Skip to content

build(deps): bump github/codeql-action from 3.27.6 to 3.27.7 #4251

build(deps): bump github/codeql-action from 3.27.6 to 3.27.7

build(deps): bump github/codeql-action from 3.27.6 to 3.27.7 #4251

Workflow file for this run

name: CI Workflow
on:
push:
# trigger on all branches except for dependabot-triggered push events
branches-ignore: [dependabot/**]
tags:
- 'v*' # trigger on all tags
paths-ignore:
- '**.md' # ignore changes in markdown files
pull_request:
branches: [develop]
types: [opened, synchronize, reopened]
permissions:
contents: read
# globals
env:
# general settings
MAIN_REPO_OWNER: musicEnfanthen # Main repo owner (default: webern-unibas-ch; should not be changed)
jobs:
test:
name: Run tests (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
node-version: [20.13, 22.11, 23.x]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # Get all history and branches
- name: Set up node ${{ matrix.node-version}}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: yarn install dependencies
run: |
yarn install
- name: Run CI tests with coverage
run: |
yarn run test:ci
- name: Test build for GH Pages
run: |
yarn run build:gh
deploy:
# run only on main
if: github.ref == 'refs/heads/main'
name: Deploy app from main (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
needs: test
permissions:
contents: write
strategy:
matrix:
os: [ubuntu-latest]
node-version: [22.11]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up node ${{ matrix.node-version}}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: yarn install dependencies
run: |
yarn install
- name: Build app for GH Pages
run: |
yarn run build:gh
- name: Create default index.html for locales
run: |
cp locale-base.html dist/awg-website/index.html
- name: Deploy to GH Pages
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
yarn run deploy:ci
release:
# run only on tags
if: startsWith(github.ref, 'refs/tags/')
name: Create Release from tag
runs-on: ${{ matrix.os }}
needs: test
permissions:
contents: write
strategy:
matrix:
os: [ubuntu-latest]
node-version: [22.11]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Get tag version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
- name: Create Release
id: create_release
if: ${{ success() && startsWith(github.ref, 'refs/tags/') }}
uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_VERSION: ${{ steps.get_version.outputs.VERSION }}
with:
name: Release ${{ env.TAG_VERSION }}
body: "Website of the [Anton Webern Gesamtausgabe](https://www.anton-webern.ch), located at the Department of Musicology of the University of Basel. It is written in [Angular](https://angular.io/) and runs on [www.anton-webern.ch](https://www.anton-webern.ch).\n\n Changes since last release: https://github.com/${{ github.repository }}/blob/${{ env.TAG_VERSION }}/CHANGELOG.md"
draft: false
prerelease: false