microsoft/hve-core
Publicmirrored from https://github.com/microsoft/hve-coreAvailable
.github/workflows/main.yml
95lines · modecode
| 1 | name: Main Branch CI |
| 2 | |
| 3 | on: |
| 4 | push: |
| 5 | branches: |
| 6 | - main |
| 7 | |
| 8 | workflow_dispatch: |
| 9 | |
| 10 | # Minimal permissions for security |
| 11 | permissions: |
| 12 | contents: read |
| 13 | |
| 14 | jobs: |
| 15 | spell-check: |
| 16 | name: Spell Check |
| 17 | uses: ./.github/workflows/spell-check.yml |
| 18 | permissions: |
| 19 | contents: read |
| 20 | with: |
| 21 | soft-fail: false |
| 22 | |
| 23 | markdown-lint: |
| 24 | name: Markdown Lint |
| 25 | uses: ./.github/workflows/markdown-lint.yml |
| 26 | permissions: |
| 27 | contents: read |
| 28 | with: |
| 29 | soft-fail: false |
| 30 | |
| 31 | table-format: |
| 32 | name: Table Format Check |
| 33 | uses: ./.github/workflows/table-format.yml |
| 34 | permissions: |
| 35 | contents: read |
| 36 | with: |
| 37 | soft-fail: false |
| 38 | |
| 39 | dependency-pinning-scan: |
| 40 | name: Dependency Pinning Scan |
| 41 | uses: ./.github/workflows/dependency-pinning-scan.yml |
| 42 | permissions: |
| 43 | contents: read |
| 44 | security-events: write |
| 45 | with: |
| 46 | soft-fail: false |
| 47 | upload-sarif: true |
| 48 | upload-artifact: true |
| 49 | |
| 50 | extension-package: |
| 51 | name: Package VS Code Extension |
| 52 | needs: |
| 53 | - spell-check |
| 54 | - markdown-lint |
| 55 | - table-format |
| 56 | - dependency-pinning-scan |
| 57 | uses: ./.github/workflows/extension-package.yml |
| 58 | with: |
| 59 | dev-patch-number: ${{ github.run_number }} |
| 60 | permissions: |
| 61 | contents: read |
| 62 | |
| 63 | release-please: |
| 64 | name: Release Please |
| 65 | needs: |
| 66 | - spell-check |
| 67 | - markdown-lint |
| 68 | - table-format |
| 69 | - dependency-pinning-scan |
| 70 | - extension-package |
| 71 | runs-on: ubuntu-latest |
| 72 | outputs: |
| 73 | release_created: ${{ steps.release.outputs.release_created }} |
| 74 | tag_name: ${{ steps.release.outputs.tag_name }} |
| 75 | version: ${{ steps.release.outputs.version }} |
| 76 | major: ${{ steps.release.outputs.major }} |
| 77 | minor: ${{ steps.release.outputs.minor }} |
| 78 | patch: ${{ steps.release.outputs.patch }} |
| 79 | permissions: |
| 80 | contents: read |
| 81 | steps: |
| 82 | - name: Generate GitHub App Token |
| 83 | id: app-token |
| 84 | uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.0.0 |
| 85 | with: |
| 86 | app-id: ${{ vars.RELEASE_APP_ID }} |
| 87 | private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} |
| 88 | |
| 89 | - name: Run release-please |
| 90 | id: release |
| 91 | uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 |
| 92 | with: |
| 93 | token: ${{ steps.app-token.outputs.token }} |
| 94 | config-file: release-please-config.json |
| 95 | manifest-file: .release-please-manifest.json |