From 81e847a15324331a6168af9b8637c92082cb96af Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 19 Sep 2022 17:02:31 +0200 Subject: [PATCH] build: harden GitHub Workflow permissions Signed-off-by: Alex Low --- .github/workflows/test_suite.yml | 164 ++++++++++++++++++++++++++++++- 1 file changed, 163 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test_suite.yml b/.github/workflows/test_suite.yml index fb617c9e4..a62b4ef88 100644 --- a/.github/workflows/test_suite.yml +++ b/.github/workflows/test_suite.yml @@ -1 +1,163 @@ -my updated file contents \ No newline at end of file +name: Test suite + +on: + push: + branches: + - master + pull_request: + +permissions: + contents: read # to fetch code (actions/checkout) + +jobs: +# the following are optional jobs and need to be configured according +# to this project's settings: +# +# lintcode: +# name: Javascript lint +# runs-on: ubuntu-latest +# steps: +# - name: checkout +# uses: actions/checkout@v3 +# +# - name: setup node +# uses: actions/setup-node@v1 +# with: +# node-version: '12.x' +# +# - name: cache dependencies +# uses: actions/cache@v1 +# with: +# path: ~/.npm +# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} +# restore-keys: | +# ${{ runner.os }}-node- +# +# - run: npm install +# - run: npm run lint:code +# +# lintstyle: +# name: SCSS lint +# runs-on: ubuntu-latest +# needs: [lintcode] +# steps: +# - name: checkout +# uses: actions/checkout@v3 +# +# - name: setup node +# uses: actions/setup-node@v1 +# with: +# node-version: '12.x' +# +# - name: cache dependencies +# uses: actions/cache@v1 +# with: +# path: ~/.npm +# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} +# restore-keys: | +# ${{ runner.os }}-node- +# - run: npm install +# - run: npm run lint:style +# +# lintdocs: +# name: documentation lint +# runs-on: ubuntu-latest +# needs: [lintcode,lintstyle] +# steps: +# - name: checkout +# uses: actions/checkout@v3 +# +# - name: setup node +# uses: actions/setup-node@v1 +# with: +# node-version: '12.x' +# +# - name: cache dependencies +# uses: actions/cache@v1 +# with: +# path: ~/.npm +# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} +# restore-keys: | +# ${{ runner.os }}-node- +# +# - run: npm install +# - run: npm run lint:markdown + + tests: + name: Meteor ${{ matrix.meteor }} tests + runs-on: ubuntu-latest + steps: + + # CHECKOUTS + - name: Checkout + uses: actions/checkout@v3 + + # CACHING + - name: Install Meteor + id: cache-meteor-install + uses: actions/cache@v3 + with: + path: ~/.meteor + key: v1-meteor-${{ hashFiles('.meteor/versions') }} + restore-keys: | + v1-meteor- + + - name: Cache NPM dependencies + id: cache-meteor-npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: v1-npm-${{ hashFiles('package-lock.json') }} + restore-keys: | + v1-npm- + + - name: Cache Meteor build + id: cache-meteor-build + uses: actions/cache@v3 + with: + path: | + .meteor/local/resolver-result-cache.json + .meteor/local/plugin-cache + .meteor/local/isopacks + .meteor/local/bundler-cache/scanner + key: v1-meteor_build_cache-${{ github.ref }}-${{ github.sha }} + restore-keys: | + v1-meteor_build_cache- + + - name: Setup meteor + uses: meteorengineer/setup-meteor@v1 + with: + meteor-release: '2.2' + + - name: Install NPM Dependencies + run: meteor npm ci + + - name: Run Tests + run: sh ./test-wekan.sh -cv + + - name: Upload coverage + uses: actions/upload-artifact@v3 + with: + name: coverage-folder + path: .coverage/ + + coverage: + name: Coverage report + runs-on: ubuntu-latest + needs: [tests] + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Download coverage + uses: actions/download-artifact@v3 + with: + name: coverage-folder + path: .coverage/ + + + - name: Coverage Report + uses: VeryGoodOpenSource/very_good_coverage@v1.2.1 + with: + path: ".coverage/lcov.info" + min_coverage: 1 # TODO add tests and increase to 95!