generated from valora-inc/typescript-app-starter
-
Notifications
You must be signed in to change notification settings - Fork 0
124 lines (121 loc) · 3.8 KB
/
workflow.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Workflow
on:
# Run on pushes to main..
push:
branches:
- main
# ..and any pull request.
pull_request:
# Cancel any in progress run of the workflow for a given PR
# This avoids building outdated code
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
check-for-sh:
name: Check for .sh
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: "echo '*** Do not write .sh scripts! ***'; ! find . -type f -name '*.sh' | grep ."
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
check-latest: true
- run: yarn
- run: yarn typecheck
- run: yarn format:check
- run: yarn lint
knip:
name: Knip
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
check-latest: true
- run: yarn
- run: yarn knip
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Auth so e2e tests can access Google services
- id: auth
uses: google-github-actions/auth@v2
with:
# From valora-viem-hsm-test
credentials_json: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }}
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
check-latest: true
- run: yarn
- run: yarn test:ci
- name: Upload Coverage Report
uses: actions/upload-artifact@v4
with:
path: coverage/lcov-report
- name: 'Upload coverage to Codecov'
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
publish:
name: Publish to NPM
if: github.ref == 'refs/heads/main'
needs:
- check-for-sh
- lint
- knip
- test
runs-on: ubuntu-latest
permissions:
contents: write # to be able to publish a GitHub release
issues: write # to be able to comment on released issues
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for npm provenance
steps:
# actions/checkout MUST come before auth
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v2
with:
# From valora-viem-hsm-test
credentials_json: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }}
- id: google-secrets
uses: google-github-actions/get-secretmanager-secrets@v2
with:
# valora-viem-hsm-test service account has access to these specific secrets
secrets: |-
NPM_TOKEN:celo-mobile-mainnet/NPM_TOKEN
SLACK_WEBHOOK_URL:celo-mobile-mainnet/SLACK_ONCALL_WEBHOOK_URL
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
check-latest: true
- run: yarn
- run: yarn build
- run: yarn release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ steps.google-secrets.outputs.NPM_TOKEN }}
- uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: '{workflow} has {status_message}'
message_format: '{emoji} *{workflow}* {status_message}. <{run_url}|View Run>'
footer: 'Repo: <{repo_url}|{repo}>'
notify_when: 'failure'
# Tag @supporthero on failures, can change to any slack group id
mention_groups: 'S0277QUM4KB'
mention_groups_when: 'failure'
env:
SLACK_WEBHOOK_URL: ${{ steps.google-secrets.outputs.SLACK_WEBHOOK_URL }}