ci(repo): update pipelines

- simplify master pipeline; and ensure that we add the correct remote (use env var) - add dependency audit check [ch8743]
rivierch · Feb 13, 2020 · 695c1e5 · 695c1e5
1 parent 0fc4fb8
commit 695c1e5
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 35 deletions.
diff --git a/.github/workflows/master-check-publish.yml b/.github/workflows/master-check-publish.yml
@@ -6,41 +6,7 @@ on:
       - master
 
 jobs:
-  healthcheck:
-    name: 'healthcheck'
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v1
-      - name: 'Cache yarn'
-        uses: actions/cache@v1
-        with:
-          path: ~/.cache/yarn
-          key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-
-      - name: 'Cache node_modules'
-        uses: actions/cache@v1
-        with:
-          path: ${{ github.workspace }}/node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: 'Setup registry'
-        run: |
-          echo "//npm.pkg.github.com/:_authToken=$GITHUB_TOKEN" >> ~/.npmrc
-          echo "@attest:registry=https://npm.pkg.github.com/" >> ~/.npmrc
-        env:
-          GITHUB_TOKEN: ${{ secrets.ADMIN_GH_TOKEN }}
-      - name: 'Install dependencies'
-        run: yarn install --frozen-lockfile
-      - name: 'Typecheck'
-        run: yarn typecheck
-      - name: 'Lint'
-        run: yarn lint
-      - name: 'Format'
-        run: yarn format
   publish:
-    needs: [healthcheck]
     runs-on: ubuntu-18.04
     steps:
       - uses: actions/checkout@v1
@@ -50,7 +16,7 @@ jobs:
           git config --global user.email admin@askattest.com
           git config --global user.name attest-admin
           git remote rm origin
-          git remote add origin "https://attest-admin:$GITHUB_TOKEN@github.com/attest/fe-tools.git"
+          git remote add origin "https://attest-admin:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git"
           git checkout -b master
           git push -u origin master
         env:
@@ -77,6 +43,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.ADMIN_GH_TOKEN }}
       - name: 'Install dependencies'
         run: yarn install --frozen-lockfile
+      - name: 'Lint'
+        run: yarn lint
+      - name: 'Format'
+        run: yarn format
       - name: Build
         run: yarn build
       - name: Version

diff --git a/.github/workflows/pull-request-audit-dependencies.yml b/.github/workflows/pull-request-audit-dependencies.yml
@@ -0,0 +1,15 @@
+name: Pull Request Audit Dependencies
+on: [pull_request]
+
+jobs:
+  prCheck:
+    name: audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - run: |
+          echo "//npm.pkg.github.com/:_authToken=$NODE_AUTH_TOKEN" >> ~/.npmrc
+          echo "@attest:registry=https://npm.pkg.github.com/" >> ~/.npmrc
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.ADMIN_GH_TOKEN}}
+      - run: yarn audit