mirror of
https://github.com/streamyfin/streamyfin.git
synced 2026-01-15 15:48:05 +00:00
baeb83581e
Some checks are pending
🚦 Security & Quality Gate / 🚑 Expo Doctor Check (push) Waiting to run
🏗️ Build Apps / 🤖 Build Android APK (Phone) (push) Waiting to run
🏗️ Build Apps / 🤖 Build Android APK (TV) (push) Waiting to run
🏗️ Build Apps / 🍎 Build iOS IPA (Phone) (push) Waiting to run
🏗️ Build Apps / 🍎 Build iOS IPA (Phone - Unsigned) (push) Waiting to run
🔒 Lockfile Consistency Check / 🔍 Check bun.lock and package.json consistency (push) Waiting to run
🛡️ CodeQL Analysis / 🔎 Analyze with CodeQL (actions) (push) Waiting to run
🛡️ CodeQL Analysis / 🔎 Analyze with CodeQL (javascript-typescript) (push) Waiting to run
🏷️🔀Merge Conflict Labeler / 🏷️ Labeling Merge Conflicts (push) Waiting to run
🚦 Security & Quality Gate / 📝 Validate PR Title (push) Waiting to run
🚦 Security & Quality Gate / 🔍 Vulnerable Dependencies (push) Waiting to run
🚦 Security & Quality Gate / 🔍 Lint & Test (check) (push) Waiting to run
🚦 Security & Quality Gate / 🔍 Lint & Test (format) (push) Waiting to run
🚦 Security & Quality Gate / 🔍 Lint & Test (lint) (push) Waiting to run
🚦 Security & Quality Gate / 🔍 Lint & Test (typecheck) (push) Waiting to run
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
124 lines
3.8 KiB
YAML
124 lines
3.8 KiB
YAML
name: 🚦 Security & Quality Gate
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, edited, synchronize, reopened]
|
|
branches: [develop, master]
|
|
workflow_dispatch:
|
|
push:
|
|
branches: [develop]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
validate_pr_title:
|
|
name: "📝 Validate PR Title"
|
|
if: github.event_name == 'pull_request'
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
pull-requests: write
|
|
contents: read
|
|
steps:
|
|
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
|
|
id: lint_pr_title
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
|
|
if: always() && (steps.lint_pr_title.outputs.error_message != null)
|
|
with:
|
|
header: pr-title-lint-error
|
|
message: |
|
|
Hey there and thank you for opening this pull request! 👋🏼
|
|
We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/).
|
|
|
|
**Error details:**
|
|
```
|
|
${{ steps.lint_pr_title.outputs.error_message }}
|
|
```
|
|
|
|
- if: ${{ steps.lint_pr_title.outputs.error_message == null }}
|
|
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
|
|
with:
|
|
header: pr-title-lint-error
|
|
delete: true
|
|
|
|
dependency-review:
|
|
name: 🔍 Vulnerable Dependencies
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
fetch-depth: 0
|
|
|
|
- name: Dependency Review
|
|
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
|
|
with:
|
|
fail-on-severity: high
|
|
base-ref: ${{ github.event.pull_request.base.sha || 'develop' }}
|
|
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
|
|
|
|
expo-doctor:
|
|
name: 🚑 Expo Doctor Check
|
|
if: false
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: 🛒 Checkout repository
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
|
|
- name: 🍞 Setup Bun
|
|
uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: 📦 Install dependencies (bun)
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🚑 Run Expo Doctor
|
|
run: bun expo-doctor
|
|
|
|
code_quality:
|
|
name: "🔍 Lint & Test (${{ matrix.command }})"
|
|
runs-on: ubuntu-24.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
command:
|
|
- "lint"
|
|
- "check"
|
|
- "format"
|
|
- "typecheck"
|
|
|
|
steps:
|
|
- name: "📥 Checkout PR code"
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
|
|
- name: "🟢 Setup Node.js"
|
|
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
|
with:
|
|
node-version: '24.x'
|
|
|
|
- name: "🍞 Setup Bun"
|
|
uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: "📦 Install dependencies"
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: "🚨 Run ${{ matrix.command }}"
|
|
run: bun run ${{ matrix.command }}
|