From 695c1e535d3a0ccd59337c387857683d4c3cc973 Mon Sep 17 00:00:00 2001
From: Blake Newman <blakenoodles@gmail.com>
Date: Thu, 13 Feb 2020 09:00:28 +0000
Subject: [PATCH] ci(repo): update pipelines

- simplify master pipeline; and ensure that we add the correct remote (use
env var)
- add dependency audit check

[ch8743]
---
 .github/workflows/master-check-publish.yml    | 40 +++----------------
 .../pull-request-audit-dependencies.yml       | 15 +++++++
 2 files changed, 20 insertions(+), 35 deletions(-)
 create mode 100644 .github/workflows/pull-request-audit-dependencies.yml

diff --git a/.github/workflows/master-check-publish.yml b/.github/workflows/master-check-publish.yml
index 649b3b7..cf73bff 100644
--- a/.github/workflows/master-check-publish.yml
+++ b/.github/workflows/master-check-publish.yml
@@ -6,41 +6,7 @@ on:
       - master
 
 jobs:
-  healthcheck:
-    name: 'healthcheck'
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v1
-      - name: 'Cache yarn'
-        uses: actions/cache@v1
-        with:
-          path: ~/.cache/yarn
-          key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-
-      - name: 'Cache node_modules'
-        uses: actions/cache@v1
-        with:
-          path: ${{ github.workspace }}/node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: 'Setup registry'
-        run: |
-          echo "//npm.pkg.github.com/:_authToken=$GITHUB_TOKEN" >> ~/.npmrc
-          echo "@attest:registry=https://npm.pkg.github.com/" >> ~/.npmrc
-        env:
-          GITHUB_TOKEN: ${{ secrets.ADMIN_GH_TOKEN }}
-      - name: 'Install dependencies'
-        run: yarn install --frozen-lockfile
-      - name: 'Typecheck'
-        run: yarn typecheck
-      - name: 'Lint'
-        run: yarn lint
-      - name: 'Format'
-        run: yarn format
   publish:
-    needs: [healthcheck]
     runs-on: ubuntu-18.04
     steps:
       - uses: actions/checkout@v1
@@ -50,7 +16,7 @@ jobs:
           git config --global user.email admin@askattest.com
           git config --global user.name attest-admin
           git remote rm origin
-          git remote add origin "https://attest-admin:$GITHUB_TOKEN@github.com/attest/fe-tools.git"
+          git remote add origin "https://attest-admin:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git"
           git checkout -b master
           git push -u origin master
         env:
@@ -77,6 +43,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.ADMIN_GH_TOKEN }}
       - name: 'Install dependencies'
         run: yarn install --frozen-lockfile
+      - name: 'Lint'
+        run: yarn lint
+      - name: 'Format'
+        run: yarn format
       - name: Build
         run: yarn build
       - name: Version
diff --git a/.github/workflows/pull-request-audit-dependencies.yml b/.github/workflows/pull-request-audit-dependencies.yml
new file mode 100644
index 0000000..ac9c2e9
--- /dev/null
+++ b/.github/workflows/pull-request-audit-dependencies.yml
@@ -0,0 +1,15 @@
+name: Pull Request Audit Dependencies
+on: [pull_request]
+
+jobs:
+  prCheck:
+    name: audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - run: |
+          echo "//npm.pkg.github.com/:_authToken=$NODE_AUTH_TOKEN" >> ~/.npmrc
+          echo "@attest:registry=https://npm.pkg.github.com/" >> ~/.npmrc
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.ADMIN_GH_TOKEN}}
+      - run: yarn audit