diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml new file mode 100644 index 0000000..a019ebe --- /dev/null +++ b/.github/workflows/build_test.yml @@ -0,0 +1,112 @@ +name: Build and Test Workflow +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize] + workflow_dispatch: + inputs: + PERFORM_RELEASE: + description: '[Release] perform release' + required: false + + +jobs: + check-permission: + runs-on: ubuntu-latest + steps: + # this action will fail the whole workflow if permission check fails + - name: check permission + uses: zowe-actions/shared-actions/permission-check@main + with: + user: ${{ github.actor }} + github-repo: ${{ github.repository }} + github-user: ${{ secrets.ZOWE_ROBOT_USER }} + github-passwd: ${{ secrets.ZOWE_ROBOT_TOKEN }} + + build-test: + runs-on: ubuntu-latest + needs: check-permission + steps: + - name: '[Prep 1] Checkout' + uses: actions/checkout@v2 + + - name: '[Prep 2] Cache node modules' + uses: actions/cache@v2 + with: + # npm cache files are stored in `~/.npm` on Linux/macOS + path: | + ~/.npm + ~/.nvm/.cache + ~/.nvm/versions + key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-build-cache-node-modules- + + - name: '[Prep 3] Setup jFrog CLI' + uses: jfrog/setup-jfrog-cli@v1 + env: + JF_ARTIFACTORY_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }} + + - name: '[Prep 4] Prepare workflow' + uses: zowe-actions/shared-actions/prepare-workflow@main + with: + github-user: ${{ secrets.ZOWE_ROBOT_USER }} + github-password: ${{ secrets.ZOWE_ROBOT_TOKEN }} + github-email: ${{ secrets.ZOWE_ROBOT_EMAIL }} + + - name: '[Prep 5] Setup Node' + uses: actions/setup-node@v2 + with: + node-version: 10.18.1 + + - name: '[Setup] NodeJS project setup' + uses: zowe-actions/nodejs-actions/setup@main + with: + package-name: 'org.zowe.sample-node-api' + install-registry-url: ${{ env.DEFAULT_NPM_PRIVATE_INSTALL_REGISTRY }} + install-registry-email: ${{ secrets.NPM_PRIVATE_REGISTRY_EMAIL }} + install-registry-username: ${{ secrets.NPM_PRIVATE_REGISTRY_USERNAME }} + install-registry-password: ${{ secrets.NPM_PRIVATE_REGISTRY_PASSWORD }} + publish-registry-email: ${{ secrets.NPM_PRIVATE_REGISTRY_EMAIL }} + publish-registry-username: ${{ secrets.NPM_PRIVATE_REGISTRY_USERNAME }} + publish-registry-password: ${{ secrets.NPM_PRIVATE_REGISTRY_PASSWORD }} + + - name: '[Build] Nodejs project build' + run: npm run build + + - name: '[Scan 1] Fix code coverage paths' + working-directory: ./coverage + run: sed -i 's#'$GITHUB_WORKSPACE'#/github/workspace/#g' lcov.info + + - name: '[Scan 2] SonarCloud Scan' + uses: sonarsource/sonarcloud-github-action@master + continue-on-error: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} + sonar.projectVersion: ${{ env.P_VERSION }} + sonar.links.ci: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' + + - name: '[Packaging] Make pax' + uses: zowe-actions/shared-actions/make-pax@main + with: + pax-name: 'sample-node-api' + pax-ssh-username: ${{ secrets.SSH_MARIST_USERNAME }} + pax-ssh-password: ${{ secrets.SSH_MARIST_PASSWORD }} + + - name: '[Publish] Publish' + uses: zowe-actions/shared-actions/publish@main + if: success() + with: + artifacts: .pax/sample-node-api.pax + perform-release: ${{ github.event.inputs.PERFORM_RELEASE }} + + - name: '[Release 1] Release (if necessary)' + if: ${{ success() && github.event.inputs.PERFORM_RELEASE == 'true' && env.IS_RELEASE_BRANCH == 'true' }} + uses: zowe-actions/shared-actions/release@main + + - name: '[Release 2] NPM bump version (if necessary)' + if: ${{ success() && github.event.inputs.PERFORM_RELEASE == 'true' && env.IS_RELEASE_BRANCH == 'true' && env.IS_FORMAL_RELEASE_BRANCH == 'true' && env.PRE_RELEASE_STRING == ''}} + uses: zowe-actions/nodejs-actions/bump-version@main \ No newline at end of file diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml new file mode 100644 index 0000000..1731297 --- /dev/null +++ b/.github/workflows/code_scan.yml @@ -0,0 +1,77 @@ +name: Codescan Workflow +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize] + +jobs: + run-audit: + runs-on: macos-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Setup Node + uses: actions/setup-node@v2 + with: + node-version: 10.18.1 + + - name: Install + run: npm install --no-audit + + - name: Audit + run: npm audit --prod + + run-lint: + runs-on: macos-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Setup Node + uses: actions/setup-node@v2 + with: + node-version: 10.18.1 + + - name: Install + run: npm install --no-audit + + - name: Lint + run: npm run lint + + run-code-ql: + runs-on: macos-latest + timeout-minutes: 20 + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: javascript + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 + + \ No newline at end of file