Fix scorecard CICD #1863
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'CICD pipeline' | |
| on: | |
| push: | |
| branches: '*' | |
| pull_request: | |
| branches: '*' | |
| permissions: read-all | |
| jobs: | |
| Build: | |
| permissions: | |
| contents: write | |
| runs-on: blacksmith-4vcpu-ubuntu-2204 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Build from src | |
| uses: useblacksmith/setup-node@65c6ca86fdeb0ab3d85e78f57e4f6a7e4780b391 # v5.0.4 | |
| with: | |
| node-version: '22.x' | |
| - run: yarn install --frozen-lockfile | |
| - run: yarn build-only | |
| - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - run: tar -cvf node_modules.tar node_modules | |
| - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: node_modules | |
| path: node_modules.tar | |
| test_node: | |
| permissions: | |
| contents: read | |
| needs: Build | |
| runs-on: blacksmith-4vcpu-ubuntu-2204 | |
| strategy: | |
| matrix: | |
| node-version: [16.x, 18.x, 20.x, 22.x, 23.x, latest] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Run prod version with Node v${{ matrix.node-version }} | |
| uses: useblacksmith/setup-node@65c6ca86fdeb0ab3d85e78f57e4f6a7e4780b391 # v5.0.4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd # master | |
| with: | |
| name: dist | |
| path: dist/ | |
| - uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd # master | |
| with: | |
| name: node_modules | |
| path: ./ | |
| - run: tar -xvf node_modules.tar | |
| - run: yarn test-only | |
| test_browser: | |
| permissions: | |
| contents: read | |
| needs: Build | |
| runs-on: blacksmith-4vcpu-ubuntu-2204 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd # master | |
| with: | |
| name: dist | |
| path: dist/ | |
| - run: echo '::warning ::Not able to automate browser tests yet' | |
| - run: '# yarn test-browser-ci' |