build-${{ github.run_number }}'
+          name: dependabot-fail-task
+
+  Publish:
+    runs-on: ubuntu-latest
+    needs: [ Build ]
+
+    steps:
+      - name: Use Node.js 18.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18.x'
+
+      - name: Download Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: dependabot-fail-task
+
+      - name: Install tfx-cli
+        run: npm i -g tfx-cli@$TFX_VERSION
+
+      # Docs: https://learn.microsoft.com/en-us/azure/devops/extend/publish/command-line?view=azure-devops
+      - name: Publish (Dev)
+        if: github.ref == 'refs/heads/main'
+        run: >
+          tfx extension publish
+          --vsix $GITHUB_WORKSPACE/dev/*.vsix
+          --auth-type pat
+          --token ${{ secrets.AZURE_DEVOPS_PAT }}
+          --share-with robyn-zip-testing
+
+      - name: Publish (Prod)
+        if: startsWith(github.ref, 'refs/tags/')
+        run: >
+          tfx extension publish
+          --vsix $GITHUB_WORKSPACE/prod/*.vsix
+          --auth-type pat
+          --token ${{ secrets.AZURE_DEVOPS_PAT }}
diff --git a/README.md b/README.md
@@ -1,3 +1,29 @@
 # dependabot-fail-task
 
-![Logo](src/images/dependabot-fail-task.png)
+Dependabot Fail Task for Azure Pipelines will fail a pipeline if any Dependabot alerts are detected on the repository.
+
+```yml
+- task: DependabotFailTask@1
+  displayName: Check Dependabot 🤖
+  inputs:
+    auditMode: false
+    failOnError: true
+    failSeverity: 'low'
+    githubServiceConnection: 'DependabotConnection-OAuth'
+```
+
+## Options
+
+| Input Name              | Type    | Default    | Description                                                                                                                                     |
+|-------------------------|---------|------------|-------------------------------------------------------------------------------------------------------------------------------------------------|
+| auditMode               | boolean | `false`    | Causes the task to return a warning when alerts are detected instead of failing the pipeline. Useful for testing the task before enabling it.   |
+| enterpriseServerUrl     | string  | `null`     | If you use GitHub Enterprise Server then you can specify your API base URL here. If you use Enterprise cloud, ignore this setting.              |
+| failOnError             | boolean | `true`     | Causes the task to fail on any error, for example if GitHub API fails or any similar issue.                                                     |
+| failSeverity            | string  | `critical` | Fails pipeline when alerts are detect at or above this severity level.                                                                          |
+| gitHubServiceConnection | string  | `null`     | Used to connect to GitHub API for Dependabot data. Must have correct permissions! (See *)                                                       |
+| githubToken             | string  | `null`     | GitHub token used for connecting to GitHub API, please use a secure variable if you're using this option! Must have correct permissions (see *) |
+
+If you do not wish to specify the GitHub Token via either of the two above methods then you can also specify the environment variable: `GITHUB_TOKEN`
+which will be picked up if either of the first two options are not found.
+
+* - Please see docs/generate-token.md for more information on generating a token for use.