From 43c99ca31be108d16a142efad4f7317ae02355bf Mon Sep 17 00:00:00 2001 From: Sudharaka Date: Thu, 2 May 2024 17:52:12 -0700 Subject: [PATCH] feat: add github ci configurations --- .github/actions/setup-project/action.yml | 15 ++++++++++ .github/dependabot.yml | 13 ++++++++ .github/workflows/ci.yml | 38 ++++++++++++++++++++++++ .github/workflows/codeql.yml | 36 ++++++++++++++++++++++ 4 files changed, 102 insertions(+) create mode 100644 .github/actions/setup-project/action.yml create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/actions/setup-project/action.yml b/.github/actions/setup-project/action.yml new file mode 100644 index 0000000..f2be2b2 --- /dev/null +++ b/.github/actions/setup-project/action.yml @@ -0,0 +1,15 @@ +name: Setup Project +description: Installs Node.js, NPM and dependencies and sets up the project + +runs: + using: 'composite' + steps: + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version-file: 'package.json' + cache: 'npm' + + - name: Install dependencies + shell: bash + run: npm ci --prefer-offline --no-audit --progress=false diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a518b37 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: '/' + schedule: + interval: 'weekly' + open-pull-requests-limit: 10 + + - package-ecosystem: github-actions + directory: '/' + schedule: + interval: 'weekly' + open-pull-requests-limit: 10 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..ad5575e --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,38 @@ +name: Continuous Integration + +on: + push: + branches: + - main + pull_request: + types: + - opened + - synchronize + - reopened + +jobs: + lint: + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup project + uses: ./.github/actions/setup-project + + - run: npm run lint:quiet + + prettier: + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup project + uses: ./.github/actions/setup-project + + - run: npm run prettier:check diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..3b35a33 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,36 @@ +name: 'CodeQL' + +on: + push: + branches: + - main + + pull_request: + types: + - opened + - synchronize + - reopened + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup project + uses: ./.github/actions/setup-project + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: javascript + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3