@Mobile • Test App triggered by live-github-bot[bot] on ref renovate/npm-ws-vulnerability #30356
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "@Mobile • Test App" | |
| run-name: "@Mobile • Test App triggered by ${{ inputs.login || github.actor }} ${{ format('on ref {0}', github.ref_name) }}" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - release | |
| - hotfix | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: | | |
| If you run this manually, and want to run on a PR, the correct ref should be refs/pull/{PR_NUMBER}/merge to | |
| have the "normal" scenario involving checking out a merge commit between your branch and the base branch. | |
| If you want to run only on a branch or specific commit, you can use either the sha or the branch name instead (prefer the first verion for PRs). | |
| required: false | |
| login: | |
| description: The GitHub username that triggered the workflow | |
| required: false | |
| base_ref: | |
| description: The base branch to merge the head into when checking out the code | |
| required: false | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name != 'develop' && github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| codecheck: | |
| name: "Ledger Live Mobile CodeCheck" | |
| env: | |
| NODE_OPTIONS: "--max-old-space-size=7168" | |
| FORCE_COLOR: 3 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref || github.sha }} | |
| - name: Setup the toolchain | |
| id: toolchain | |
| uses: LedgerHQ/ledger-live/tools/actions/composites/setup-toolchain@develop | |
| with: | |
| skip-turbo-cache: "false" | |
| accountId: ${{ secrets.AWS_ACCOUNT_ID_PROD }} | |
| roleName: ${{ secrets.AWS_CACHE_ROLE_NAME }} | |
| region: ${{ secrets.AWS_CACHE_REGION }} | |
| turbo-server-token: ${{ secrets.TURBOREPO_SERVER_TOKEN }} | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.3.0 | |
| - name: Install dependencies | |
| run: pnpm i --filter="live-mobile..." --filter="ledger-live" --no-frozen-lockfile --unsafe-perm | |
| - name: Run linter | |
| run: pnpm lint --filter="live-mobile" --api="http://127.0.0.1:${{ steps.toolchain.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo" -- --format="json" -o="lint.json" | |
| - name: check for dead code | |
| run: pnpm mobile unimported | |
| shell: bash | |
| - name: Run code checkers | |
| run: pnpm typecheck --filter="live-mobile" --api="http://127.0.0.1:${{ steps.toolchain.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo" | |
| - name: Run unit tests | |
| run: pnpm mobile test | |
| - uses: actions/upload-artifact@v4 | |
| name: upload eslint json output | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: lint | |
| path: ${{ github.workspace }}/apps/ledger-live-mobile/lint.json | |
| report: | |
| needs: codecheck | |
| if: ${{ !cancelled() && github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "download linter results" | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: lint | |
| - uses: actions/github-script@v6 | |
| name: "format report" | |
| if: ${{ !cancelled() }} | |
| id: status | |
| with: | |
| script: | | |
| const fs = require("fs"); | |
| const path = require("path"); | |
| const statuses = [ | |
| "${{ needs.codecheck.result }}" | |
| ]; | |
| const isSuccess = Boolean(${{ needs.codecheck.result == 'success' }}); | |
| const isFailed = statuses.some(e => e === "failure"); | |
| const isCancelled = statuses.some(e => e === "cancelled"); | |
| let summary = `### Codechecks | |
| ${ isSuccess ? "Everything is fine" : "Unfortunately some checks did not pass" } | |
| - ${ isSuccess ? "✅" : "❌" } **Code checks** ended with status \`${{needs.codecheck.result}}\` | |
| `; | |
| // Store eslint results as annotations | |
| let annotations = [] | |
| try { | |
| const lintResult = require("./lint.json"); | |
| const LEVELS = { | |
| 0: "notice", | |
| 1: "warning", | |
| 2: "failure" | |
| }; | |
| const withErrorOrWarning = lintResult.filter(r => r.errorCount > 0 || r.fatalErrorCount > 0 || r.warningCount > 0); | |
| annotations = withErrorOrWarning.flatMap(({ filePath, messages }) => | |
| messages.map((m) => { | |
| const sameLine = m.line === m.endLine; | |
| return { | |
| path: path.relative(process.env.GITHUB_WORKSPACE, filePath), | |
| start_line: m.line, | |
| end_line: m.endLine, | |
| // Annotations only support start_column and end_column on the same line. Omit this parameter if start_line and end_line have different values. | |
| // https://docs.github.com/en/rest/reference/checks#create-a-check-run | |
| start_column: sameLine ? m.column : undefined, | |
| end_column: sameLine ? m.endColumn : undefined, | |
| annotation_level: LEVELS[m.severity], | |
| message: m.message, | |
| title: m.ruleId, | |
| } | |
| }) | |
| ); | |
| } catch(error) { | |
| console.error("Failed processing eslint annotations", error) | |
| } | |
| const data = { | |
| summary, | |
| annotations | |
| }; | |
| fs.writeFileSync("summary.json", JSON.stringify(data), "utf8"); | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: summary.json | |
| path: ${{ github.workspace }}/summary.json |