Skip to content

ci: Ignore Gemfile.lock on trivy #88

ci: Ignore Gemfile.lock on trivy

ci: Ignore Gemfile.lock on trivy #88

Workflow file for this run

name: Release
on:
push:
branches:
- main
permissions:
contents: read
jobs:
rubocop:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-gems-
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.0'
bundler-cache: false
- name: Install dependencies
run: bundle install --jobs 4 --retry 3
- name: Run RuboCop
run: bundle exec rubocop --parallel
codespell:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install codespell
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Check spelling with codespell
run: codespell --ignore-words=codespell.txt || exit 1
unit_test:
runs-on: ubuntu-latest
needs: [rubocop, codespell]
strategy:
fail-fast: false
matrix:
gemfile:
- rails_5.2_stable
- rails_6.0_stable
- rails_6.1_stable
- rails_7.0_stable
- rails_7.1_stable
- rails_edge
ruby: ['2.7', '3.0', '3.1', '3.2', '3.3']
exclude:
- ruby: '3.0'
gemfile: rails_5.2_stable
- ruby: '3.1'
gemfile: rails_5.2_stable
- ruby: '3.2'
gemfile: rails_5.2_stable
- ruby: '3.3'
gemfile: rails_5.2_stable
- ruby: '2.7'
gemfile: rails_edge
- ruby: '3.0'
gemfile: rails_edge
env:
BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Suppress git warnings
run: git config --global init.defaultBranch main
- name: Run RSpec
run: bundle exec rspec
- name: Coveralls Parallel
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: unit-ruby-${{matrix.ruby }}-${{ matrix.gemfile }}
parallel: true
path-to-lcov: ./coverage/lcov/devise_auth0.lcov
finish:
needs: unit_test
runs-on: ubuntu-latest
steps:
- name: Upload coverage to Coveralls
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true
file: ./coverage/lcov/devise_auth0.lcov
release:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
needs: [unit_test]
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
- uses: actions/checkout@v4
- uses: google-github-actions/release-please-action@v4
id: release
with:
token: ${{ secrets.DEVOPS_TOKEN }}
- name: Push to Release Branch
if: ${{ steps.release.outputs.release_created }}
uses: actions/github-script@v7
env:
MAJOR_VERSION: ${{ steps.release.outputs.major }}
with:
github-token: ${{ secrets.DEVOPS_TOKEN }}
script: |
github.rest.git.updateRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `heads/${process.env.MAJOR_VERSION}-stable`,
sha: context.sha,
force: true
});