mirror/dashy
1
0
Fork 0
mirror of https://github.com/Lissy93/dashy.git synced 2026-06-06 08:44:23 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
97fd049ffdc42e6db1df95fb202fcbfa667f1628
dashy/.github/workflows/ci.yml
Alicia Sykes 2743674e1f 📌 Pin to v0.70.0 trivy
2026-05-16 14:25:24 +01:00

241 lines
5.6 KiB
YAML
Raw Blame History

# CI checks to run when PR is opened
name: 🚦 PR Check
on:
pull_request:
branches: ['master', 'develop']
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
changes:
name: 🔎 Detect Changes
runs-on: ubuntu-latest
outputs:
lockfile: ${{ steps.filter.outputs.lockfile }}
workflows: ${{ steps.filter.outputs.workflows }}
locales: ${{ steps.filter.outputs.locales }}
translations: ${{ steps.filter.outputs.translations }}
src: ${{ steps.filter.outputs.src }}
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Filter Paths
uses: dorny/paths-filter@v4
id: filter
with:
filters: |
lockfile:
- 'yarn.lock'
workflows:
- '.github/workflows/**'
locales:
- 'src/assets/locales/**'
- 'src/**/*.vue'
- 'src/**/*.js'
- 'tests/locales/**'
translations:
- 'src/assets/locales/**'
src:
- 'src/**'
- 'package.json'
- 'yarn.lock'
- 'eslint.config.mjs'
- 'tsconfig.json'
lint:
name: 🛡️ Lint
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.src == 'true'
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'yarn'
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Run ESLint
run: yarn lint
typecheck:
name: 🦴 Typecheck
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.src == 'true'
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'yarn'
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Run vue-tsc
run: yarn typecheck
test:
name: 🧪 Test
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'yarn'
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Run Tests
run: yarn test
locales:
name: 🌐 Locale Check
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.locales == 'true'
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
- name: Check Locales
run: yarn validate-locales
spellcheck:
name: ✏️ Spellcheck
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.translations == 'true'
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Spellcheck en.json
uses: crate-ci/typos@v1
with:
files: src/assets/locales/en.json
build:
name: 🏗️ Build Check
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'yarn'
- name: Install Dependencies
run: yarn install --frozen-lockfile
- name: Build Project
run: yarn build
- name: Verify Build Output
run: |
if [ ! -d "dist" ]; then
echo "❌ Build failed: dist directory not created"
exit 1
fi
if [ ! -f "dist/index.html" ]; then
echo "❌ Build failed: index.html not found"
exit 1
fi
echo "✅ Build successful"
docker-smoke:
name: 🐳 Docker Smoke Test
runs-on: ubuntu-latest
continue-on-error: true
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Build & Test Docker Image
run: sh tests/docker-smoke-test.sh
timeout-minutes: 10
dependency-review:
name: 🔒 Dependency Audit
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.lockfile == 'true'
permissions:
contents: read
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Review Dependencies
uses: actions/dependency-review-action@v5
with:
fail-on-severity: moderate
secret-scan:
name: 🔑 Secret Scanning
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout Code
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Scan PR Diff for Secrets
uses: trufflesecurity/trufflehog@v3.95.3
with:
base: ${{ github.event.pull_request.base.sha }}
head: ${{ github.event.pull_request.head.sha }}
extra_args: --only-verified
workflow-audit:
name: 🛠️ Workflow Audit
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.workflows == 'true'
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Run Actionlint
uses: raven-actions/actionlint@v2
with:
fail-on-error: true
- name: Run Zizmor
uses: zizmorcore/zizmor-action@v0.5.4
with:
inputs: .github/workflows/
advanced-security: false
annotations: true
Reference in New Issue View Git Blame Copy Permalink