-
Notifications
You must be signed in to change notification settings - Fork 2
140 lines (131 loc) · 3.79 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: CI
on:
workflow_dispatch:
push:
branches:
- master
- alpha
pull_request:
types:
- assigned
- opened
- synchronize
- reopened
jobs:
lint:
name: Linting
runs-on: ubuntu-latest
env:
CI: true
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
- uses: actions/setup-node@v3
with:
node-version: '18.x'
cache: 'yarn'
- name: install dependencies
run: yarn --frozen-lockfile
- name: lint
run: yarn lint
build:
name: Building
runs-on: ubuntu-latest
env:
CI: true
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
- uses: actions/setup-node@v3
with:
node-version: '18.x'
cache: 'yarn'
- name: install dependencies
run: yarn --frozen-lockfile
- name: build
run: yarn build
test:
name: Testing
runs-on: ubuntu-latest
env:
CI: true
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
- uses: actions/setup-node@v3
with:
node-version: '18.x'
cache: 'yarn'
- name: install dependencies
run: yarn --frozen-lockfile
- name: test
run: yarn test:cov
release:
name: Building and releasing project
runs-on: ubuntu-latest
needs: [lint, build, test]
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
fetch-depth: 1
- uses: actions/setup-node@v3
with:
node-version: '18.x'
cache: 'yarn'
- name: install dependencies
run: yarn --frozen-lockfile
- name: Setup SSH signing key
run: |
echo "$SSH_KEY_PRIVATE" | tr -d '\r' > /tmp/id_ed25519
echo $SSH_KEY_PUBLIC > /tmp/id_ed25519.pub
chmod 600 /tmp/id_ed25519
eval "$(ssh-agent -s)"
ssh-add /tmp/id_ed25519
git config --global gpg.format ssh
git config --global commit.gpgsign true
git config --global user.signingkey /tmp/id_ed25519.pub
mkdir -p ~/.config/git
echo "${{ vars.RB_EMAIL }} $SSH_KEY_PUBLIC" > ~/.config/git/allowed_signers
git config --global gpg.ssh.allowedSignersFile ~/.config/git/allowed_signers
shell: bash
env:
SSH_KEY_PRIVATE: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KEY_PUBLIC: ${{ vars.SSH_PUBLIC_KEY }}
- name: release
env:
GH_TOKEN: ${{ secrets.GH_RELEASE_BOT_PAT }}
GIT_AUTHOR_NAME: ${{ vars.RB_NAME }}
GIT_AUTHOR_EMAIL: ${{ vars.RB_EMAIL }}
GIT_COMMITTER_NAME: ${{ vars.RB_COMMITTER_NAME }}
GIT_COMMITTER_EMAIL: ${{ vars.RB_COMMITTER_EMAIL }}
run: yarn semantic-release
- name: Clear SSH key
run: |
shred /tmp/id_ed25519
check-fast-forward:
name: Check if fast forwarding is possible
runs-on: ubuntu-latest
needs: [lint, build, test]
if: github.event_name == 'pull_request'
permissions:
contents: read
# We appear to need write permission for both pull-requests and
# issues in order to post a comment to a pull request.
pull-requests: write
issues: write
steps:
- name: Checking if fast forwarding is possible
uses: sequoia-pgp/fast-forward@v1
with:
merge: false
# To reduce the workflow's verbosity, use 'on-error'
# to only post a comment when an error occurs, or 'never' to
# never post a comment. (In all cases the information is
# still available in the step's summary.)
comment: never
# TODO @polymath-eric: add SonarCloud step when the account confusion is sorted