-
-
Notifications
You must be signed in to change notification settings - Fork 1
116 lines (99 loc) · 4.39 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
name: "Tests"
on: # yamllint disable-line rule:truthy
push:
branches:
- "main"
# eslint-disable-next-line yml/no-empty-mapping-value
pull_request: # yamllint disable-line rule:empty-values
concurrency:
group: "ci-tests-${{ github.ref }}-1"
cancel-in-progress: true
permissions:
contents: "read" # to fetch code (actions/checkout)
jobs:
files-changed:
name: "Detect what files changed"
runs-on: "ubuntu-22.04"
timeout-minutes: 3
# Map a step output to a job output
outputs:
packages: "${{ steps.changes.outputs.packages }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744" # v3.6.0
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- name: "Check for file changes"
uses: "dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50" # v2.11.1
id: "changes"
with:
token: "${{ github.token }}"
filters: ".github/file-filters.yml"
test:
if: "needs.files-changed.outputs.packages == 'true'"
needs: "files-changed"
strategy:
matrix:
os: ["ubuntu-latest", "macos-latest"]
node_version: ["18", "20.6.1", "latest"]
fail-fast: false
name: "Test (node-${{ matrix.node_version }}, ${{ matrix.os }})"
runs-on: "${{ matrix.os }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744" # v3.6.0
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- uses: "pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598" # v2.4.0
with:
run_install: false
- name: "Set node version to ${{ matrix.node_version }}"
uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0
with:
node-version: "${{ matrix.node_version }}"
cache: "pnpm"
- name: "Check npm version"
run: "npm -v"
env:
SKIP_CHECK: "true"
- name: "Install packages"
run: "pnpm install --frozen-lockfile"
env:
SKIP_CHECK: "true"
- name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
run: "pnpm audit signatures"
- name: "test and coverage"
run: "pnpm run test:coverage"
# This check runs once all dependant jobs have passed
# It symbolizes that all required Frontend checks have succesfully passed (Or skipped)
# This check is the only required Github check
test-required-check:
needs: ["files-changed", "test"]
name: "Check Test Run"
# This is necessary since a failed/skipped dependent job would cause this job to be skipped
if: "always()"
runs-on: "ubuntu-22.04"
steps:
# If any jobs we depend on fail, we will fail since this is a required check
# NOTE: A timeout is considered a failure
- name: "Harden Runner"
uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1
with:
egress-policy: "audit"
- name: "Check for failures"
if: "contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')"
run: |
echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1