add permissions #1081
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: graphql-ppx-pipeline | |
on: [pull_request, push] | |
permissions: read-all | |
jobs: | |
test_and_build_linux: | |
name: ${{ matrix.os }}/node-${{ matrix.node-version }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
node-version: [16.x] | |
os: [ubuntu-latest] | |
ocaml-compiler: ["5.1"] | |
container: | |
image: alexfedoseev/alpine-node-yarn-esy:0.0.4 | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Set-up OCaml ${{ matrix.ocaml-compiler }} | |
uses: ocaml/setup-ocaml@v2 | |
with: | |
ocaml-compiler: ${{ matrix.ocaml-compiler }} | |
- run: opam install . --deps-only --with-test | |
- run: opam exec -- dune build | |
- name: native tests | |
run: opam exec -- dune runtest -f | |
env: | |
CI: true | |
- name: snapshot tests | |
env: | |
GRAPHQL_CI: true | |
run: | | |
npm ci --no-optional --ignore-scripts | |
./tests.sh | |
esy release-static | |
- name: Release build | |
run: opam exec -- dune build --root . --only-packages 'graphql-ppx' --ignore-promoted-rules --no-config --profile release-static | |
- name: (only on release) Upload artifacts ${{ matrix.os }} | |
uses: actions/upload-artifact@master | |
with: | |
name: ${{ matrix.os }} | |
path: _build/default/src/bin/bin.exe | |
test_and_build: | |
name: ${{ matrix.os }}/node-${{ matrix.node-version }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
node-version: [16.x] | |
os: [windows-latest, macOS-13, macOS-latest] | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Install esy | |
run: | | |
npm install -g esy@0.6.12 | |
- name: Install | |
run: esy install | |
- name: Print esy cache | |
id: print_esy_cache | |
run: node .github/workflows/print_esy_cache.js | |
- name: Try to restore dependencies cache | |
id: deps-cache | |
uses: actions/cache@v2 | |
with: | |
path: ${{ steps.print_esy_cache.outputs.esy_cache }} | |
key: ${{ matrix.os }}-${{ hashFiles('**/index.json') }} | |
- name: build | |
run: esy b | |
- name: test-native | |
run: | | |
esy b dune runtest -f | |
env: | |
CI: true | |
- name: npm ci | |
if: runner.os != 'Windows' | |
run: | | |
npm ci --no-optional | |
env: | |
GRAPHQL_CI: true | |
- name: snaphot tests | |
if: runner.os != 'Windows' | |
run: | | |
esy test | |
- name: (only on release) Upload artifacts ${{ matrix.os }} | |
uses: actions/upload-artifact@master | |
with: | |
name: ${{ matrix.os }} | |
path: _build/default/src/bin/bin.exe | |
publish: | |
needs: [test_and_build, test_and_build_linux] | |
name: (only on release) Publish | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v1 | |
- uses: actions/setup-node@v1 | |
with: | |
node-version: "12.x" | |
registry-url: "https://registry.npmjs.org" | |
- name: Download linux artifacts | |
if: success() | |
uses: actions/download-artifact@master | |
with: | |
name: ubuntu-latest | |
path: binaries/linux | |
- name: Download macOS artifacts (arm) | |
if: success() | |
uses: actions/download-artifact@master | |
with: | |
name: macOS-latest | |
path: binaries/darwin-arm64 | |
- name: Download macOS artifacts | |
if: success() | |
uses: actions/download-artifact@master | |
with: | |
name: macOS-13 | |
path: binaries/darwin | |
- name: Download windows artifacts | |
if: success() | |
uses: actions/download-artifact@master | |
with: | |
name: windows-latest | |
path: binaries/windows | |
- name: Move artifacts | |
if: success() | |
run: | | |
mkdir -p bin | |
mv binaries/darwin/bin.exe bin/graphql-ppx-darwin-x64.exe | |
mv binaries/darwin-arm64/bin.exe bin/graphql-ppx-darwin-arm64.exe | |
mv binaries/windows/bin.exe bin/graphql-ppx-win-x64.exe | |
mv binaries/linux/bin.exe bin/graphql-ppx-linux-x64.exe | |
- name: Publish | |
if: success() && github.event_name != 'pull_request' && startsWith(github.ref, 'refs/tags/') | |
run: npm publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN_JAAP }} | |
- name: Publish Prerelease | |
if: success() && github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/tags/') | |
run: | | |
npm version prerelease -preid $(git rev-parse --short HEAD) -no-git-tag-version | |
npm publish --tag=dev | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN_JAAP }} |