Build

chore(deps): update reviewdog/action-eslint action to v1.23.0 #482

Workflow file for this run

	name: Build

	on:
	push:
	branches:
	- main
	pull_request:
	types: [opened, synchronize, reopened]

	jobs:

	# -- TESTS ------------------------------------------------------------------
	tests:
	name: Tests
	runs-on: ubuntu-latest

	strategy:
	matrix:
	node: ['16']

	steps:
	- name: Harden GitHub Actions Runner
	uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Setup Node.js ${{ matrix.node }}
	uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
	with:
	node-version: ${{ matrix.node }}
	check-latest: true

	- name: Install dependencies
	run: npm install

	# -- SONARCLOUD -------------------------------------------------------------
	code-quality:
	name: Code Quality
	runs-on: ubuntu-latest
	needs: tests

	steps:
	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

	- name: Get App Version
	run: ./scripts/version.sh

	- name: SonarCloud Scan
	uses: sonarsource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	# -- SAST SCAN --------------------------------------------------------------
	code-security:
	name: Code Security
	runs-on: ubuntu-latest
	needs: tests
	# Skip any PR created by dependabot to avoid permission issues
	if: (github.actor != 'dependabot[bot]')

	steps:
	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Perform Scan
	uses: ShiftLeftSecurity/scan-action@master

	env:
	WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SCAN_ANNOTATE_PR: true

	- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
	with:
	name: reports
	path: reports

	# -- PRE-RELEASE ------------------------------------------------------------
	pre-release:
	name: Prepare Release
	runs-on: ubuntu-latest
	needs:
	- code-quality
	- code-security
	if: github.ref == 'refs/heads/main'

	steps:
	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Semantic Release
	uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d # v3.4.2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update reviewdog/action-eslint action to v1.23.0 #482

Workflow file

chore(deps): update reviewdog/action-eslint action to v1.23.0 #482

Jobs

Run details

Workflow file for this run