Skip to content

Added security guidance (#236) #218

Added security guidance (#236)

Added security guidance (#236) #218

Workflow file for this run

# GitHub Actions workflow
# https://help.github.com/en/actions/automating-your-workflow-with-github-actions
# https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions
# https://help.github.com/en/actions/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions
name: CI-CD
on:
pull_request:
push:
branches: [main]
jobs:
node_tests:
name: Node ${{ matrix.node }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
timeout-minutes: 10
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
node:
- 20
steps:
- name: Checkout source
uses: actions/checkout@v3
- name: Install Node ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Run linter
run: npm run lint
- name: Run TypeScript tests
run: npm run test:typescript
- name: Run Node tests
run: npm run coverage:node
- name: Send code coverage results to Coveralls
uses: coverallsapp/github-action@v1.1.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel: true
coverage:
name: Code Coverage
runs-on: ubuntu-latest
timeout-minutes: 10
needs:
- node_tests
steps:
- name: Let Coveralls know that all tests have finished
uses: coverallsapp/github-action@v1.1.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true
deploy:
name: Publish to NPM
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
timeout-minutes: 10
needs:
- node_tests
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Install Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Publish to NPM
run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Prepare the non-scoped packaged
run: |
cp LICENSE *.md dist
VERSION=$(node -e "console.log(require('./package.json').version)")
sed -i "s/X.X.X/${VERSION}/g" dist/package.json
- name: Publish the non-scoped package to NPM
run: npm publish --provenance --access public
working-directory: dist
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}