codefresh.yml

version: '1.0'

steps:
  main_clone:
    title: Cloning main repository...
    type: git-clone
    repo: '${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}'
    revision: '${{CF_REVISION}}'

  install_dependencies:
    title: 'Installing testing dependencies'
    image: node:${{NODE_VERSION}}
    commands:
    - yarn install --frozen-lockfile

  security_scan:
    image: aquasec/trivy:latest
    title: "Scanning lockfile for security vulnerablities"
    fail_fast: false
    commands:
      - '! rm ${{SEC_SCAN_REPORT_FILE}} 2>/dev/null'
      - |-
        set -eo pipefail; \
        trivy \
          fs \
          --quiet \
          --ignorefile /tmp/.trivy/trivyignore \
          --ignore-unfixed \
          --exit-code 1 \
          . \
          | tee ${{SEC_SCAN_REPORT_FILE}}

  test:
    type: parallel
    steps:
      eslint:
        title: 'Running linting logic'
        image: node:${{NODE_VERSION}}
        commands:
        - yarn eslint

      unit_tests:
        title: 'Running unit-tests'
        image: node:${{NODE_VERSION}}
        commands:
        - yarn test

  deploy_to_npm:
    type: npm-publish
    arguments:
      NPM_TOKEN: '${{NPM_TOKEN}}'
      DIR: '${{CF_REPO_NAME}}'
    when:
      branch:
        only: [ master ]