chore(deps): lock file maintenance #74

Workflow file for this run

	name: Test

	on:
	push:
	branches:
	- renovate/**
	pull_request:
	branches:
	- main
	workflow_call:
	secrets:
	SONAR_TOKEN:
	required: true

	permissions:
	contents: read

	jobs:
	test_matrix:
	strategy:
	matrix:
	node-version: [16, 18, 20]
	os: [ubuntu-latest, macos-latest, windows-latest]

	runs-on: ${{ matrix.os }}
	timeout-minutes: 10

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	github.com:443
	registry.npmjs.org:443
	storage.googleapis.com:443
	tuf-repo-cdn.sigstore.dev:443

	- name: Checkout code
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
	with:
	node-version: ${{ matrix.node-version }}
	cache: npm

	- name: Install packages
	run: npm ci

	- name: Audit npm signatures
	run: npm audit signatures

	- name: Check codestyle compliance
	run: npm run lint

	- name: Run tests
	run: npm test

	- name: Upload coverage report
	if: strategy.job-index == 0
	uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
	with:
	name: coverage-report
	path: coverage/lcov.info

	sonarcloud:
	runs-on: ubuntu-latest
	needs:
	- test_matrix
	permissions:
	pull-requests: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	*.amazonaws.com:443
	github.com:443
	sonarcloud.io:443
	*.sonarcloud.io:443

	- name: Checkout code
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
	with:
	fetch-depth: 0

	- name: Download coverage report
	uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
	with:
	name: coverage-report
	path: coverage/

	- name: Run SonarCloud scan
	uses: SonarSource/sonarcloud-github-action@c25d2e7e3def96d0d1781000d3c429da22cd6252 # v2.0.2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	# separate job to set as required status check in branch protection
	required_check:
	runs-on: ubuntu-latest
	needs:
	- test_matrix
	- sonarcloud
	if: always()
	steps:
	- name: All required jobs and matrix versions passed
	if: ${{ !(contains(needs.*.result, 'failure')) }}
	run: exit 0
	- name: Some required jobs or matrix versions failed
	if: ${{ contains(needs.*.result, 'failure') }}
	run: exit 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): lock file maintenance #74

Workflow file

chore(deps): lock file maintenance #74

Jobs

Run details

Workflow file for this run