forked from Ninjalama/streamyfin_mirror
122 lines
3.7 KiB
YAML
122 lines
3.7 KiB
YAML
name: 🚦 Security & Quality Gate
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, edited, synchronize, reopened]
|
|
branches: [develop, master]
|
|
workflow_dispatch:
|
|
push:
|
|
branches: [develop]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
validate_pr_title:
|
|
name: "📝 Validate PR Title"
|
|
if: github.event_name == 'pull_request'
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
pull-requests: write
|
|
contents: read
|
|
steps:
|
|
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
|
|
id: lint_pr_title
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
|
|
if: always() && (steps.lint_pr_title.outputs.error_message != null)
|
|
with:
|
|
header: pr-title-lint-error
|
|
message: |
|
|
Hey there and thank you for opening this pull request! 👋🏼
|
|
We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/).
|
|
|
|
**Error details:**
|
|
```
|
|
${{ steps.lint_pr_title.outputs.error_message }}
|
|
```
|
|
|
|
- if: ${{ steps.lint_pr_title.outputs.error_message == null }}
|
|
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
|
|
with:
|
|
header: pr-title-lint-error
|
|
delete: true
|
|
|
|
dependency-review:
|
|
name: 🔍 Vulnerable Dependencies
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
fetch-depth: 0
|
|
|
|
- name: Dependency Review
|
|
uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
|
|
with:
|
|
fail-on-severity: high
|
|
deny-licenses: GPL-3.0, AGPL-3.0
|
|
base-ref: ${{ github.event.pull_request.base.sha || 'develop' }}
|
|
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
|
|
|
|
expo-doctor:
|
|
name: 🚑 Expo Doctor Check
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: 🛒 Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
|
|
- name: 🍞 Setup Bun
|
|
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: 📦 Install dependencies (bun)
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🚑 Run Expo Doctor
|
|
run: bun expo-doctor
|
|
|
|
code_quality:
|
|
name: "🔍 Lint & Test (${{ matrix.command }})"
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
command:
|
|
- "lint"
|
|
- "check"
|
|
- "format"
|
|
steps:
|
|
- name: "📥 Checkout PR code"
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
|
|
- name: "🟢 Setup Node.js"
|
|
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
|
with:
|
|
node-version: '22.x'
|
|
|
|
- name: "🍞 Setup Bun"
|
|
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: "📦 Install dependencies"
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: "🚨 Run ${{ matrix.command }}"
|
|
run: bun run ${{ matrix.command }}
|