forked from houdiniproject/houdini
-
Notifications
You must be signed in to change notification settings - Fork 2
107 lines (103 loc) · 3.13 KB
/
code-scanning.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# License: LGPL-3.0-or-later
name: Code scanning
on:
push:
branches:
- main
pull_request:
types: [opened, reopened, synchronize]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
# this version used for running various tools
tool_node_version: "14.x"
tool_ruby_version: "2.7.6"
jobs:
npm-package-download: # this downloads and caches all of the packages. We need this run on main so PRs to main can reuse the cache
name: Download and cache any npm packages
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
node: ["14.x"]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
cache: 'yarn'
- run: yarn install --frozen-lockfile
gem-package-download: # this downloads and caches all of the packages. We need this run on main so PRs to main can reuse the cache
name: Download and cache any gem packages
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
ruby: [2.7.6]
steps:
- uses: actions/checkout@v3
- uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
eslint:
runs-on: ubuntu-latest
needs:
- npm-package-download
name: Run eslint scanning
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
cache: 'yarn'
- run: yarn install --frozen-lockfile
- name: Install eslint formatter
run: |
yarn add @microsoft/[email protected]
- name: Run ESLint
run: yarn eslint
--format @microsoft/eslint-formatter-sarif
--output-file eslint-results.sarif
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: eslint-results.sarif
wait-for-processing: true
rubocop:
name: Run rubocop
needs:
- gem-package-download
runs-on: ubuntu-20.04
permissions:
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Allow adding the code-scanning-rubocop gem
run: bundle config unset deployment
- name: Install Code Scanning integration
run: bundle add code-scanning-rubocop --skip-install
- name: Install dependencies
run: bundle install
- name: Rubocop run
run: |
bash -c "
bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
[[ $? -ne 2 ]]
"
- name: Upload Sarif output
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: rubocop.sarif