Add permissions section to code review workflow #28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| permissions: | |
| checks: write | |
| contents: read | |
| pull-requests: write | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run linter | |
| run: pnpm lint | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run prepare | |
| run: pnpm dev:prepare | |
| - name: Cache build outputs | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| .nuxt | |
| dist | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-build- | |
| - name: Run tests | |
| run: pnpm test | |
| - name: Run type checks | |
| run: pnpm test:types | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Cache build outputs | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| .nuxt | |
| dist | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-build- | |
| - name: Run dev:prepare | |
| run: pnpm dev:prepare | |
| - name: Run prepack (build module) | |
| run: pnpm prepack | |
| - name: Build playground | |
| run: pnpm build | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| dist/ | |
| .nuxt/ | |
| playground/.output/ | |
| retention-days: 7 | |
| # Summary job that will be used as a required status check | |
| ci-summary: | |
| runs-on: ubuntu-latest | |
| needs: [lint, test, build] | |
| if: always() | |
| steps: | |
| - name: Check all jobs status | |
| run: | | |
| if [[ "${{ needs.lint.result }}" != "success" ]]; then | |
| echo "❌ Lint job failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.test.result }}" != "success" ]]; then | |
| echo "❌ Test job failed" | |
| exit 1 | |
| fi | |
| if [[ "${{ needs.build.result }}" != "success" ]]; then | |
| echo "❌ Build job failed" | |
| exit 1 | |
| fi | |
| echo "✅ All CI jobs passed successfully!" |