Skip to content

chore(OSSF): update token permissions to improve ossf scorecard #1952

chore(OSSF): update token permissions to improve ossf scorecard

chore(OSSF): update token permissions to improve ossf scorecard #1952

Workflow file for this run

# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
pull-requests: write
actions: read
statuses: write
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x]
mongodb-version: [4.4]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Start MongoDB
uses: supercharge/[email protected]
with:
mongodb-version: ${{ matrix.mongodb-version }}
- name: Install dependencies
run: npm i
- name: Test
id: test
run: |
npm run test-coverage-ci
npm run test-coverage-ci --workspaces --if-present
- name: Upload test coverage report
uses: codecov/[email protected]
with:
files: ./coverage/lcov.info
token: ${{ secrets.CODECOV_TOKEN }}
# - name: Exit if coverage condition not met
# if: ${{ steps.test.outputs.exit_code }} != 0
# run: exit ${{ steps.test.outputs.exit_code }}
- name: Build application
run: npm run build
- name: Save build folder
uses: actions/upload-artifact@v4
with:
name: build
if-no-files-found: error
path: build
- name: Download the build folders
uses: actions/download-artifact@v4
with:
name: build
path: build
- name: Run cypress test
uses: cypress-io/github-action@v6
with:
start: npm start &
wait-on: "http://localhost:3000"
wait-on-timeout: 120
run: npm run cypress:run