-
Notifications
You must be signed in to change notification settings - Fork 2k
/
Copy pathconfig.yml
169 lines (155 loc) · 4.58 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
version: 2.1
orbs:
node: circleci/[email protected]
secops: apollo/[email protected]
commands:
install-volta:
description: Install volta to manage Node/npm versions
steps:
- run:
name: Install volta
# Teach the volta installer to update Circle's special env
# file instead of the default.
command: |
curl https://get.volta.sh | PROFILE="$BASH_ENV" bash
setup-node:
parameters:
node-version:
type: string
default: ''
steps:
- install-volta
- checkout
- when:
condition: << parameters.node-version >>
steps:
- run: volta pin node@<< parameters.node-version >>
- run: node --version
- run: npm --version
- node/install-packages
jobs:
NodeJS:
parameters:
node-version:
type: string
docker:
- image: cimg/base:stable
steps:
- setup-node:
node-version: <<parameters.node-version>>
- run: npm run test:ci
- run: npm run coverage:upload
- store_test_results:
path: junit.xml
Smoke test built package:
docker:
- image: cimg/base:stable
steps:
- setup-node
- run: npm run test:smoke
Full incremental delivery tests with graphql-js 17 canary:
docker:
- image: cimg/base:stable
environment:
INCREMENTAL_DELIVERY_TESTS_ENABLED: t
steps:
- setup-node:
node-version: "18"
# Install a prerelease of graphql-js 17 with incremental delivery support.
# --legacy-peer-deps because nothing expects v17 yet.
- run: npm i --legacy-peer-deps [email protected]
- run: npm run test:ci
- run: npm run test:smoke
Prettier:
docker:
- image: cimg/base:stable
steps:
- setup-node
- run: npm run prettier-check
ESLint:
docker:
- image: cimg/base:stable
steps:
- setup-node
- run: npm run lint
# Ensure that any PR that changes packages has a changeset on it (perhaps
# an empty one created with `changeset --empty`).
# We run the Changesets job itself on all branches so that we can require
# it to pass, but we don't run any steps on the "Version Packages" PRs
# themselves.
Changesets:
docker:
- image: cimg/base:stable
steps:
- run: echo Ensure there is at least one step
- unless:
condition:
matches:
pattern: "^changeset-release/.+$"
value: << pipeline.git.branch >>
steps:
- setup-node
- run: npm run changeset-check
Spell check:
docker:
- image: cimg/base:stable
steps:
- setup-node
- run: npm run spell-check
Codegen check:
docker:
- image: cimg/base:stable
steps:
- setup-node
- run: npm run codegen-check
# We make CI fail if any file contains FIX and ME right next to each other.
# This means that when working on a big PR, you can throw in notes that you
# are forced to come back to before merging the PR. Note that we don't block
# the tarball or publish steps on this, since you may want to try out builds
# on branches that still contain unresolved problems. In order for this file
# to not cause this job to fail, we obfuscate the target string by encoding
# the last letter in in hex (\x45 = E).
"Check for FIXM\x45":
docker:
- image: cimg/base:stable
steps:
- checkout
- run:
name: "Check for FIXM\x45"
# ! means this fails if git grep succeeds, ie if there are any matches
command: "! git grep FIXM\x45"
workflows:
Build:
jobs:
- NodeJS:
name: NodeJS << matrix.node-version >>
matrix:
parameters:
node-version:
- "14"
- "16"
- "18"
- "20"
- "22"
- "Check for FIXM\x45"
- Prettier
- ESLint
- Spell check
- Codegen check
- Smoke test built package
- Full incremental delivery tests with graphql-js 17 canary
- Changesets
security-scans:
jobs:
- secops/gitleaks:
context:
- platform-docker-ro
- github-orb
- secops-oidc
git-base-revision: <<#pipeline.git.base_revision>><<pipeline.git.base_revision>><</pipeline.git.base_revision >>
git-revision: << pipeline.git.revision >>
- secops/semgrep:
context:
- secops-oidc
- github-orb
git-base-revision: <<#pipeline.git.base_revision>><<pipeline.git.base_revision>><</pipeline.git.base_revision >>