Test and Build #978
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test and Build | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- 'v*.*.*' | |
pull_request: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 0 * * *" | |
jobs: | |
test-and-build: | |
name: Test and Build | |
strategy: | |
matrix: | |
# https://github.com/actions/virtual-environments#available-environments | |
os: [ubuntu-latest, windows-2019, macos-latest] | |
fail-fast: false | |
# The type of runner that the job will run on | |
runs-on: ${{ matrix.os }} | |
env: | |
SEGMENT_KEY: ${{ secrets.SEGMENT_KEY_PROD }} | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: Install Deps Ubuntu | |
if: ${{ runner.os == 'Linux' }} | |
run: sudo apt-get update -y && sudo apt-get -y install libkrb5-dev libsecret-1-dev net-tools libstdc++6 gnome-keyring | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node.js Environment | |
uses: actions/setup-node@v3 | |
with: | |
# Version Spec of the version to use. Examples: 12.x, 10.15.1, >=10.15.0 | |
node-version: 16.x | |
- name: Run node-gyp bug workaround script | |
run: | | |
curl -sSfLO https://raw.githubusercontent.com/mongodb-js/compass/42e6142ae08be6fec944b80ff6289e6bcd11badf/.evergreen/node-gyp-bug-workaround.sh && bash node-gyp-bug-workaround.sh | |
- name: Install npm | |
run: npm install -g [email protected] | |
- name: Install Dependencies | |
shell: bash | |
run: | | |
npm ci --omit=optional | |
- name: Run Checks | |
run: npm run check | |
# the glob here just fails | |
if: ${{ runner.os != 'Windows' }} | |
shell: bash | |
- name: Run Tests | |
run: | | |
npm run test | |
shell: bash | |
- name: Prepare build for release | |
shell: bash | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
export "RELEASE_TAG=${GITHUB_REF#refs/*/}" | |
export "RELEASE_VERSION=${RELEASE_TAG:1}" | |
echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV | |
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> $GITHUB_ENV | |
echo "See full release notes at: https://github.com/mongodb-js/vscode/releases/tag/${RELEASE_TAG}" > CHANGELOG.md | |
npx json -I -f package.json -e "this.version='${RELEASE_VERSION}'" | |
npx json -I -f package-lock.json -e "this.version='${RELEASE_VERSION}'" | |
- name: Build .vsix | |
env: | |
NODE_OPTIONS: "--require ./scripts/no-npm-list-fail.js" | |
run: npx vsce package --githubBranch main | |
shell: bash | |
- name: Check .vsix filesize | |
run: npm run check-vsix-size | |
shell: bash | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: VSIX built on ${{ runner.os }} | |
path: "*.vsix" | |
- name: Run Snyk Test | |
if: runner.os == 'Linux' | |
shell: bash | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
run: | | |
npm run snyk-test > /dev/null 2>&1 | |
- name: Create Jira Tickets | |
if: > | |
runner.os == 'Linux' && | |
( | |
github.event_name == 'push' && github.ref == 'refs/heads/main' || | |
github.event_name == 'workflow_dispatch' || | |
github.event_name == 'schedule' | |
) | |
shell: bash | |
env: | |
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} | |
JIRA_BASE_URL: "https://jira.mongodb.org" | |
JIRA_PROJECT: "VSCODE" | |
JIRA_VULNERABILITY_BUILD_INFO: "- [GitHub Run|https://github.com/mongodb-js/vscode/actions/runs/${{github.run_id}}/jobs/${{github.job}}]" | |
run: | | |
npm run create-vulnerability-tickets > /dev/null | |
- name: Generate Vulnerability Report (Fail on >= High) | |
if: runner.os == 'Linux' | |
continue-on-error: ${{ github.event_name == 'pull_request' }} | |
shell: bash | |
run: | | |
# The standard output is suppressed since Github Actions logs are | |
# available for everyone with read access to the repo, which is everyone that is | |
# logged in for public repos. | |
# This command is only here to fail on failures for `main` and tags. | |
npm run generate-vulnerability-report > /dev/null | |
- name: Create Draft Release | |
run: | | |
echo Creating draft release for: "${RELEASE_TAG}" | |
gh release create "${RELEASE_TAG}" \ | |
--title "v${RELEASE_VERSION}" \ | |
--notes "Edit the release notes before publishing." \ | |
--target main \ | |
--draft \ | |
*.vsix | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
if: ${{ startsWith(github.ref, 'refs/tags/') && runner.os == 'Linux' }} |