Skip to content

Commit

Permalink
Implement safe workflow secrets access
Browse files Browse the repository at this point in the history
  • Loading branch information
@JimiC
JimiC committed Aug 11, 2023
1 parent 900b486 commit c72cdbf
Show file tree
Hide file tree
Showing 2 changed files with 91 additions and 34 deletions.
84 changes: 50 additions & 34 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ name: build

on:
push:
tags:
- '!*'
branches:
tags-ignore:
- '*'
branches:
- main
pull_request:
branches:
- main
Expand Down Expand Up @@ -38,37 +38,37 @@ jobs:
# send_coverage:
# - false
include:
- os: ubuntu-latest
arch: x64
node-version: 20 # latest
experimental: true
node_minimum: false
- os: macOS-latest
arch: x64
node-version: 20 # latest
experimental: true
send_coverage: false
- os: windows-latest
arch: x64
node-version: 20 # latest
experimental: true
send_coverage: false
# - os: ubuntu-latest
# arch: x64
# node-version: 20 # latest
# experimental: true
# node_minimum: false
# - os: macOS-latest
# arch: x64
# node-version: 20 # latest
# experimental: true
# send_coverage: false
# - os: windows-latest
# arch: x64
# node-version: 20 # latest
# experimental: true
# send_coverage: false

- os: ubuntu-latest
node-version: 18 # minimum
arch: x64
experimental: false
send_coverage: true
- os: macOS-latest
arch: x64
node-version: 18 # minimum
experimental: false
send_coverage: false
- os: windows-latest
arch: x64
node-version: 18 # minimum
experimental: false
send_coverage: false
# - os: macOS-latest
# arch: x64
# node-version: 18 # minimum
# experimental: false
# send_coverage: false
# - os: windows-latest
# arch: x64
# node-version: 18 # minimum
# experimental: false
# send_coverage: false

steps:
- name: "Setting up Node.js: ${{ matrix.node-version }}"
Expand All @@ -93,14 +93,30 @@ jobs:
continue-on-error: ${{ matrix.experimental }}
run: npm test

- name: Sending coverage report
# - name: Uploading code coverage report
# if: >
# (
# success() &&
# matrix.send_coverage &&
# github.event_name == 'push' &&
# github.repository_owner == 'JimiC' &&
# github.actor != 'dependabot[bot]'
# )
# uses: paambaati/codeclimate-action@v5
# env:
# CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}

- name: Uploading code coverage artifact
if: >
(
success() &&
matrix.send_coverage &&
github.actor != 'dependabot[bot]' &&
github.repository_owner == 'JimiC'
github.repository_owner == 'JimiC' &&
github.actor != 'dependabot[bot]'
)
uses: paambaati/codeclimate-action@v5
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
# github.event_name == 'pull_request' &&
uses: actions/upload-artifact@v3
with:
name: code-coverage-report
path: coverage/lcov.info
retention-days: 1
41 changes: 41 additions & 0 deletions .github/workflows/coverage.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: code coverage

on:
workflow_run:
workflows:
- build
types:
- completed

jobs:
code-climate:
name: Send code coverage report to Code Climate
runs-on: ubuntu-latest
if: >
(
(
github.event.workflow_run.event == 'pull_request' ||
github.event.workflow_run.event == 'push'
) &&
github.repository_owner == 'JimiC' &&
github.actor != 'dependabot[bot]'
)
steps:
- name: Cloning repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.workflow_run.head_sha }}

- name: Download artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: build.yml
workflow_conclusion: success
name: code-coverage-report

- name: Uploading code coverage report
uses: paambaati/codeclimate-action@v5
with:
coverageLocations: lcov.info:lcov
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}

0 comments on commit c72cdbf

Please sign in to comment.