Skip to content

Commit

Permalink
Merge branch 'release/v0.12.1'
Browse files Browse the repository at this point in the history
  • Loading branch information
musicEnfanthen committed May 15, 2024
2 parents 7c7af7a + a640f1e commit 226fb96
Show file tree
Hide file tree
Showing 118 changed files with 35,672 additions and 5,281 deletions.
32 changes: 0 additions & 32 deletions .github/workflows/ci_optimize_svgs.yml

This file was deleted.

158 changes: 149 additions & 9 deletions .github/workflows/ci_workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,66 +11,196 @@ on:
branches: [develop]
types: [opened, synchronize, reopened]

permissions:
contents: read

# globals
env:
# general settings
MAIN_REPO_OWNER: webern-unibas-ch # Main repo owner (default: webern-unibas-ch; should not be changed)

# dev settings
DEV_REPO: webern-unibas-ch/awg-app-dev
DEV_GH_PAGES_BRANCH: gh-pages
DEV_GH_PAGES_DIR: gh-pages-dir
DIST_DIR: dist

jobs:
test:
name: Run tests (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}

strategy:
matrix:
os: [ubuntu-latest]
node-version: [18.19, 20.9] # TODO (when Angular allows it): 21.x

outputs:
sha: ${{ steps.get-sha.outputs.SHA }}

steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # ratchet:actions/checkout@v4.1.3
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # ratchet:actions/checkout@v4.1.5
with:
fetch-depth: 0 # Get all history and branches

- name: Get git sha
id: get-sha
run: echo "SHA=$(git describe)" >> $GITHUB_OUTPUT

- name: Verify git sha
run: |
echo "SHA: ${{ steps.get-sha.outputs.SHA }}"
- name: Set up node ${{ matrix.node-version}}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # ratchet:actions/setup-node@v4.0.2
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'

- name: yarn install dependencies
run: |
yarn install
- name: Run CI tests with coverage
run: |
yarn run test:ci
- name: Upload code coverage
if: matrix.node-version == 20.9 # upload coverage report for current node version only
uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # ratchet:codecov/codecov-action@v4.3.0
uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
flags: unittests
env_vars: ${{ matrix.os }}, ${{ matrix.node-version }}

- name: Perform SonarCloud Analysis
if: matrix.node-version == 20.9 && github.event_name != 'pull_request' && github.repository_owner == env.MAIN_REPO_OWNER # perform SonarCloud analysis only for current node version and not with pull requests or forks(token issue)
uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # ratchet:SonarSource/sonarcloud-github-action@v2.1.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Test build for GH Pages

- name: Test build from develop for GH Pages
if: github.ref == 'refs/heads/develop'
run: |
echo "Updating dev-version"
yarn run pre-release --release-as ${{ steps.get-sha.outputs.SHA }} --skip.changelog --skip.commit --skip.tag
echo "Building dev-version"
yarn run build:dev
- name: Test build from main for GH Pages
if: github.ref == 'refs/heads/main'
run: |
yarn run build:gh
- name: Upload build artifacts
if: matrix.node-version == 20.9 # upload build artifacts for current node version only
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # ratchet:actions/upload-artifact@v4.3.3
with:
name: dist
path: ${{ github.workspace }}/${{ env.DIST_DIR }}
retention-days: 1

deploy_dev:
# run only on develop
if: github.ref == 'refs/heads/develop'

name: Deploy app from develop (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
needs: test

permissions:
contents: write

env:
SHA: ${{ needs.test.outputs.sha }}

strategy:
matrix:
os: [ubuntu-latest]
node-version: [20.9]

steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # ratchet:actions/checkout@v4.1.5
with:
# ref (branch, tag or SHA) to check out
ref: ${{ env.DEV_GH_PAGES_BRANCH }}
# relative path under $GITHUB_WORKSPACE to place the repository
path: ${{ env.DEV_GH_PAGES_DIR }}

- name: Download build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # ratchet:actions/upload-artifact@v4.1.7
with:
name: dist
path: ${{ github.workspace }}/${{ env.DIST_DIR }}

- name: Copy artifacts to gh-pages
run: |
cp -r ${{ env.DIST_DIR }}/awg-app/. ${{ env.DEV_GH_PAGES_DIR }}/dev/
- name: Configure git
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: |
echo "Configuring git"
git config user.name "github-actions"
git config user.email "github-actions@users.noreply.github.com"
- name: Commit files
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: |
echo "Running git commit"
git add .
git commit -m "Staging dev (${{ env.SHA }}) on gh-pages"
- name: Push changes to gh-pages (dry-run mode)
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: git push -v --dry-run origin HEAD:$DEV_GH_PAGES_BRANCH

- name: Push changes to gh-pages
working-directory: ${{ env.DEV_GH_PAGES_DIR }}
run: git push -v origin HEAD:$DEV_GH_PAGES_BRANCH

- name: Congratulations
if: ${{ success() }}
run: echo "🎉 New develop build deployed 🎊"

deploy:
# run only on main
if: github.ref == 'refs/heads/main'

name: Deploy app from main (Node v${{ matrix.node-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
needs: test
# run only on main

if: github.ref == 'refs/heads/main'
permissions:
contents: write

strategy:
matrix:
os: [ubuntu-latest]
node-version: [20.9]

steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # ratchet:actions/checkout@v4.1.3
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # ratchet:actions/checkout@v4.1.5
- name: Set up node ${{ matrix.node-version}}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # ratchet:actions/setup-node@v4.0.2
with:
Expand All @@ -87,25 +217,35 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
yarn run deploy:ci
release:
# run only on tags
if: startsWith(github.ref, 'refs/tags/')

name: Create Release from tag
runs-on: ${{ matrix.os }}
needs: test
# run only on tags

if: startsWith(github.ref, 'refs/tags/')
permissions:
contents: write

strategy:
matrix:
os: [ubuntu-latest]
node-version: [20.9]
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit

- name: Get tag version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
- name: Create Release
id: create_release
if: ${{ success() && startsWith(github.ref, 'refs/tags/') }}
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # ratchet:softprops/action-gh-release@v2.0.4
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # ratchet:softprops/action-gh-release@v2.0.5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_VERSION: ${{ steps.get_version.outputs.VERSION }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ on:
pull_request:
branches: [develop]

permissions:
contents: read

jobs:
analyze:
name: Analyze
Expand All @@ -22,19 +25,24 @@ jobs:
language: ['javascript']

steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # ratchet:actions/checkout@v4.1.3
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # ratchet:github/codeql-action/init@v2.13.4
uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
with:
languages: ${{ matrix.language }}
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # ratchet:github/codeql-action/autobuild@v2.13.4
uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # ratchet:github/codeql-action/analyze@v2.13.4
uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
with:
category: '/language:${{matrix.language}}'
27 changes: 27 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
name: 'Dependency Review'
on: [pull_request]

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit

- name: 'Checkout Repository'
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: 'Dependency Review'
uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
Loading

0 comments on commit 226fb96

Please sign in to comment.