Merge pull request #1 from akv-platform/reusable-workflows-update

Populate workflows folder with reusable workflows

.github/workflows/basic-validation.yml

@@ -0,0 +1,68 @@
+# This workflow helps ensure that the code of the action we're going to deploy:
+# 1. Is well-formated
+# 2. Is linted
+# 3. Successfully builds
+# 4. Passes unit-tests
+# Additionally node packages used by the action can be audited.
+
+name: Basic validation
+
+on:
+  workflow_call:
+    inputs:
+      operating-systems:
+        description: "Optional input to set a list of operating systems which the workflow uses. Defaults to ['ubuntu-latest', 'windows-latest', 'macos-latest'] if not set"
+        required: false
+        type: string
+        default: "['ubuntu-latest', 'windows-latest', 'macos-latest']"
+      enable-audit:
+        description: "Optional input to enable npm package audit process"
+        required: false
+        type: boolean
+        default: true
+      node-version:
+        description: "Optional input to set the version of Node.js used to build the project. The input syntax corresponds to the setup-node's one"
+        required: false
+        type: string
+        default: "16.x"
+      node-caching:
+        description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed"
+        required: false
+        type: string
+        default: "npm"
+
+jobs:
+  build:
+    runs-on: ${{matrix.operating-systems}}
+    strategy:
+      fail-fast: false
+      matrix:
+        operating-systems: ${{fromJson(inputs.operating-systems)}}
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup Node.js ${{inputs.node-version}}
+      uses: actions/setup-node@v3
+      with:
+        node-version: ${{inputs.node-version}}
+        cache: ${{inputs.node-caching}}
+
+    - name: Install dependencies
+      run: npm ci --ignore-scripts
+      
+    - name: Run prettier
+      run: npm run format-check
+
+    - name: Run linter
+      run: npm run lint
+
+    - name: Build
+      run: npm run build
+
+    - name: Test
+      run: npm test
+
+    - name: Audit packages
+      run: npm audit --audit-level=high
+      if: ${{inputs.enable-audit}}

.github/workflows/check-dist.yml

@@ -0,0 +1,61 @@
+# This workflow helps ensure that generated innards of `dist` directory match what we expect them to be.
+# The `dist` is a particular directory in Actions that contains distributable JS files.
+# In Actions, the `dist` is generated through a build process from other source files.
+
+name: Check dist
+
+on:
+  workflow_call:
+    inputs:
+      dist-path:
+        description: "Optional input to set a path to the dist folder. If it's not set, it defaults to './dist'"
+        required: false
+        type: string
+        default: "./dist"
+      node-version:
+        description: "Optional input to set the version of Node.js used to build a project. The input syntax corresponds to the setup-node's one"
+        required: false
+        type: string
+        default: "16.x"
+      node-caching:
+        description: "Optional input to set up caching for the setup-node action. The input syntax corresponds to the setup-node's one. Set to an empty string if caching isn't needed"
+        required: false
+        type: string
+        default: "npm"
+
+jobs:
+  check-dist:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js ${{inputs.node-version}}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{inputs.node-version}}
+          cache: ${{inputs.node-caching}}
+
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Rebuild the dist directory
+        run: npm run build
+
+      - name: Compare the expected and actual dist directories
+        run: |
+          if [ "$(git diff --ignore-space-at-eol ${{inputs.folder-path}} | wc -l)" -gt "0" ]; then
+            echo "Detected uncommitted changes after the build. See the status below:"
+            git diff
+            exit 1
+          fi
+        id: diff
+
+      # If inners of the dist directory were different than expected, upload the expected version as an artifact
+      - name: Upload artifact
+        if: ${{failure() && steps.diff.conclusion == 'failure'}}
+        uses: actions/upload-artifact@v3
+        with:
+          name: dist
+          path: ${{inputs.dist-path}}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,61 @@
+# This workflow helps to analyze repository code for vulnerabilities, bugs, and other errors using CodeQL. 
+# For that CodeQL Action is used: https://github.com/github/codeql-action
+# Learn more about CodeQL at https://codeql.github.com/
+
+name: CodeQL
+
+on:
+  workflow_call:
+    inputs:
+      languages:
+        description: "Optional input to set languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript', 'typescript', 'python', 'ruby'. To set multiple languages, use the same syntax as you can see in the default value."
+        required: false
+        type: string
+        default: "['javascript']"
+      codeql-cfg-path:
+        description: "Optional input to set path to a CodeQL config file"
+        required: false
+        type: string
+      build-command:
+        description: "Optional input to specify manual build command. The multiline syntax is supported"
+        required: false
+        type: string
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ${{fromJson(inputs.languages)}}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{matrix.language}}
+        config-file: ${{inputs.codeql-cfg-path}}
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step.
+    - name: Autobuild
+      if: ${{!inputs.build-command}}
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Manual build
+      if: ${{inputs.build-command}}
+      run: |
+        ${{inputs.build-command}}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/licensed.yml

@@ -0,0 +1,29 @@
+# This workflow helps to check the statuses of cached dependencies used in action with the help of the Licensed tool.
+# Learn more about Licensed at https://github.com/github/licensed
+
+name: Licensed
+
+on:
+  workflow_call:
+
+jobs:
+  validate-cached-dependency-records:
+    runs-on: ubuntu-latest
+    name: Check licenses
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Install licensed tool
+        run: |
+          cd "$RUNNER_TEMP"
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.9.0/licensed-3.9.0-linux-x64.tar.gz 
+          sudo tar -xzf licensed.tar.gz
+          sudo mv licensed /usr/local/bin/licensed
+
+      - name: Check cached dependency records
+        run: licensed status