Skip to content

Chore/add suins ref #120

Chore/add suins ref

Chore/add suins ref #120

name: Check spl-name-service
on:
push:
branches: [main]
paths:
- 'js/**'
pull_request_target:
branches: [main]
paths:
- 'js/**'
defaults:
run:
working-directory: ./js
jobs:
# We're using "pull_request_target" to allow running CI with secrets against PRs
# from forked repositories. Since it's dangerous in combination with "actions/checkout"
# we need to check user's write permissions at the very beginning so only
# maintainers can actually run CI checks
# More info here: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
check-permissions:
name: Check permission
runs-on: ubuntu-latest
steps:
- name: Get User Permission
id: checkAccess
uses: actions-cool/check-user-permission@v2
with:
require: write
username: ${{ github.triggering_actor }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check User Permission
if: steps.checkAccess.outputs.require-result == 'false'
run: |
echo "${{ github.triggering_actor }} does not have "write" permissions on this repo."
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}."
echo "Job originally triggered by ${{ github.actor }}."
exit 1
prepare-dependencies:
name: Prepare local deps
needs: check-permissions
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
# Important for forked repositories
# This is dangerous without the "check-permissions" job
ref: ${{ github.event.pull_request.head.sha }}
- id: prepare-env
uses: ./.github/actions/prepare-spl-name-service-env
- name: Use cache or install dependencies
if: steps.prepare-env.outputs.cache-hit != 'true'
run: npm ci
test:
name: Test source code
needs: prepare-dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Important for forked repositories
# This is dangerous without the "check-permissions" job
ref: ${{ github.event.pull_request.head.sha }}
- uses: ./.github/actions/prepare-spl-name-service-env
- name: Make envfile
run: |
rm .env || true;
touch .env;
echo "RPC_URL=${{ secrets.RPC_URL }}" >> .env;
echo "RPC_URL_DEVNET=${{ secrets.RPC_URL_DEVNET }}" >> .env;
- name: Test source code
run: npm run test
build:
name: Build source code
needs: prepare-dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Important for forked repositories
# This is dangerous without the "check-permissions" job
ref: ${{ github.event.pull_request.head.sha }}
- uses: ./.github/actions/prepare-spl-name-service-env
- name: Build source code
run: npm run build