chore: supply-chain hardening — lockfile enforcement + action SHA pins #521
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| env: | |
| CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| on: [push] | |
| jobs: | |
| compile: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Set up node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| - name: Compile | |
| run: yarn && yarn build | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Set up node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| - name: Compile & Test | |
| run: yarn && yarn test | |
| run-examples: | |
| name: Run examples (to look for regressions) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Set up node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: 22 | |
| - name: Build | |
| run: yarn && yarn build | |
| - name: test examples | |
| run: | | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "Running hello world" | |
| node examples/hello-world.mjs | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "Running smoke test" | |
| node examples/smoke-test.mjs | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "Running trade search" | |
| node examples/trade-search.mjs | |
| publish: | |
| needs: [ compile, test, run-examples ] | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Set up node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| - name: Install dependencies | |
| run: yarn install --immutable | |
| - name: Build | |
| run: yarn build | |
| - name: Publish to npm | |
| run: | | |
| npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN} | |
| npm publish --access public | |
| env: | |
| NPM_TOKEN: ${{ secrets.SDK_NPM_TOKEN }} |