Create SECURITY.md #303
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OHRI CI | |
on: | |
push: | |
tags: | |
- '*' | |
branches: | |
- '*' | |
pull_request: | |
branches: | |
- '*' | |
types: [opened, synchronize] | |
release: | |
types: | |
- created | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '16' | |
- name: Cache dependencies | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} | |
- name: Install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: yarn install --immutable | |
- name: Run tests | |
run: yarn run test | |
# Temporarily disable typecheck | |
# - name: Run lint and typecheck | |
# run: yarn turbo run lint typescript --color --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team="${{ github.repository_owner }}" | |
- name: Run build | |
run: yarn turbo run build --color --concurrency=5 --api="http://127.0.0.1:9080" --token="${{ secrets.TURBO_SERVER_TOKEN }}" --team="${{ github.repository_owner }}" | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: packages | |
path: | | |
packages/**/dist | |
pre_release: | |
runs-on: ubuntu-latest | |
needs: build | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/dev' }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '16' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Cache dependencies | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} | |
- name: Install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: yarn install --immutable | |
- run: yarn lerna version "$(node -e "console.log(require('./lerna.json').version)")-pre.${{ github.run_number }}" --no-git-tag-version --yes | |
- name: Build | |
run: yarn turbo run build --color --concurrency=5 | |
# Disable the step to updated configs of migration | |
# - name: Test and Generate Badges | |
# run: yarn badges | |
- name: setup git config | |
run: | | |
git config user.name "GitHub Actions Bot" | |
git config user.email "<>" | |
- name: commit | |
run: | | |
git add . | |
git commit -m "Prerelease version" --no-verify | |
- run: yarn run ci:prepublish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} | |
release: | |
runs-on: ubuntu-latest | |
needs: pre_release | |
if: ${{ github.event_name == 'release' }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '16' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Cache dependencies | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} | |
- name: Install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: yarn install --immutable | |
- name: Publish to NPM | |
run: yarn run ci:publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} | |
working: | |
runs-on: ubuntu-latest | |
needs: pre_release | |
if: ${{ github.ref == 'refs/heads/working' }} | |
steps: | |
# Update the Microfrontends to reflect what we have in the Working branch | |
- uses: garygrossgarten/github-action-ssh@release | |
name: Run the Update MicroFronEnd Script | |
with: | |
command: cd /usr/share/tomcat/microfrontends/working && /bin/bash update_microfrontends.sh | |
host: ${{ secrets.HISTAC_HOST }} | |
username: ${{ secrets.HISTAC_USERNAME }} | |
privateKey: ${{ secrets.HISTAC_KEY}} | |
port: ${{ secrets.HISTAC_PORT }} | |
dev: | |
runs-on: ubuntu-latest | |
needs: pre_release | |
if: ${{ github.ref == 'refs/heads/dev' }} | |
steps: | |
- name: Download Artifacts | |
uses: actions/download-artifact@v3 | |
- name: Compute Timestamp | |
run: echo "TIMESTAMP=$(date +'%Y-%m-%d')" >> $GITHUB_ENV | |
- uses: garygrossgarten/github-action-ssh@release | |
name: Run the Update MicroFronEnd Script | |
with: | |
command: cd /usr/share/tomcat/microfrontends/dev && /bin/bash update_microfrontends.sh | |
host: ${{ secrets.HISTAC_HOST }} | |
username: ${{ secrets.HISTAC_USERNAME }} | |
privateKey: ${{ secrets.HISTAC_KEY}} | |
port: ${{ secrets.HISTAC_PORT }} | |
dev_namibia: | |
runs-on: ubuntu-latest | |
needs: pre_release | |
if: ${{ github.ref == 'refs/heads/dev' }} | |
steps: | |
- uses: garygrossgarten/github-action-ssh@release | |
name: Run the Update MicroFronEnd Script for Namibia | |
with: | |
command: who && which node && cd /opt/microfrontends && /bin/bash update_microfrontends.sh | |
host: ${{ secrets.HISTAC_HOST }} | |
username: ${{ secrets.HISTAC_USERNAME }} | |
privateKey: ${{ secrets.HISTAC_KEY}} | |
port: ${{ secrets.HISTAC_NAMIBIA_PORT }} | |
pre_demo: | |
runs-on: ubuntu-latest | |
needs: build | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download Artifacts | |
uses: actions/download-artifact@v3 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "16" | |
registry-url: "https://registry.npmjs.org" | |
- run: yarn install --immutable | |
- run: yarn run ci:publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} | |
pre_demo_export_concepts: | |
runs-on: ubuntu-latest | |
needs: pre_demo | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: garygrossgarten/github-action-ssh@release | |
name: Run iniz-exporters script to export concepts to csv file. | |
with: | |
command: cd /usr/share/tomcat/iniz-exporters/concepts && rm -f concepts.csv && /bin/bash run.sh -u ${{ secrets.HISTAC_DEV_DB_USER }} -p ${{ secrets.HISTAC_DEV_DB_PASSWORD }} -o concepts.csv openmrs_dev | |
host: ${{ secrets.HISTAC_HOST }} | |
username: ${{ secrets.HISTAC_USERNAME }} | |
privateKey: ${{ secrets.HISTAC_KEY}} | |
port: ${{ secrets.HISTAC_PORT }} | |
demo: | |
runs-on: ubuntu-latest | |
needs: pre_demo_export_concepts | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
# Update the Microfrontends to reflect what we have in the Working branch | |
- uses: garygrossgarten/github-action-ssh@release | |
name: Run the Update MicroFronEnd Script | |
with: | |
command: cd /usr/share/tomcat/microfrontends/test && sh update_microfrontends.sh | |
host: ${{ secrets.HISTAC_HOST }} | |
username: ${{ secrets.HISTAC_USERNAME }} | |
privateKey: ${{ secrets.HISTAC_KEY}} | |
port: ${{ secrets.HISTAC_PORT }} | |
sandbox_demo: | |
runs-on: ubuntu-latest | |
needs: pre_demo_export_concepts | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
# Update the Microfrontends to reflect what we have in the Working branch | |
- uses: garygrossgarten/github-action-ssh@release | |
name: Run the Update MicroFronEnd Script | |
with: | |
command: cd /usr/share/tomcat/microfrontends/ && /bin/bash update_microfrontends.sh | |
host: ${{ secrets.SANDBOX_HOST }} | |
username: ${{ secrets.SANDBOX_USERNAME }} | |
privateKey: ${{ secrets.SANDBOX_KEY}} |