-
Notifications
You must be signed in to change notification settings - Fork 2
158 lines (132 loc) · 4.05 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: CI and Release
on:
push:
branches:
- main
- next
- beta
- alpha
- '*.*.x' # Matches branches like '1.2.x', '2.3.x'
- '*.x' # Matches branches like '1.x', '2.x'
pull_request:
branches:
- main
- next
- beta
- alpha
- '*.*.x' # Matches PRs targeting '1.2.x', '2.3.x'
- '*.x' # Matches PRs targeting '1.x', '2.x'
permissions:
contents: read
jobs:
# Job 1: Commit Linting
commitlint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch full history to check commit differences
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '22.x'
- name: Install dependencies
run: npm ci
- name: Validate all commits
run: npx commitlint --from ${{ github.event.pull_request.base.sha || github.event.before }} --to ${{ github.event.pull_request.head.sha || github.sha }} --verbose
# Job 2: Build and Test
test:
runs-on: ubuntu-latest
needs: [commitlint]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '22.x'
- name: Install
run: npm ci
- name: Build
run: npm run build
- name: Test
run: npm run test
- name: List test logs
run: ls -la .test-logs/
- name: Upload test logs
uses: actions/upload-artifact@v4
if: always()
with:
name: test-logs
path: .test-logs/**
include-hidden-files: true
- name: Verify integrity of dependencies
run: npm audit signatures
# Job 3: Publish
publish:
needs: [test]
runs-on: ubuntu-latest
permissions:
contents: write # To publish a GitHub release
packages: write # To publish to GitHub Package registry
issues: write # To comment on released issues
pull-requests: write # To comment on released pull requests
id-token: write # To enable OIDC for npm provenance
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '22.x'
registry-url: 'https://npm.pkg.github.com'
scope: '@mitre-attack'
- name: Install dependencies
run: npm clean-install
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
run: npm audit signatures
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# NPM_TOKEN: ${{ secrets.NPM_TOKEN }} DO NOT USE
HUSKY: 0 # Temporarily disables all Git hooks
run: npx semantic-release
deploy-docs:
needs: [publish]
runs-on: ubuntu-latest
permissions:
contents: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '22.x'
- name: Install schema dependencies
run: npm install
working-directory: ./
- name: Install docusaurus dependencies
run: npm install
working-directory: ./docusaurus
- name: Generate schema documentation
run: npm run gendocs
working-directory: ./docusaurus
- name: Build Docusaurus site
run: npm run build
working-directory: ./docusaurus
- name: Deploy to GitHub Pages
uses: peaceiris/actions-gh-pages@v3
with:
deploy_key: ${{ secrets.DEPLOY_KEY }}
publish_dir: ./docusaurus/build