Dependabot collection 2025wk20 (#234) #427
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| merge_group: | |
| release: | |
| types: [published] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build and test | |
| runs-on: [ubuntu-latest] | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 | |
| with: | |
| node-version-file: package.json | |
| registry-url: https://npm.pkg.github.com | |
| always-auth: true | |
| cache: 'yarn' | |
| - name: Set version | |
| if: github.repository_owner == 'Open-CMSIS-Pack' | |
| run: | | |
| case ${{ github.event_name }} in | |
| release) | |
| TAG="${{ github.event.release.tag_name }}" | |
| yarn version --no-git-tag-version --new-version "${TAG#v}" | |
| ;; | |
| pull_request) | |
| DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+') | |
| QUALIFIER=$(git describe --tags | grep -Eo '\-g[0-9a-f]+$') | |
| yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}" | |
| yarn version --no-git-tag-version --prepatch --preid "pr${{ github.event.number }}${QUALIFIER}" | |
| ;; | |
| *) | |
| DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+') | |
| QUALIFIER=$(git describe --tags | grep -Eo '[0-9]+\-g[0-9a-f]+$') | |
| yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}" | |
| yarn version --no-git-tag-version --prepatch --preid "${{ github.ref_name }}${QUALIFIER}" | |
| ;; | |
| esac | |
| VERSION="$(jq -r ".version" < package.json)" | |
| sed -i "s/## Unreleased/## ${VERSION}/" CHANGELOG.md | |
| echo "Version is ${VERSION}" | |
| - name: Remove Badges for dist | |
| run: | | |
| sed -i "/https:\/\/codeclimate\.com\/github\/Open\-CMSIS\-Pack\/vscode\-cmsis\-debugger/d" README.md | |
| sed -i "/https:\/\/securityscorecards\.dev\/viewer/d" README.md | |
| - name: Build | |
| env: | |
| GITHUB_TOKEN: ${{github.token}} | |
| run: yarn --frozen-lockfile --prefer-offline | |
| - name: Test | |
| run: yarn test | |
| - name: Upload dist | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: dist | |
| path: | | |
| ./README.md | |
| ./CHANGELOG.md | |
| ./package.json | |
| ./dist | |
| retention-days: 1 | |
| - name: Commit changelog | |
| if: false && github.event_name == 'release' | |
| run: | | |
| sed -i '3i ## Unreleased\n' CHANGELOG.md | |
| git checkout main | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git add CHANGELOG.md | |
| git commit -m "Update CHANGELOG.md after release [skip ci]" | |
| git push | |
| - name: Publish coverage report to Code Climate | |
| if: github.repository_owner == 'Open-CMSIS-Pack' | |
| uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0 | |
| env: | |
| CC_TEST_REPORTER_ID: ${{secrets.CC_TEST_REPORTER_ID}} | |
| with: | |
| debug: true | |
| coverageLocations: coverage/lcov.info:lcov | |
| package: | |
| name: Package | |
| runs-on: [ubuntu-latest] | |
| needs: build | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| target: | |
| - win32-x64 | |
| - linux-x64 | |
| - linux-arm64 | |
| - darwin-arm64 | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 | |
| with: | |
| node-version-file: package.json | |
| registry-url: https://npm.pkg.github.com | |
| always-auth: true | |
| cache: 'yarn' | |
| - name: Download dist | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| name: dist | |
| path: . | |
| - name: Cache tools | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.6 | |
| with: | |
| path: tools | |
| key: tools-${{ matrix.target }}-${{ github.head_ref || github.ref_name }} | |
| restore-keys: | | |
| tools-${{ matrix.target }}-${{ github.base_ref || 'main' }} | |
| tools-${{ matrix.target }}- | |
| - name: Download tools | |
| run: | | |
| yarn --frozen-lockfile --ignore-scripts --prefer-offline | |
| yarn download-tools --target ${{ matrix.target }} --no-cache | |
| - name: Create vsix package (pre-release) | |
| run: | | |
| yarn package --target ${{ matrix.target }} --pre-release | |
| - name: Upload package | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: vsix-package-${{ matrix.target }} | |
| path: ./*.vsix | |
| retention-days: 1 | |
| publish: | |
| name: Publish release | |
| runs-on: [ubuntu-latest] | |
| if: github.event_name == 'release' | |
| needs: package | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| egress-policy: audit | |
| - name: Download packages | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| pattern: vsix-package-* | |
| - name: Attach packages | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 | |
| with: | |
| files: "**/*.vsix" |