forked from cisagov/LME
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (137 loc) · 4.1 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
on:
workflow_dispatch:
push:
branches:
- main
tags:
- 'v[0-9]+.[0-9]+.[0-9]+*' # match basic semver tags
pull_request:
types:
- opened
- reopened
- synchronize
branches:
- main
- 'release-*'
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Lint Shell Scripts
continue-on-error: true
run: |
sudo apt-get update
sudo apt-get install shellcheck
shellcheck **/*.sh
- name: Lint PowerShell Scripts
continue-on-error: true
run: |
pwsh -Command "Invoke-ScriptAnalyzer -EnableExit -Recurse -Path ."
- name: Lint Lua
continue-on-error: true
run: |
sudo apt-get install -y luarocks
sudo luarocks install luacheck
luacheck **/*.lua
- name: Lint TeX Files
continue-on-error: true
run: |
sudo apt-get install chktex
chktex **/*.tex
- name: Lint YAML Files
continue-on-error: true
run: |
sudo apt-get update
sudo apt-get install yamllint
yamllint -f parsable **/*.yml
semgrep-scan:
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep:latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Semgrep Scan
continue-on-error: true
run: |
semgrep --config "p/r2c" .
build-release:
if: startsWith(github.head_ref, 'release')
#if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: [lint, semgrep-scan]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get release version
id: version
run: |
echo "version=${GITHUB_HEAD_REF##*-}" >> $GITHUB_ENV
- name: Get current date
id: date
run: |
echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
- name: Build Assets
run: git ls-files | zip LME-${{ env.version }}.zip -@
- name: Build Changelog
id: release
uses: mikepenz/[email protected]
with:
#fromTag: ${{ github.head_ref }}
toTag: ${{ github.head_ref }} # ${{ github.ref }}
configurationJson: |
{
"template": "#{{CHANGELOG}}",
"pr_template": "- #{{TITLE}} ##{{NUMBER}}",
"categories": [
{
"title": "## What's Added",
"labels": ["feat"]
},
{
"title": "## What's Fixed",
"labels": ["fix"]
},
{
"title": "## What's Updated",
"labels": ["update"]
},
{
"title": "## Uncategorized PRs",
"labels": []
}
],
"duplicate_filter": {
"pattern": "\\[ABC-....\\]",
"on_property": "title",
"method": "match"
},
"reference": {
"pattern": ".*\\ \\#(.).*",
"on_property": "body",
"method": "replace",
"target": "$1"
},
}
# commitMode: true
failOnError: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Draft Release
uses: softprops/[email protected]
with:
name: "LME v${{ env.version }}"
tag_name: "v${{ env.version }}"
append_body: true
body: |
## [${{ env.version }}] - Timberrrrr! - ${{ env.date }}
${{ steps.release.outputs.changelog }}
files: LME-${{ env.version }}.zip
draft: true
prerelease: false
discussion_category_name: "Announcements"
generate_release_notes: false
fail_on_unmatched_files: true
token: ${{ secrets.GITHUB_TOKEN }}