ci: set persist-credentials to false for checkout action #33
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dev Node CI | |
env: | |
node-version: 18 | |
node-package-manager: yarn | |
# on: | |
# push: | |
# branches: | |
# - "develop" | |
jobs: | |
cache-dependencies: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Access repository | |
uses: actions/checkout@v4 | |
- uses: ./.github/actions/cache | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
test: | |
runs-on: ubuntu-latest | |
needs: cache-dependencies | |
steps: | |
- name: Access repository | |
uses: actions/checkout@v2 | |
- uses: ./.github/actions/test | |
# validate-dependencies: | |
# runs-on: ubuntu-latest | |
# steps: | |
# - name: Access repository | |
# uses: actions/checkout@v2 | |
# - uses: ./.github/actions/validate-dependencies | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- test | |
- validate-dependencies | |
steps: | |
- name: Access repository | |
uses: actions/checkout@v4 | |
- uses: ./.github/actions/cache | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: Build | |
run: yarn build | |
- name: Upload client build artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ github.event.repository.name }}-client-develop | |
path: client/dist | |
- name: Upload server build artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ github.event.repository.name }}-server-develop | |
path: server/dist | |
check-docker-credentials: | |
runs-on: ubuntu-latest | |
needs: build | |
outputs: | |
defined: ${{ steps.username.outputs.defined == 'true' && steps.password.outputs.defined == 'true' }} | |
steps: | |
- name: Access repository | |
uses: actions/checkout@v4 | |
- name: Check if has username | |
id: username | |
uses: ./.github/actions/check-secret | |
with: | |
secret: ${{ secrets.DOCKER_USERNAME }} | |
- name: Check if has password | |
id: password | |
uses: ./.github/actions/check-secret | |
with: | |
secret: ${{ secrets.DOCKER_PASSWORD }} | |
publish-docker-image: | |
runs-on: ubuntu-latest | |
if: needs.check-docker-credentials.outputs.defined == 'true' | |
needs: | |
- check-docker-credentials | |
steps: | |
- name: Access repository | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: ${{ github.event.repository.name }}-client-develop | |
path: client/dist | |
- uses: actions/download-artifact@v3 | |
with: | |
name: ${{ github.event.repository.name }}-server-develop | |
path: server/dist | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: 'tv2media/${{ github.event.repository.name }}' | |
tags: | | |
type=ref,event=branch | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and push | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |