.github/workflows/deploy.yaml

name: Deploy

on:
  push:
    branches: [main]

jobs:
  test:
    name: Test
    uses: noyabronok/vite-ts-react/.github/workflows/test.yaml@main
  # disable for now, failing permissions from contrast
  # scan:
  #   name: Sec scan
  #   permissions:
  #       contents: read # for actions/checkout
  #       security-events: write # for github/codeql-action/upload-sarif
  #       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
  #   runs-on: ubuntu-latest
  #   timeout-minutes: 3
  #   steps:
  #     - name: ☁️ checkout repository
  #       uses: actions/checkout@v3
      
  #     - name: 📦 install dependencies
  #       run: npm ci

  #     - name: 📦 run build
  #       run: npm run build

  #     - name: 🔍 Contrast Scan Action
  #       uses: Contrast-Security-OSS/contrastscan-action@v2.0.3
  #       with:
  #         artifact: dist/index.html
  #         apiKey: ${{ secrets.CONTRAST_API_KEY }}
  #         orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }}
  #         authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
  #         severity: high
  #         fail: true
  #     # To list vulnerabilities in the GitHub Security Tab of the repo include GitHub upload-sarif action
  #     # The value of `sarif_file` must be `results.sarif` 
  #     - name: Upload SARIF file
  #       uses: github/codeql-action/upload-sarif@v2
  #       with:
  #         sarif_file: results.sarif
  deploy:
    name: Deploy
    needs: test # make this [test, scan] if scan is fixed
    runs-on: ubuntu-latest
    timeout-minutes: 4
    env:
      MY_EMAIL: ${{ secrets.MY_EMAIL }}
      MY_NAME: Noyabronok
    steps:
      - name: ☁️ checkout repository
        uses: actions/checkout@v3

      - name: 🔧 setup node 18.x
        uses: actions/setup-node@v3
        with:
          node-version: 18.x

      - name: 📦 install dependencies
        run: npm ci

      - name: 🚀 deploy
        run: |
          git config --global user.email $MY_EMAIL
          git config --global user.name $MY_NAME
          git remote set-url origin https://$MY_NAME:${{ secrets.DEPLOY_TOKEN }}@github.com/noyabronok/vite-ts-react.git
          npm run deploy
  version:
    name: Bump Develop Version
    needs: deploy
    runs-on: ubuntu-latest
    timeout-minutes: 3
    env:
      MY_EMAIL: ${{ secrets.MY_EMAIL }}
      MY_NAME: Noyabronok
    steps:
      - name: ☁️ checkout repository
        uses: actions/checkout@v3
        with:
          ref: develop

      - name: 🔧 version
        run: |
          git config --global user.email $MY_EMAIL
          git config --global user.name $MY_NAME
          git remote set-url origin https://$MY_NAME:${{ secrets.DEPLOY_TOKEN }}@github.com/noyabronok/vite-ts-react.git
          npm version minor -m 'Post Deploy: bump to version %s'
          git push 
          git push --tags