Skip to content

Add GitHub Actions workflows for Copilot setup and Continuous Integration with Yarn support #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add GitHub Actions workflows for Copilot setup and Continuous Integration with Yarn support #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f87165c
Initial plan
Copilot Sep 26, 2025
ef159ad
feat: add copilot-setup-steps GitHub Actions workflow
Copilot Sep 26, 2025
75b3c75
Update .github/workflows/copilot-setup-steps.yml
joe10832 Sep 29, 2025
430108d
Update workflow to use yarn with corepack as requested
Copilot Sep 29, 2025
2897045
Add comprehensive CI workflow with security hardening
Copilot Sep 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: Continuous Integration

on:
push:
branches: [main]
pull_request:
branches: [main]

permissions:
contents: read

jobs:
ci:
runs-on: ubuntu-latest
environment: CI

steps:
- name: Harden Runner
uses: step-security/harden-runner@v2

Check warning on line 19 in .github/workflows/ci.yml

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

.github/workflows/ci.yml#L19 

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release.
with:
egress-policy: audit

- name: Checkout Source
uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'

- name: Enable Corepack and Enforce Yarn Version
run: |
corepack enable
yarn set version 4.9.2

- name: Install Dependencies
run: yarn install

- name: Run Linter
run: yarn lint

- name: Build Project
run: yarn build

- name: Run Tests
run: yarn test
41 changes: 41 additions & 0 deletions .github/workflows/copilot-setup-steps.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: "Copilot Setup Steps"

# Automatically run the setup steps when they are changed to allow for easy validation, and
# allow manual testing through the repository's "Actions" tab
on:
workflow_dispatch:
push:
paths:
- .github/workflows/copilot-setup-steps.yml
pull_request:
paths:
- .github/workflows/copilot-setup-steps.yml

jobs:
# The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot.
copilot-setup-steps:
runs-on: ubuntu-latest

# Set the permissions to the lowest permissions possible needed for your steps.
# Copilot will be given its own token for its operations.
permissions:
# If you want to clone the repository as part of your setup steps, for example to install dependencies, you'll need the `contents: read` permission. If you don't clone the repository in your setup steps, Copilot will do this for you automatically after the steps complete.
contents: read

# You can define any steps you want, and they will run before the agent starts.
# If you do not check out your code, Copilot will do this for you.
steps:
- name: Checkout code
uses: actions/checkout@v5

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "yarn"

- name: Enable Corepack
run: corepack enable

- name: Install JavaScript dependencies
run: yarn install --immutable
Loading
Loading