diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml new file mode 100644 index 0000000..47a3d27 --- /dev/null +++ b/.github/workflows/check-dist.yml @@ -0,0 +1,68 @@ +# This workflow helps us to be sure that generated innards of `dist` directory actually match what we expect them to be. +# The `dist` is a special directory in Actions. +# When you reference an action with `uses:` in a workflow, javascript files from `dist` will run. +# In Actions, we generate the dist through a build process from other source files. + +name: Check dist + +on: + workflow_call: + inputs: + dist-path: + description: "Optional input to set a path to the dist folder. If it's not set defaults to './dist'" + required: false + type: string + default: "./dist" + build-command: + description: "Optional input to configure build command in case the default one doesn't suit. If it's not set defaults to 'npm run build'" + required: false + type: string + default: "npm run build" + node-version: + description: "Optional input to set version of node.js. The input syntax corresponds to the setup-node's one." + required: false + type: string + default: "16.x" + node-caching: + description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed" + required: false + type: string + default: "npm" + + +jobs: + check-dist: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Node.js ${{inputs.node-version}} + uses: actions/setup-node@v3 + with: + node-version: ${{inputs.node-version}} + cache: ${{inputs.node-caching}} + + - name: Install dependencies + run: npm ci --ignore-scripts + + - name: Rebuild the dist directory + run: ${{inputs.build-command}} + + - name: Compare the expected and actual dist directories + run: | + if [ "$(git diff --ignore-space-at-eol ${{inputs.folder-path}} | wc -l)" -gt "0" ]; then + echo "Detected uncommitted changes after the build. See the status below:" + git diff + exit 1 + fi + id: diff + + # If inners of the dist directory were different than expected, upload the expected version as an artifact + - name: Upload artifact + if: ${{failure() && steps.diff.conclusion == 'failure'}} + uses: actions/upload-artifact@v3 + with: + name: dist + path: ${{inputs.dist-path}} \ No newline at end of file diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..ec0edef --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,56 @@ +# This workflow helps us to analize repository code for vulnerabilities, bugs, and other errors using CodeQL. +# For that we're using CodeQL Action: https://github.com/github/codeql-action +# Learn more about CodeQL at https://codeql.github.com/ + +name: CodeQL + +on: + workflow_call: + inputs: + languages: + description: "Optional input to set languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript', 'typescript', 'python', 'ruby'. To use multiple languages use the same syntax as used in the default value." + required: false + type: string + default: "['javascript']" + build-command: + description: "Optional input to specify manual build command. Multiline syntax is supported" + required: false + type: string + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ${{fromJson(inputs.languages)}} + + steps: + - name: Checkout + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step. + - name: Autobuild + if: ${{!inputs.build-command}} + uses: github/codeql-action/autobuild@v2 + + - name: Manual build + if: ${{inputs.build-command}} + run: | + ${{inputs.build-command}} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml new file mode 100644 index 0000000..df70d56 --- /dev/null +++ b/.github/workflows/licensed.yml @@ -0,0 +1,35 @@ +# This workflow helps us to check statuses of cached dependencies which we use in the action with help of the Licensed tool. +# Learn more about Licensed at https://github.com/github/licensed + +name: Licensed + +on: + workflow_call: + inputs: + licensed-url: + description: "Optional input to set the url of the required version of the Licenced tool" + required: false + type: string + default: "https://github.com/github/licensed/releases/download/3.9.0/licensed-3.9.0-linux-x64.tar.gz" + +jobs: + validate-cached-dependency-records: + runs-on: ubuntu-latest + name: Check licenses + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - name: Install dependencies + run: npm ci --ignore-scripts + + - name: Install licensed tool + run: | + cd $RUNNER_TEMP + curl -Lfs -o licensed.tar.gz ${{inputs.licensed-url}} + sudo tar -xzf licensed.tar.gz + sudo mv licensed /usr/local/bin/licensed + + - name: Check cached dependency records + run: licensed status \ No newline at end of file diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml new file mode 100644 index 0000000..5ad6227 --- /dev/null +++ b/.github/workflows/workflow.yml @@ -0,0 +1,85 @@ +# This workflow helps us to be sure that the code of the action we're going to deploy: +# 1. Is well-formated +# 2. Is linted +# 3. Successfully builds +# 4. Passes unit-tests +# Additionally node packages used by the action can be audited. +name: CI + +on: + workflow_call: + inputs: + operating-systems: + description: "Optional input to set list of operating systems whick the workflow uses. Defaults to ['ubuntu-latest', 'windows-latest', 'macos-latest'] if not set" + required: false + type: string + default: "['ubuntu-latest', 'windows-latest', 'macos-latest']" + build-command: + description: "Optional input to configure build command in case the default one doesn't suit. Set to an empty string if build isn't needed. Multiline syntax is supported" + required: false + type: string + default: "npm run build" + enable-prettier: + description: "Optional input to enable prettiering process" + required: false + type: boolean + default: true + enable-linter: + description: "Optional input to enable linting process" + required: false + type: boolean + default: true + enable-audit: + description: "Optional input to enable npm package audit process" + required: false + type: boolean + default: true + node-version: + description: "Optional input to set version of node.js. The input syntax corresponds to the setup-node's one." + required: false + type: string + default: "16.x" + node-caching: + description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed" + required: false + type: string + default: "npm" + +jobs: + build: + runs-on: ${{matrix.operating-systems}} + strategy: + fail-fast: false + matrix: + operating-systems: ${{fromJson(inputs.operating-systems)}} + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Node.js ${{inputs.node-version}} + uses: actions/setup-node@v3 + with: + node-version: ${{inputs.node-version}} + cache: ${{inputs.node-caching}} + + - name: Install dependencies + run: npm ci --ignore-scripts + + - name: Run prettier + if: ${{inputs.enable-prettier}} + run: npm run format-check + + - name: Run linter + if: ${{inputs.enable-linter}} + run: npm run lint + + - name: Build + if: ${{inputs.build-command}} + run: ${{inputs.build-command}} + + - name: Test + run: npm run test + + - name: Audit packages + run: npm audit --audit-level=high + if: ${{inputs.enable-audit}} \ No newline at end of file