-
Notifications
You must be signed in to change notification settings - Fork 453
143 lines (128 loc) · 4.55 KB
/
pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: "PR Checks"
on:
pull_request:
types: [opened, synchronize, edited, closed, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
validate-title:
name: Validate PR Title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
check-packages-changed:
name: Assign project changed
runs-on: ubuntu-latest
outputs:
changed: ${{ steps.packages-changed.outputs.any_changed }}
steps:
- uses: actions/checkout@v4
- name: Check external packages changes
id: packages-changed
uses: tj-actions/changed-files@v22.2
with:
files: |
**/packages/app/**
**/packages/types/**
**/packages/react/**
validate-changeset:
name: Validate PR Changeset
needs: check-packages-changed
if: ${{ github.head_ref != 'changeset-release/master' && needs.check-packages-changed.outputs.changed == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extract pnpm version from .tool-versions
id: get_pnpm
run: |
PNPM_VERSION=$(grep '^pnpm' .tool-versions | awk '{print $2}')
echo "PNPM_VERSION=${PNPM_VERSION}" >> $GITHUB_ENV
- name: CI Setup
uses: FuelLabs/github-actions/setups/node@58bcd91d7246e40938e1971be0b0fe35b253dff0
with:
node-version: 20.11.0
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Validate Changeset
run: pnpm changeset status --since=origin/${{ github.base_ref }}
audit:
name: Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Extract pnpm version from .tool-versions
id: get_pnpm
run: |
PNPM_VERSION=$(grep '^pnpm' .tool-versions | awk '{print $2}')
echo "PNPM_VERSION=${PNPM_VERSION}" >> $GITHUB_ENV
- uses: FuelLabs/github-actions/setups/node@master
with:
node-version: 20.11.0
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Install jq
run: sudo apt-get install jq
- run: |
pnpm audit --prod --json | jq '
.advisories | to_entries |
map(select(.value.patched_versions != "<0.0.0" and .value.severity == "critical") | {package: .value.module_name, vulnerable: .value.vulnerable_versions, fixed_in: .value.patched_versions})
' > audit_fix_packages.json
if [ "$(jq 'length' audit_fix_packages.json)" -gt "0" ]; then
echo "Actionable vulnerabilities found in the following packages:"
jq -r '.[] | "\u001b[1m\(.package)\u001b[0m vulnerable in \u001b[31m\(.vulnerable)\u001b[0m fixed in \u001b[32m\(.fixed_in)\u001b[0m"' audit_fix_packages.json | while read -r line; do echo -e "$line"; done
echo "Please run \`pnpm --prod --fix\`"
exit 1
else
echo "No actionable vulnerabilities"
exit 0
fi
strict-audit:
name: Strict Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Extract pnpm version from .tool-versions
id: get_pnpm
run: |
PNPM_VERSION=$(grep '^pnpm' .tool-versions | awk '{print $2}')
echo "PNPM_VERSION=${PNPM_VERSION}" >> $GITHUB_ENV
- uses: FuelLabs/github-actions/setups/node@master
with:
node-version: 20.11.0
pnpm-version: ${{ env.PNPM_VERSION }}
- run: pnpm audit --prod
lint:
name: Lint
runs-on: ubuntu-latest
permissions:
checks: write
pull-requests: write
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Extract pnpm version from .tool-versions
id: get_pnpm
run: |
PNPM_VERSION=$(grep '^pnpm' .tool-versions | awk '{print $2}')
echo "PNPM_VERSION=${PNPM_VERSION}" >> $GITHUB_ENV
- name: Setup Node
uses: FuelLabs/github-actions/setups/node@master
with:
node-version: 20.11.0
pnpm-version: ${{ env.PNPM_VERSION }}
- name: Run lint
run: |
pnpm ts:check
pnpm lint:ci
docs:
name: Docs
uses: FuelLabs/github-actions/.github/workflows/next-docs.yml@master
with:
doc-folder-path: "packages/docs/docs"
src-folder-path: "packages/docs/src"
spellcheck-config-path: "packages/docs/.spellcheck.yml"