Fixes and improvements 08 01 2023 #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check spl-name-service | |
on: | |
push: | |
branches: [main] | |
paths: | |
- 'js/**' | |
pull_request_target: | |
branches: [main] | |
paths: | |
- 'js/**' | |
defaults: | |
run: | |
working-directory: ./js | |
jobs: | |
# We're using "pull_request_target" to allow running CI with secrets against PRs | |
# from forked repositories. Since it's dangerous in combination with "actions/checkout" | |
# we need to check user's write permissions at the very beginning so only | |
# maintainers can actually run CI checks | |
# More info here: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
check-permissions: | |
name: Check permission | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get User Permission | |
id: checkAccess | |
uses: actions-cool/check-user-permission@v2 | |
with: | |
require: write | |
username: ${{ github.triggering_actor }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check User Permission | |
if: steps.checkAccess.outputs.require-result == 'false' | |
run: | | |
echo "${{ github.triggering_actor }} does not have "write" permissions on this repo." | |
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}." | |
echo "Job originally triggered by ${{ github.actor }}." | |
exit 1 | |
prepare-dependencies: | |
name: Prepare local deps | |
needs: check-permissions | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
# Important for forked repositories | |
# This is dangerous without the "check-permissions" job | |
ref: ${{ github.event.pull_request.head.sha }} | |
- id: prepare-env | |
uses: ./.github/actions/prepare-spl-name-service-env | |
- name: Use cache or install dependencies | |
if: steps.prepare-env.outputs.cache-hit != 'true' | |
run: npm ci | |
test: | |
name: Test source code | |
needs: prepare-dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Important for forked repositories | |
# This is dangerous without the "check-permissions" job | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/prepare-spl-name-service-env | |
- name: Make envfile | |
run: | | |
rm .env || true; | |
touch .env; | |
echo "RPC_URL=${{ secrets.RPC_URL }}" >> .env; | |
echo "RPC_URL_DEVNET=${{ secrets.RPC_URL_DEVNET }}" >> .env; | |
- name: Test source code | |
run: npm run test | |
build: | |
name: Build source code | |
needs: prepare-dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Important for forked repositories | |
# This is dangerous without the "check-permissions" job | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/prepare-spl-name-service-env | |
- name: Build source code | |
run: npm run build |