CI #1155
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**/*.md' | |
| - '.github/workflows/markdown.yml' | |
| - '.github/markdownlint.json' | |
| - '.github/markdownlint.jsonc' | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**/*.md' | |
| - '.github/workflows/markdown.yml' | |
| - '.github/markdownlint.json' | |
| - '.github/markdownlint.jsonc' | |
| workflow_dispatch: | |
| merge_group: | |
| release: | |
| types: [published] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| platform: [ubuntu-24.04, windows-2022, macos-14] | |
| include: | |
| - platform: ubuntu-24.04 | |
| target: linux | |
| - platform: windows-2022 | |
| target: windows | |
| - platform: macos-14 | |
| target: darwin | |
| runs-on: ${{ matrix.platform }} | |
| permissions: | |
| packages: read | |
| name: 'Build and test (${{ matrix.target }})' | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - run: git config --global core.autocrlf false | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| node-version-file: package.json | |
| registry-url: https://npm.pkg.github.com | |
| always-auth: true | |
| package-manager-cache: false | |
| - name: Set version | |
| if: runner.os == 'Linux' && github.repository_owner == 'Open-CMSIS-Pack' | |
| run: | | |
| case ${{ github.event_name }} in | |
| release) | |
| TAG="${{ github.event.release.tag_name }}" | |
| yarn version --no-git-tag-version --new-version "${TAG#v}" | |
| ;; | |
| pull_request) | |
| DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+') | |
| QUALIFIER=$(git describe --tags | grep -Eo '\-g[0-9a-f]+$') | |
| yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}" | |
| yarn version --no-git-tag-version --prepatch --preid "pr${{ github.event.number }}${QUALIFIER}" | |
| ;; | |
| *) | |
| DESCRIBE=$(git describe --tags | grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+') | |
| QUALIFIER=$(git describe --tags | grep -Eo '[0-9]+\-g[0-9a-f]+$') | |
| yarn version -s --no-git-tag-version --new-version "${DESCRIBE#v}" | |
| yarn version --no-git-tag-version --prepatch --preid "${{ github.ref_name }}${QUALIFIER}" | |
| ;; | |
| esac | |
| VERSION="$(jq -r ".version" < package.json)" | |
| sed -i "s/## Unreleased/## ${VERSION}/" CHANGELOG.md | |
| echo "Version is ${VERSION}" | |
| - name: Remove badges | |
| if: runner.os == 'Linux' | |
| run: | | |
| sed -i "/https:\/\/qlty\.sh\/gh/d" README.md | |
| sed -i "/https:\/\/securityscorecards\.dev\/viewer/d" README.md | |
| - name: Install dependencies | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: yarn --frozen-lockfile --prefer-offline --ignore-scripts | |
| - name: Build on Windows or macOS | |
| if: runner.os != 'Linux' | |
| run: yarn build:no-lint | |
| - name: Build on Linux | |
| if: runner.os == 'Linux' | |
| run: yarn build | |
| - name: Check copyright | |
| run: yarn copyright:check | |
| - name: Test | |
| run: yarn test | |
| - name: Upload dist | |
| if: runner.os == 'Linux' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: dist | |
| path: | | |
| ./README.md | |
| ./CHANGELOG.md | |
| ./package.json | |
| ./dist | |
| retention-days: 1 | |
| - name: Commit changelog | |
| if: false && github.event_name == 'release' && runner.os == 'Linux' | |
| run: | | |
| sed -i '3i ## Unreleased\n' CHANGELOG.md | |
| git checkout main | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git add CHANGELOG.md | |
| git commit -m "Update CHANGELOG.md after release [skip ci]" | |
| git push | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| if: runner.os == 'Linux' | |
| with: | |
| name: test-coverage | |
| path: ./coverage | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: test-report-${{ matrix.target }} | |
| path: ./test-report.html | |
| - name: Publish coverage report to QLTY | |
| if: github.repository_owner == 'Open-CMSIS-Pack' && runner.os == 'Linux' | |
| uses: qltysh/qlty-action/coverage@a19242102d17e497f437d7466aa01b528537e899 # v1 | |
| with: | |
| token: ${{ secrets.QLTY_COVERAGE_TOKEN }} | |
| files: coverage/lcov.info | |
| package: | |
| name: Package | |
| runs-on: [ubuntu-latest] | |
| needs: build | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| target: | |
| - win32-x64 | |
| - win32-arm64 | |
| - linux-x64 | |
| - linux-arm64 | |
| - darwin-arm64 | |
| permissions: | |
| packages: read | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| node-version-file: package.json | |
| registry-url: https://npm.pkg.github.com | |
| always-auth: true | |
| package-manager-cache: false | |
| - name: Download dist | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| name: dist | |
| path: . | |
| - name: Download tools | |
| run: | | |
| yarn --frozen-lockfile --ignore-scripts --prefer-offline | |
| yarn download-tools --target ${{ matrix.target }} --no-cache | |
| - name: Create vsix package | |
| run: | | |
| yarn package --target ${{ matrix.target }} | |
| - name: Upload package | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: vsix-package-${{ matrix.target }} | |
| path: ./*.vsix | |
| retention-days: 1 | |
| publish: | |
| name: Publish release | |
| runs-on: [ubuntu-latest] | |
| if: github.event_name == 'release' | |
| needs: package | |
| permissions: | |
| contents: write # for softprops/action-gh-release to create a GitHub release | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Download packages | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| pattern: vsix-package-* | |
| - name: Download coverage report | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| pattern: test-coverage | |
| - name: Download test report | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| pattern: test-report-linux | |
| - name: Zip test report | |
| run: zip -r test-report.zip * | |
| working-directory: test-report-linux | |
| - name: Zip test coverage | |
| run: zip -r test-coverage.zip * | |
| working-directory: test-coverage | |
| - name: Attach packages | |
| uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3 | |
| with: | |
| files: | | |
| **/*.vsix | |
| test-coverage/test-coverage.zip | |
| test-report-linux/test-report.zip |