UIIN-3124 cautiously evaluate subpermissions (#2667) #8220
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will do a clean install of node dependencies, build the source code, | |
# run unit tests, perform a Sonarqube scan, and publish NPM artifacts from master/main. | |
# For more information see: | |
# https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions | |
# Common FOLIO configurable environment variables to set: | |
# - YARN_TEST_OPTIONS (options to pass to 'yarn test') | |
# - SQ_ROOT_DIR (root SQ directory to scan relative to top-level directory) | |
# - PUBLISH_MOD_DESCRIPTOR (boolean 'true' or 'false') | |
# - COMPILE_TRANSLATION_FILES (boolean 'true' or 'false') | |
name: buildNPM Snapshot | |
on: [push, pull_request] | |
jobs: | |
github-actions-ci: | |
env: | |
YARN_TEST_OPTIONS: '' | |
SQ_ROOT_DIR: './src' | |
COMPILE_TRANSLATION_FILES: 'true' | |
PUBLISH_MOD_DESCRIPTOR: 'true' | |
FOLIO_NPM_REGISTRY: 'https://repository.folio.org/repository/npm-folioci/' | |
FOLIO_NPM_REGISTRY_AUTH: '//repository.folio.org/repository/npm-folioci/' | |
FOLIO_MD_REGISTRY: 'https://folio-registry.dev.folio.org' | |
NODEJS_VERSION: '18' | |
JEST_JUNIT_OUTPUT_DIR: 'artifacts/jest-junit' | |
JEST_COVERAGE_REPORT_DIR: 'artifacts/coverage-jest/lcov-report/' | |
BIGTEST_JUNIT_OUTPUT_DIR: 'artifacts/runTest' | |
BIGTEST_COVERAGE_REPORT_DIR: 'artifacts/coverage/lcov-report/' | |
SQ_LCOV_REPORT: 'artifacts/coverage-jest/lcov.info' | |
SQ_EXCLUSIONS: '**/platform/alias-service.js,**/docs/**,**/node_modules/**,**/examples/**,**/artifacts/**,**/ci/**,Jenkinsfile,**/LICENSE,**/*.css,**/*.md,**/*.json,**/tests/**,**/stories/*.js,**/test/**,**/.stories.js,**/resources/bigtest/interactors/**,**/resources/bigtest/network/**,**/*-test.js,**/*.test.js,**/*-spec.js,**/karma.conf.js,**/jest.config.js' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: folio-org/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Setup kernel for react native, increase watchers | |
run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.NODEJS_VERSION }} | |
check-latest: true | |
always-auth: true | |
- name: Set yarn config | |
run: yarn config set @folio:registry $FOLIO_NPM_REGISTRY | |
- name: Set FOLIO NPM snapshot version | |
run: | | |
git clone https://github.com/folio-org/folio-tools.git | |
npm --no-git-tag-version version `folio-tools/github-actions-scripts/folioci_npmver.sh` | |
rm -rf folio-tools | |
env: | |
JOB_ID: ${{ github.run_number }} | |
- name: Run yarn install | |
run: yarn install --ignore-scripts | |
- name: Run yarn list | |
run: yarn list --pattern @folio | |
- name: Run yarn lint | |
run: yarn lint | |
continue-on-error: true | |
- name: Get number of CPU cores | |
id: cpu-cores | |
uses: SimenB/github-actions-cpu-cores@v1 | |
- name: Run yarn test | |
run: xvfb-run --server-args="-screen 0 1024x768x24" yarn test $YARN_TEST_OPTIONS --max-workers ${{ steps.cpu-cores.outputs.count }} | |
- name: Run yarn formatjs-compile | |
if: ${{ env.COMPILE_TRANSLATION_FILES == 'true' }} | |
run: yarn formatjs-compile | |
- name: Generate FOLIO module descriptor | |
if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} | |
run: yarn build-mod-descriptor | |
- name: Print FOLIO module descriptor | |
if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} | |
run: cat module-descriptor.json | |
- name: Publish Jest unit test results | |
uses: docker://ghcr.io/enricomi/publish-unit-test-result-action:v1 | |
if: always() | |
with: | |
github_token: ${{ github.token }} | |
files: "${{ env.JEST_JUNIT_OUTPUT_DIR }}/*.xml" | |
check_name: Jest Unit Test Results | |
comment_mode: update last | |
comment_title: Jest Unit Test Statistics | |
- name: Publish Jest coverage report | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: jest-coverage-report | |
path: ${{ env.JEST_COVERAGE_REPORT_DIR }} | |
retention-days: 30 | |
- name: Publish yarn.lock | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: yarn.lock | |
path: yarn.lock | |
retention-days: 5 | |
- name: Set default branch as env variable | |
run: echo "DEFAULT_BRANCH=${{ github.event.repository.default_branch }}" >> $GITHUB_ENV | |
- name: Fetch branches for SonarCloud | |
run: git fetch --no-tags ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} +refs/heads/${{ env.DEFAULT_BRANCH }}:refs/remotes/origin/${{ env.DEFAULT_BRANCH }} | |
- name: Run SonarCloud scan | |
uses: sonarsource/sonarcloud-github-action@master | |
with: | |
args: > | |
-Dsonar.organization=folio-org | |
-Dsonar.projectKey=org.folio:${{ github.event.repository.name }} | |
-Dsonar.projectName=${{ github.event.repository.name }} | |
-Dsonar.sources=${{ env.SQ_ROOT_DIR }} | |
-Dsonar.language=js | |
-Dsonar.javascript.lcov.reportPaths=${{ env.SQ_LCOV_REPORT }} | |
-Dsonar.exclusions=${{ env.SQ_EXCLUSIONS }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
- name: Set up NPM environment for publishing | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.NODEJS_VERSION }} | |
check-latest: true | |
always-auth: true | |
- name: Set _auth in .npmrc | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
run: | | |
npm config set @folio:registry $FOLIO_NPM_REGISTRY | |
npm config set $FOLIO_NPM_REGISTRY_AUTH:_auth $NODE_AUTH_TOKEN | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Exclude some CI-generated artifacts in package | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
run: | | |
echo "artifacts" >> .npmignore | |
echo ".github" >> .npmignore | |
echo ".scannerwork" >> .npmignore | |
cat .npmignore | |
- name: Publish NPM | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
run: npm publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Read module descriptor | |
if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' && github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
id: moduleDescriptor | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: ./module-descriptor.json | |
- name: Publish module descriptor | |
if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' && github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
id: modDescriptorPost | |
uses: fjogeleit/http-request-action@master | |
with: | |
url: ${{ env.FOLIO_MD_REGISTRY }}/_/proxy/modules | |
method: 'POST' | |
contentType: 'application/json; charset=utf-8' | |
customHeaders: '{ "Accept": "application/json; charset=utf-8" }' | |
data: ${{ steps.moduleDescriptor.outputs.content }} | |
username: ${{ secrets.FOLIO_REGISTRY_USERNAME }} | |
password: ${{ secrets.FOLIO_REGISTRY_PASSWORD }} | |