Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Merge pull request #8 from radixdlt/update-readme #31

Merge pull request #8 from radixdlt/update-readme

Merge pull request #8 from radixdlt/update-readme #31

Workflow file for this run

name: Build typescript ROLA
on:
push:
branches: ['**']
workflow_dispatch:
jobs:
# snyk_scan_deps_licences:
# runs-on: ubuntu-latest
# permissions:
# id-token: write
# pull-requests: read
# contents: read
# deployments: write
# steps:
# - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
# - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
# with:
# role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
# app_name: 'typescript-rola'
# step_name: 'snyk-scan-deps-licenses'
# secret_prefix: 'SNYK'
# secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
# parse_json: true
# - name: Run Snyk to check for deps vulnerabilities
# uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
# with:
# args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=critical
# snyk_scan_code:
# runs-on: ubuntu-latest
# permissions:
# id-token: write
# pull-requests: read
# contents: read
# deployments: write
# steps:
# - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
# - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
# with:
# role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
# app_name: 'typescript-rola'
# step_name: 'snyk-scan-code'
# secret_prefix: 'SNYK'
# secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
# parse_json: true
# - name: Run Snyk to check for code vulnerabilities
# uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
# with:
# args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --severity-threshold=high
# command: code test
# snyk_sbom:
# runs-on: ubuntu-latest
# permissions:
# id-token: write
# pull-requests: read
# contents: read
# deployments: write
# steps:
# - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
# - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
# with:
# role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
# app_name: 'typescript-rola'
# step_name: 'snyk-sbom'
# secret_prefix: 'SNYK'
# secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
# parse_json: true
# - name: Generate SBOM # check SBOM can be generated but nothing is done with it
# uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
# with:
# args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
# command: sbom
test_and_lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '18.x'
- name: Install dependencies
run: npm ci
- name: Running lint
run: npm run lint
- name: Running tests
run: npm run test
- name: Build
run: npm run build
- name: Prepare artifact
run: rm -rf node_modules e2e src sandbox
- uses: actions/upload-artifact@v3
with:
name: typescript-rola.${{ github.sha }}
path: .
# snyk_monitor:
# runs-on: ubuntu-latest
# if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
# needs:
# - test_and_lint
# permissions:
# id-token: write
# pull-requests: read
# contents: read
# deployments: write
# steps:
# - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
# - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
# with:
# role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
# app_name: 'connector-extension'
# step_name: 'snyk-monitor'
# secret_prefix: 'SNYK'
# secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
# parse_json: true
# - name: Enable Snyk online monitoring to check for vulnerabilities
# uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
# with:
# args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --target-reference=${{ github.ref_name }}
# command: monitor