mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-01-14 06:43:25 +08:00
449ba284ce
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
62 lines
1.3 KiB
YAML
62 lines
1.3 KiB
YAML
name: Build
|
|
|
|
on: [push, pull_request]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
node-version: [16.x]
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Setup Node.js ${{ matrix.node-version }}
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
cache: yarn
|
|
node-version: ${{ matrix.node-version }}
|
|
|
|
- name: Install Yarn
|
|
run: npm i yarn --global
|
|
|
|
- name: Install Packages
|
|
run: |
|
|
yarn install --frozen-lockfile
|
|
env:
|
|
CYPRESS_CACHE_FOLDER: .cache/Cypress
|
|
|
|
- name: Run Build
|
|
run: yarn build
|
|
|
|
- name: Upload Build as Artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: dist
|
|
path: dist
|
|
|
|
- name: Run Unit Tests
|
|
run: |
|
|
yarn test --coverage
|
|
|
|
#- name: Upload Test Results
|
|
# uses: coverallsapp/github-action@v1.0.1
|
|
# with:
|
|
# github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
# parallel: true
|
|
|
|
# - name: Run E2E Tests
|
|
# run: yarn e2e
|
|
# env:
|
|
# PERCY_TOKEN: ${{ secrets.PERCY_TOKEN }}
|
|
# CYPRESS_CACHE_FOLDER: .cache/Cypress
|
|
|
|
#- name: Post Upload Test Results
|
|
# uses: coverallsapp/github-action@master
|
|
# with:
|
|
# github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
# parallel-finished: true
|