ci: release and publish through ci #297
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - "*" | |
| tags-ignore: | |
| - "*" | |
| paths-ignore: | |
| - "README.md" | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: ⚙️ Install dependencies | |
| run: npm ci | |
| - name: Run pre-commit | |
| run: pipx run pre-commit run --all-files --show-diff-on-failure | |
| env: | |
| SKIP: ggshield # covered by the scanning job | |
| build-and-test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| vscode_target: linux-x64 | |
| - os: macos-latest | |
| vscode_target: darwin-arm64 | |
| - os: windows-latest | |
| vscode_target: win32-x64 | |
| steps: | |
| - name: 👩💻 Checkout code | |
| uses: actions/checkout@v6 | |
| - name: ⚙️ Set up Node.js and tools | |
| uses: jdx/mise-action@v4 | |
| - name: ⚙️ Install dependencies | |
| run: npm ci | |
| - name: Download ggshield binary | |
| shell: bash | |
| run: scripts/download-ggshield.sh --target ${{ matrix.vscode_target }} | |
| - name: 🧪 Run tests | |
| shell: bash # Ensure bash is used for Linux/macOS | |
| run: | | |
| if [ "$RUNNER_OS" = "Linux" ]; then | |
| xvfb-run --auto-servernum npm test | |
| elif [ "$RUNNER_OS" = "macOS" ]; then | |
| npm test | |
| else | |
| bash -c "npm test" | |
| fi | |
| scanning: | |
| name: GitGuardian scan | |
| runs-on: ubuntu-latest | |
| if: >- | |
| github.actor != 'dependabot[bot]' && | |
| (github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository) | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # fetch all history so multiple commits can be scanned | |
| - name: GitGuardian scan | |
| uses: GitGuardian/ggshield-action@v1 | |
| env: | |
| GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }} | |
| GITHUB_PUSH_BASE_SHA: ${{ github.event.base }} | |
| GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
| GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} |