mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-01-26 20:56:48 +00:00
5c1bdc7698
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
123 lines
3.0 KiB
YAML
123 lines
3.0 KiB
YAML
name: Build
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
pull_request:
|
|
|
|
env:
|
|
DISABLE_KNAPSACK: true
|
|
TIMEZONE: UTC
|
|
COVERAGE: true
|
|
RSPEC_RETRY_RETRY_COUNT: 3
|
|
RAILS_ENV: test
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
rspec:
|
|
runs-on: ubuntu-18.04
|
|
services:
|
|
postgres:
|
|
image: postgres:10
|
|
ports: ["5432:5432"]
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
env:
|
|
POSTGRES_DB: open_food_network_test
|
|
POSTGRES_USER: ofn
|
|
POSTGRES_PASSWORD: f00d
|
|
strategy:
|
|
matrix:
|
|
specs:
|
|
- "spec/controllers"
|
|
- "spec/models"
|
|
- "spec/features/admin/[a-o0-9]*_spec.rb"
|
|
- "spec/lib"
|
|
- "spec/migrations"
|
|
- "spec/serializers"
|
|
- "spec/system/admin/[a-o0-9]*_spec.rb"
|
|
- "spec/system/admin/[p-z]*_spec.rb"
|
|
- "spec/system/consumer"
|
|
- "engines/*/spec"
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Set up Ruby
|
|
uses: ruby/setup-ruby@v1
|
|
with:
|
|
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
|
|
|
- uses: actions/setup-node@v2
|
|
with:
|
|
node-version: '14.15.5'
|
|
|
|
- name: Install JS dependencies
|
|
run: yarn install --frozen-lockfile
|
|
|
|
- name: Set up database
|
|
run: |
|
|
bundle exec rake db:create
|
|
bundle exec rake db:schema:load
|
|
|
|
- name: Run tests
|
|
run: bundle exec rspec --profile -- ${{ matrix.specs }}
|
|
|
|
- name: Archive failed tests screenshots
|
|
if: failure()
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: failed-tests-screenshots
|
|
path: tmp/capybara/screenshots/*.png
|
|
retention-days: 7
|
|
if-no-files-found: ignore
|
|
|
|
test-the-rest:
|
|
runs-on: ubuntu-18.04
|
|
services:
|
|
postgres:
|
|
image: postgres:10
|
|
ports: ["5432:5432"]
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
env:
|
|
POSTGRES_DB: open_food_network_test
|
|
POSTGRES_USER: ofn
|
|
POSTGRES_PASSWORD: f00d
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Set up Ruby
|
|
uses: ruby/setup-ruby@v1
|
|
with:
|
|
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
|
|
|
- uses: actions/setup-node@v2
|
|
with:
|
|
node-version: '14.15.5'
|
|
|
|
- name: Install JS dependencies
|
|
run: yarn install --frozen-lockfile
|
|
|
|
- name: Set up database
|
|
run: |
|
|
bundle exec rake db:create
|
|
bundle exec rake db:schema:load
|
|
|
|
- name: Run JS tests
|
|
run: bundle exec rake karma:run
|
|
|
|
- name: Run jest tests
|
|
run: yarn jest
|
|
|
|
- name: Run all other tests
|
|
run: bundle exec rake ofn:specs:run:excluding_folders["models,controllers,serializers,features,lib,migrations,system"]
|