on_pr: 166 #629
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: on_pr | |
| run-name: "on_pr: ${{ github.event.pull_request.number }}" | |
| on: | |
| pull_request: | |
| permissions: | |
| actions: read # required by BitGo/build-system | |
| contents: read # required by BitGo/build-system | |
| id-token: write # required by BitGo/build-system | |
| pull-requests: write # required by Grype PR commenter | |
| packages: read # required for ArgoCD deploy | |
| jobs: | |
| build-and-test: | |
| name: Build & Test (CI) | |
| uses: ./.github/workflows/build-and-test.yaml | |
| secrets: | |
| fossa-api-key: ${{ secrets.FOSSA_API_KEY }} | |
| build-docker-image: | |
| name: Build the Docker Image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| tags: | | |
| ghcr.io/bitgo/advanced-wallets:${{ github.sha }} | |
| build-args: | | |
| BUILD_VERSION=${{ github.sha }} | |
| BUILD_DATE=${{ github.event.repository.updated_at }} | |
| VCS_REF=${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| audit-api-spec: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout PR | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Install Dependencies | |
| run: npm ci | |
| - name: Install OpenAPI Generator at root | |
| run: npm install @api-ts/openapi-generator@v5 | |
| - name: Download and install vacuum v0.18.1 | |
| run: | | |
| curl -L \ | |
| --output vacuum.tar.gz \ | |
| --silent \ | |
| --show-error \ | |
| --fail \ | |
| https://github.com/daveshanley/vacuum/releases/download/v0.18.1/vacuum_0.18.1_linux_x86_64.tar.gz | |
| tar -xzf vacuum.tar.gz | |
| chmod u+x vacuum | |
| sudo mv vacuum /usr/local/bin/ | |
| vacuum version | |
| - name: Generate API spec | |
| run: | | |
| ./node_modules/.bin/openapi-generator \ | |
| src/masterBitgoExpress/routers/index.ts \ | |
| > api-generated.json | |
| - name: Audit with Vacuum | |
| run: | | |
| vacuum report \ | |
| --no-style \ | |
| --stdout \ | |
| --ruleset ruleset.yaml \ | |
| api-generated.json > vacuum-report.json | |
| jq '.resultSet.results // []' vacuum-report.json > vacuum-results.json | |
| ERROR_COUNT=$(jq '[.[] | select(.ruleSeverity == "error")] | length' vacuum-results.json) | |
| WARNING_COUNT=$(jq '[.[] | select(.ruleSeverity == "warn")] | length' vacuum-results.json) | |
| echo "Found $ERROR_COUNT error(s) and $WARNING_COUNT warning(s)" | |
| if [ "$ERROR_COUNT" -gt 0 ]; then | |
| echo "API specification audit failed with $ERROR_COUNT error(s)" | |
| echo "" | |
| echo "Errors:" | |
| jq -r '.[] | select(.ruleSeverity == "error") | " - [\(.ruleId)] \(.message) at \(.path)"' vacuum-results.json | |
| exit 1 | |
| else | |
| echo "API specification audit passed!" | |
| fi |