name: CI/CD Pipeline on: push: branches: [ main, master, develop ] pull_request: branches: [ main, master ] jobs: test: name: Test & Lint runs-on: ubuntu-latest strategy: matrix: node-version: [16.x, 18.x, 20.x] steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: 'npm' - name: Install dependencies run: npm ci - name: Run linting run: npm run lint - name: Build project run: npm run build - name: Generate documentation run: npm run docs - name: Upload build artifacts if: matrix.node-version == '20.x' uses: actions/upload-artifact@v4 with: name: build-artifacts path: | dist/ docs/ security: name: Security Audit runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20.x' cache: 'npm' - name: Install dependencies run: npm ci - name: Run security audit run: npm audit --audit-level=high - name: Run security scan uses: securecodewarrior/github-action-add-sarif@v1 with: sarif-file: 'security-scan-results.sarif' continue-on-error: true release: name: Release runs-on: ubuntu-latest needs: [test, security] if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20.x' cache: 'npm' - name: Install dependencies run: npm ci - name: Build project run: npm run build - name: Generate documentation run: npm run docs - name: Download build artifacts uses: actions/download-artifact@v4 with: name: build-artifacts - name: Create release uses: softprops/action-gh-release@v2 if: startsWith(github.ref, 'refs/tags/') with: files: | dist/** docs/** CHANGELOG.md README.md MULTI_SCHEME_GUIDE.md env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}