Skip to content

Commit 783274c

Browse files
committed
Create test workflow
1 parent 0f61600 commit 783274c

1 file changed

Lines changed: 48 additions & 0 deletions

File tree

.github/workflows/test.yml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
name: Test
2+
on:
3+
push:
4+
pull_request:
5+
schedule: [{ cron: "0 0 10 * *" }] # monthly https://crontab.guru/#0_0_10_*_*
6+
workflow_dispatch:
7+
8+
permissions: {}
9+
10+
jobs:
11+
test:
12+
uses: nodenv/.github/.github/workflows/test.yml@v5
13+
with: {superlinter: false} # TODO renable superlinter
14+
permissions:
15+
contents: read
16+
packages: read
17+
id-token: write
18+
security-events: write
19+
statuses: write
20+
21+
# https://github.com/redhat-plumbers-in-action/differential-shellcheck
22+
shellcheck:
23+
permissions: {contents: read, security-events: write}
24+
runs-on: ubuntu-latest
25+
steps:
26+
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
27+
with: { egress-policy: audit }
28+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
29+
with: {fetch-depth: 0}
30+
- uses: redhat-plumbers-in-action/differential-shellcheck@0d9e5b29625f871e6a4215380486d6f1a7cb6cdd # v5.5.5
31+
with:
32+
severity: error # TODO strengthen
33+
token: ${{ secrets.GITHUB_TOKEN }}
34+
35+
checksums:
36+
runs-on: ubuntu-latest
37+
steps:
38+
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
39+
with: { egress-policy: audit }
40+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
41+
with: { fetch-depth: 0 }
42+
- run: npm ci
43+
44+
# FIXME workaround https://github.com/actions/checkout/issues/910
45+
- if: github.event_name == 'pull_request'
46+
run: npm run lint:checksums -- origin/${{github.base_ref}}
47+
- run: npm run lint:checksums -- HEAD^
48+
if: github.event_name == 'push'

0 commit comments

Comments
 (0)