-
Notifications
You must be signed in to change notification settings - Fork 62
148 lines (125 loc) · 4.75 KB
/
test-and-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Test and Build
on:
push:
branches:
- main
tags:
- 'v*.*.*'
pull_request:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
test-and-build:
name: Test and Build
strategy:
matrix:
# https://github.com/actions/virtual-environments#available-environments
os: [ubuntu-latest, windows-2019, macos-latest]
fail-fast: false
# The type of runner that the job will run on
runs-on: ${{ matrix.os }}
env:
SEGMENT_KEY: ${{ secrets.SEGMENT_KEY_PROD }}
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Install Deps Ubuntu
if: ${{ runner.os == 'Linux' }}
run: sudo apt-get update -y && sudo apt-get -y install libkrb5-dev libsecret-1-dev net-tools libstdc++6 gnome-keyring
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Node.js Environment
uses: actions/setup-node@v3
with:
# Version Spec of the version to use. Examples: 12.x, 10.15.1, >=10.15.0
node-version: 16.x
- name: Run node-gyp bug workaround script
run: |
curl -sSfLO https://raw.githubusercontent.com/mongodb-js/compass/42e6142ae08be6fec944b80ff6289e6bcd11badf/.evergreen/node-gyp-bug-workaround.sh && bash node-gyp-bug-workaround.sh
- name: Install npm
run: npm install -g [email protected]
- name: Install Dependencies
shell: bash
run: |
npm ci --omit=optional
- name: Run Checks
run: npm run check
# the glob here just fails
if: ${{ runner.os != 'Windows' }}
shell: bash
- name: Run Tests
run: |
npm run test
shell: bash
- name: Prepare build for release
shell: bash
if: startsWith(github.ref, 'refs/tags/')
run: |
export "RELEASE_TAG=${GITHUB_REF#refs/*/}"
export "RELEASE_VERSION=${RELEASE_TAG:1}"
echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> $GITHUB_ENV
echo "See full release notes at: https://github.com/mongodb-js/vscode/releases/tag/${RELEASE_TAG}" > CHANGELOG.md
npx json -I -f package.json -e "this.version='${RELEASE_VERSION}'"
npx json -I -f package-lock.json -e "this.version='${RELEASE_VERSION}'"
- name: Build .vsix
env:
NODE_OPTIONS: "--require ./scripts/no-npm-list-fail.js"
run: npx vsce package --githubBranch main
shell: bash
- name: Check .vsix filesize
run: npm run check-vsix-size
shell: bash
- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
name: VSIX built on ${{ runner.os }}
path: "*.vsix"
- name: Run Snyk Test
if: runner.os == 'Linux'
shell: bash
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
npm run snyk-test > /dev/null 2>&1
- name: Create Jira Tickets
if: >
runner.os == 'Linux' &&
(
github.event_name == 'push' && github.ref == 'refs/heads/main' ||
github.event_name == 'workflow_dispatch' ||
github.event_name == 'schedule'
)
shell: bash
env:
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
JIRA_BASE_URL: "https://jira.mongodb.org"
JIRA_PROJECT: "VSCODE"
JIRA_VULNERABILITY_BUILD_INFO: "- [GitHub Run|https://github.com/mongodb-js/vscode/actions/runs/${{github.run_id}}/jobs/${{github.job}}]"
run: |
npm run create-vulnerability-tickets > /dev/null
- name: Generate Vulnerability Report (Fail on >= High)
if: runner.os == 'Linux'
continue-on-error: ${{ github.event_name == 'pull_request' }}
shell: bash
run: |
# The standard output is suppressed since Github Actions logs are
# available for everyone with read access to the repo, which is everyone that is
# logged in for public repos.
# This command is only here to fail on failures for `main` and tags.
npm run generate-vulnerability-report > /dev/null
- name: Create Draft Release
run: |
echo Creating draft release for: "${RELEASE_TAG}"
gh release create "${RELEASE_TAG}" \
--title "v${RELEASE_VERSION}" \
--notes "Edit the release notes before publishing." \
--target main \
--draft \
*.vsix
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: ${{ startsWith(github.ref, 'refs/tags/') && runner.os == 'Linux' }}