generated from DSACMS/.github
-
Notifications
You must be signed in to change notification settings - Fork 3
133 lines (119 loc) · 4.92 KB
/
checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: "run-linting-checks"
on:
pull_request:
branches: [main, dev]
jobs:
resolve-repolinter-json:
uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main
with:
url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json'
repolinter-checks:
name: Tier 3 Checks
needs: resolve-repolinter-json
runs-on: ubuntu-latest
env:
RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json}}
steps:
- uses: actions/checkout@v4
- run: echo $RAW_JSON > repolinter.json
- uses: newrelic/repolinter-action@v1
with:
# A path to the JSON/YAML Repolinter ruleset to use, relative to the workflow
# working directory (i.e. under `$GITHUB_WORKSPACE`).
#
# This option is mutually exclusive with config_url. If this option and
# config_url are not specified, Repolinter's default ruleset will be used.
config_file: 'repolinter.json'
# Where repolinter-action should put the linting results. There are two
# options available:
# * "exit-code": repolinter-action will print the lint output to the console
# and set the exit code to result.passed. This output type is most useful for
# PR status checks.
# * "issue": repolinter-action will create a GitHub issue on the current
# repository with the repolinter output and always exit 0. See the README for
# more details on issue outputting behavior. This output type is ideal for
# non-intrusive notification.
#
# Default: "exit-code"
output_type: 'issue'
# The title to use for the issue created by repolinter-action. This title
# should indicate the purpose of the issue, as well as that it was created by
# a bot.
#
# This option will be ignored if output_type != "issue".
#
# Default: "[Repolinter] Open Source Policy Issues"
output_name: '[Repolinter] Tier 3 OSS Policy Issues'
# The name to use for the issue label created by repolinter-action. This name
# should be unique to repolinter-action (i.e. not used by any other issue) to
# prevent repolinter-action from getting confused.
#
# This option will be ignored if output_type != "issue".
#
# Default: "repolinter"
label_name: 'Tier 3 Remediation'
# The color to use for the issue label created by repolinter-action. The value
# for this option should be an unprefixed RRGGBB hex string (ex. ff568a).
# The default value is a shade of yellow.
#
# This option will be ignored if output_type != "issue".
#
# Default: "fbca04"
label_color: 'ff69b4'
# Personal access token (PAT) used to create an issue on this repository.
# This token is optional and only required if this actions is configured to
# output an issue (see `output_type`). This token must have the `public_repo`
# scope for the current repository in order to work properly.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
#
# Default: ${{ github.token }}
token: ${{ secrets.METRICS_GITHUB_TOKEN }}
run-pylint:
name: runner / pylint
permissions: write-all
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dciborow/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
level: warning
glob_pattern: "**/*.py"
filter_mode: "file"
frontend-checks:
permissions: write-all
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./app
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "18.13"
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.npm
key: npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
npm-
- name: Install dependencies
run: npm install
- name: Run linter
uses: reviewdog/action-eslint@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
workdir: app/
- name: Check code style
uses: EPMatt/reviewdog-action-prettier@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
workdir: app/
reporter: github-pr-review
level: warning
- name: Build Project
run: npm run build