CI #238
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: 'CI' | |
| on: | |
| schedule: | |
| - cron: '0 10 * * *' | |
| push: | |
| branches: ['*'] | |
| pull_request: | |
| types: [opened, synchronize] | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| name: Lint codebase | |
| outputs: | |
| pre-commit: ${{ steps.linter.outcome }} | |
| if: ${{ github.event_name != 'schedule' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@v16 | |
| with: | |
| extra-conf: | | |
| accept-flake-config = true | |
| diagnostic-endpoint: '' | |
| - name: Nix cache | |
| uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Run linters via pre-commit | |
| id: linter | |
| run: nix develop -c pre-commit run --all-files | |
| test: | |
| runs-on: ubuntu-24.04 | |
| name: Run tests | |
| if: ${{ github.event_name != 'schedule' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Nx stuff | |
| uses: nrwl/nx-set-shas@v4 | |
| - name: Run test | |
| run: pnpm exec nx run-many --target=build --all | |
| build: | |
| runs-on: ubuntu-24.04 | |
| name: Build the project | |
| if: ${{ github.event_name != 'schedule' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build the project | |
| run: pnpm exec nx run-many --target=build --all | |
| scan: | |
| runs-on: ubuntu-24.04 | |
| name: Scan for vulnerabilities | |
| steps: | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| exit-code: '1' | |
| format: 'table' | |
| ignore-unfixed: true | |
| scan-ref: '.' | |
| scan-type: 'repo' | |
| severity: 'CRITICAL,HIGH' | |
| skip-dirs: '/root/.local/share/pnpm/store' | |
| timeout: 20m0s | |
| env: | |
| TRIVY_DISABLE_VEX_NOTICE: true | |
| TRIVY_SKIP_DB_UPDATE: true | |
| TRIVY_SKIP_JAVA_DB_UPDATE: true | |
| check_deps: | |
| runs-on: ubuntu-24.04 | |
| name: Check for new dependencies | |
| if: ${{ github.event_name == 'pull_request' }} | |
| steps: | |
| - name: Check for new dependencies | |
| uses: hiwelo/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| publish-docs: | |
| runs-on: ubuntu-24.04 | |
| name: Deploy to Cloudflare Pages | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build the documentation | |
| run: pnpx nx build docs | |
| - name: Deploy to Cloudflare Pages | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/main') | |
| uses: cloudflare/wrangler-action@v3 | |
| with: | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| command: pages deploy --branch dev | |
| packageManager: pnpm | |
| - name: Deploy to Cloudflare Pages | |
| if: ${{ github.event_name == 'pull_request' }} | |
| id: deploy | |
| uses: cloudflare/wrangler-action@v3 | |
| with: | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| command: pages deploy --branch ${{ github.ref_name }} | |
| packageManager: pnpm | |
| - name: Comment on pull request | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: thollander/actions-comment-pull-request@v3 | |
| with: | |
| message: | | |
| The documentation has been deployed to Cloudflare Pages :rocket: | |
| You can view the deployment here: | |
| - [${{ steps.deploy.outputs.deployment-url }}](${{ steps.deploy.outputs.deployment-url }}) | |
| - [${{ steps.deploy.outputs.pages-deployment-alias-url }}](${{ steps.deploy.outputs.pages-deployment-alias-url }}) | |
| organize: | |
| runs-on: ubuntu-24.04 | |
| name: Some housekeeping | |
| permissions: | |
| pull-requests: write | |
| needs: lint | |
| if: needs.lint.outputs.pre-commit == 'failure' && github.event_name == 'pull_request' | |
| steps: | |
| - name: Add comment | |
| if: needs.lint.outputs.pre-commit == 'failure' && github.event_name == 'pull_request' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: "Thank you for contributing to garuda-ng! Please run 'pnpm format' and 'pnpm lint' on your code before submitting a pull request. Afterwards, please force push your changes." | |
| }) |