Skip to content

fix: package.json & package-lock.json to reduce vulnerabilities #948

fix: package.json & package-lock.json to reduce vulnerabilities

fix: package.json & package-lock.json to reduce vulnerabilities #948

name: Build, test, lint and release JiraLint
on: [push]
jobs:
build_and_test_and_release:
name: Build, Test and Release
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[skip ci]')"
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Use Node.js from .nvmrc
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
- name: Cache npm modules
uses: actions/cache@v3
env:
cache-name: cache-npm-modules
with:
# yarn cache files are stored in `~/.cache` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Install Dependencies
# Skip post-install scripts here, as a malicious script could steal env vars
run: npm ci --ignore-scripts
# Make sure the codebase can be built.
- name: build Artifact
run: npm run build
- name: Run Unit Test
run: npm run test
- name: Run Coverage
run: npm run coverage
- name: Run Lint
run: npm run lint
- name: validate cli can be invoked
run: cli/dist/jiralint help
- name: Run Semantic Release
run: npm run release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}