feat: port generate() and ollama integration from PR #73 #330
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test (& Publish) | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| release: | |
| types: | |
| - published | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| timeout-minutes: 5 | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - windows-latest | |
| - macos-latest | |
| node: | |
| - 20 | |
| - 22 | |
| - 24 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| node-version: ${{ matrix.node }} | |
| - run: npm ci | |
| - run: npm run build # Automatically run tests because of the `postbuild` script in package.json | |
| coverage: | |
| name: Coverage Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| node-version: 20 | |
| - run: npm ci | |
| - run: npm run dereferenceSchemas && npm run generate:types && npm run compile | |
| - name: Run tests with coverage | |
| run: npm run test:coverage | |
| - name: Check coverage ratchet | |
| run: npm run test:coverage:ratchet | |
| - name: Upload coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report | |
| path: coverage/ | |
| threat-assessment: | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| name: Threat assessment | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get package version | |
| id: get_version | |
| run: | | |
| # Extract the version from package.json and set it as an environment variable | |
| echo "version=$(jq -r '.version' package.json)" >> $GITHUB_OUTPUT | |
| # Create an archive of the package | |
| - name: Set current datetime | |
| run: | | |
| echo "DT_NOW=$(date +%Y%m%d-%H%M%S)" >> ${GITHUB_ENV} | |
| - name: Create directories | |
| run: mkdir -p build report | |
| - id: pack_artifact | |
| run: | | |
| npm pack --pack-destination build | |
| # Capture the path of the generated tarball | |
| echo "scan_file=$(ls build/*.tgz)" >> $GITHUB_OUTPUT | |
| # Use the rl-scanner-cloud-composite action | |
| - name: Scan build artifact on the Portal | |
| id: rl-scan | |
| env: | |
| RLPORTAL_ACCESS_TOKEN: ${{ secrets.RLPORTAL_ACCESS_TOKEN }} | |
| uses: reversinglabs/gh-action-rl-scanner-cloud-only@v1 | |
| with: | |
| rl-verbose: true | |
| rl-portal-server: trial | |
| rl-portal-org: Trial | |
| rl-portal-group: OSS-MannySilva | |
| rl-timeout: 20 | |
| rl-submit-only: false | |
| artifact-to-scan: ${{ steps.pack_artifact.outputs.scan_file }} | |
| report-path: report | |
| rl-package-url: common/releases@${{ steps.get_version.outputs.version }} | |
| - name: Archive scan report | |
| if: success() || failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: rl-scan-report-${{ env.DT_NOW }} | |
| path: report | |
| publish-npm: | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| name: Publish to NPM | |
| needs: threat-assessment | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| registry-url: https://registry.npmjs.org/ | |
| - run: npm ci | |
| - run: npm run build | |
| - run: npm publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.npm_token }} | |
| update-downstream: | |
| name: Update downstream packages | |
| needs: publish-npm | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get package version | |
| id: get_version | |
| run: | | |
| # Extract the version from package.json and set it as an environment variable | |
| echo "version=$(jq -r '.version' package.json)" >> $GITHUB_OUTPUT | |
| - name: Update `resolver` | |
| run: | | |
| curl -X POST -H "Authorization: token ${{ secrets.DD_DEP_UPDATE_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.everest-preview+json" \ | |
| "https://api.github.com/repos/doc-detective/resolver/dispatches" \ | |
| -d '{"event_type": "update-common-package-event", "client_payload": {"version": "${{ steps.get_version.outputs.version }}"} }' | |
| - name: Update docs | |
| run: | | |
| curl -X POST -H "Authorization: token ${{ secrets.DD_DEP_UPDATE_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.everest-preview+json" \ | |
| "https://api.github.com/repos/doc-detective/doc-detective.github.io/dispatches" \ | |
| -d '{"event_type": "update-common-package-event", "client_payload": {"version": "${{ steps.get_version.outputs.version }}"} }' |