-
Notifications
You must be signed in to change notification settings - Fork 4
65 lines (60 loc) · 1.89 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
inputs:
ref:
description: 'The branch, tag or SHA to checkout'
default: main
type: string
jobs:
codeql-sast:
name: CodeQL SAST scan
uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main
permissions:
security-events: write
dependency-review:
name: Dependency Review scan
uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main
# This matrix job runs the test suite against multiple Ruby versions
test_matrix:
strategy:
fail-fast: false
matrix:
ruby: [3.1, 3.2, 3.3]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}
- name: Clone content-schemas
uses: actions/checkout@v4
with:
repository: alphagov/publishing-api
ref: main
path: tmp/publishing-api
- uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- run: bundle exec rake
env:
GOVUK_CONTENT_SCHEMAS_PATH: tmp/publishing-api/content_schemas
# Branch protection rules cannot directly depend on status checks from matrix jobs.
# So instead we define `test` as a dummy job which only runs after the preceding `test_matrix` checks have passed.
# Solution inspired by: https://github.community/t/status-check-for-a-matrix-jobs/127354/3
test:
needs: test_matrix
runs-on: ubuntu-latest
steps:
- run: echo "All matrix tests have passed 🚀"
publish:
needs: test
if: ${{ github.ref == 'refs/heads/main' }}
permissions:
contents: write
uses: alphagov/govuk-infrastructure/.github/workflows/publish-rubygem.yml@main
secrets:
GEM_HOST_API_KEY: ${{ secrets.ALPHAGOV_RUBYGEMS_API_KEY }}