Add CSP headers to the karma run #18859
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'main' | |
on: | |
pull_request: | |
push: | |
branches: | |
- '**' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
GITHUB_SERVICE_USER: "rajsite" | |
GITHUB_SERVICE_EMAIL: "[email protected]" | |
LC_ALL: "en_US.UTF-8" | |
LANG: "en_US.UTF-8" | |
LANGUAGE: "en_US.UTF-8" | |
HAS_GITHUBPAGESDEPLOYTOKEN: ${{secrets.GITHUBPAGESDEPLOYTOKEN != ''}} | |
HAS_CHROMATIC_PROJECT_TOKEN: ${{secrets.CHROMATIC_PROJECT_TOKEN != ''}} | |
HAS_LHCI_GITHUB_APP_TOKEN: ${{secrets.LHCI_GITHUB_APP_TOKEN != ''}} | |
HAS_NPM_TOKEN: ${{secrets.NPM_TOKEN != ''}} | |
HAS_NUGET_TOKEN: ${{secrets.NUGET_TOKEN != ''}} | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
if: env.HAS_GITHUBPAGESDEPLOYTOKEN == 'true' | |
with: | |
# Required for beachball changelog detection | |
fetch-depth: 0 | |
# Must checkout with a token that can push to protected branches for beachball | |
# Cannot rely on GITHUB_TOKEN with workflow contents permission | |
# See: https://github.com/orgs/community/discussions/40971 | |
token: ${{ secrets.GITHUBPAGESDEPLOYTOKEN }} | |
- uses: actions/checkout@v3 | |
if: env.HAS_GITHUBPAGESDEPLOYTOKEN == 'false' | |
with: | |
# Required for beachball changelog detection | |
fetch-depth: 0 | |
# Install dependencies | |
- uses: actions/setup-dotnet@v3 | |
with: | |
global-json-file: packages/nimble-blazor/global.json | |
- run: dotnet --info | |
working-directory: packages/nimble-blazor/ | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '20' | |
registry-url: 'https://registry.npmjs.org' | |
cache: 'npm' | |
# Specify npm version | |
# See: https://github.com/actions/setup-node/issues/529 | |
- run: npm i -g npm@9 | |
- run: npm ci | |
# print a log of outdated npm dependencies | |
# only informational so swallow error codes | |
- run: npm outdated || exit 0 | |
# Audit | |
- run: npm audit --only=prod | |
# https://github.com/ni/nimble/issues/801 | |
# - run: npm audit --audit-level=critical | |
# Build | |
- run: npm run build | |
# Pack | |
- run: npm run pack | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packages | |
path: | | |
packages/**/*.tgz | |
packages/**/*.nupkg | |
angular-workspace/**/*.tgz | |
if-no-files-found: error | |
# The actions/upload-pages-artifact@v1 results in unexpected warning messages, workaround for: | |
# https://github.com/actions/upload-pages-artifact/issues/45 | |
- name: Pages file permission workaround | |
run: chmod -c -R +rX packages/site/dist | |
- uses: actions/upload-pages-artifact@v1 | |
with: | |
path: 'packages/site/dist' | |
# Publish to Chromatic (from any push) | |
- name: Publish to Chromatic | |
if: env.HAS_CHROMATIC_PROJECT_TOKEN == 'true' && github.event_name == 'push' | |
uses: chromaui/action@v1 | |
with: | |
projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} | |
onlyChanged: "!startsWith(github.ref, 'refs/heads/main')" # Use TurboSnap for PR builds | |
workingDir: ./packages/nimble-components | |
externals: | | |
- '.storybook/public/**' | |
- '../packages/nimble-tokens/dist/icons/svg/**' | |
- '../packages/nimble-tokens/source/styledictionary/properties/**' | |
storybookBuildDir: ../../packages/site/dist/storybook | |
exitOnceUploaded: true # Do not wait for test results | |
exitZeroOnChanges: true # Option to prevent the workflow from failing | |
# Lint | |
- run: npm run lint | |
# Test | |
- run: npm run test | |
# Run Lighthouse audit (from any push) | |
- name: Performance Audit with Lighthouse CI | |
if: env.HAS_LHCI_GITHUB_APP_TOKEN == 'true' && github.event_name == 'push' | |
run: npm run performance | |
env: | |
LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }} | |
# Check Changelog | |
- run: npm run check | |
- name: Validate no changes to tracked files | |
run: | | |
echo print files with changes: | |
git diff-index --ignore-space-at-eol --stat HEAD | |
echo exit with error if there are changes. | |
git diff-index --quiet --ignore-space-at-eol --stat HEAD | |
# Release | |
- name: Set Git User | |
if: env.HAS_GITHUBPAGESDEPLOYTOKEN == 'true' && startsWith(github.ref, 'refs/heads/main') | |
run: | | |
git config --global user.name "${{ env.GITHUB_SERVICE_USER }}" | |
git config --global user.email "${{ env.GITHUB_SERVICE_EMAIL }}" | |
# Update package versions, tag, and publish to npm (only from main) | |
- name: Beachball publish | |
if: env.HAS_GITHUBPAGESDEPLOYTOKEN == 'true' && env.HAS_NPM_TOKEN == 'true' && env.HAS_NUGET_TOKEN == 'true' && startsWith(github.ref, 'refs/heads/main') | |
env: | |
NPM_SECRET_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_SECRET_TOKEN: ${{ secrets.NUGET_TOKEN }} | |
run: npm run invoke-publish | |
pages: | |
needs: build | |
if: startsWith(github.ref, 'refs/heads/main') | |
runs-on: ubuntu-22.04 | |
permissions: | |
pages: write # to deploy to Pages | |
id-token: write # to verify the deployment originates from an appropriate source | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
steps: | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v1 |