Skip to content

Merge pull request #300 from volkswagen/dependabot/npm_and_yarn/husky… #812

Merge pull request #300 from volkswagen/dependabot/npm_and_yarn/husky…

Merge pull request #300 from volkswagen/dependabot/npm_and_yarn/husky… #812

Workflow file for this run

name: Test
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
unit-test:
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 2
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm ci
- run: npm test
security-test:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
with:
languages: 'javascript'
- uses: github/codeql-action/analyze@v3
license-scan:
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- run: npm ci
- uses: blackducksoftware/[email protected]
with:
version: 7
blackduck.url: ${{ secrets.BLACKDUCK_URL }}
blackduck.api.token: ${{ secrets.BLACKDUCK_API_TOKEN }}
args: >
--blackduck.trust.cert=true
--detect.project.tags=WEK
--detect.policy.check.fail.on.severities="BLOCKER"
--detect.npm.include.dev.dependencies=false
--detect.detector.search.exclusion=dist,coverage,node_modules
release:
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
needs: [unit-test, security-test, license-scan]
steps:
- id: authentication
uses: volkswagen/github-app-authentication-action@main
with:
appId: ${{ secrets.APP_ID }}
clientId: ${{ secrets.CLIENT_ID }}
clientSecret: "ANY" # for compatibility testing with old version that required this
privateKey: ${{ secrets.PRIVATE_KEY }}
installationId: ${{ secrets.INSTALLATION_ID }}
- uses: actions/checkout@v4
with:
token: ${{ steps.authentication.outputs.token }} # for pushing to protected branch
- name: Publish new version
run: |
git config --global user.email "[email protected]"
git config --global user.name "Release Bot"
git tag -fa v1 -m "Update v1 tag"
git push origin v1 --force