docs: update stix-bundle.schema.mdx #203
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI and Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - next | |
| - next-major | |
| - beta | |
| - alpha | |
| - '*.*.x' # Matches branches like '1.2.x', '2.3.x' | |
| - '*.x' # Matches branches like '1.x', '2.x' | |
| pull_request: | |
| branches: | |
| - main | |
| - next | |
| - next-major | |
| - beta | |
| - alpha | |
| - '*.*.x' # Matches PRs targeting '1.2.x', '2.3.x' | |
| - '*.x' # Matches PRs targeting '1.x', '2.x' | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Job 1: Commit Linting | |
| commitlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch full history to check commit differences | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.x' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Determine commit range | |
| id: commit_range | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| echo "base_sha=$(git merge-base ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }})" >> $GITHUB_OUTPUT | |
| echo "head_sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT | |
| else | |
| # For push events or when PR base isn't available | |
| echo "base_sha=$(git rev-parse HEAD~1)" >> $GITHUB_OUTPUT | |
| echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Validate commits | |
| run: npx commitlint --from ${{ steps.commit_range.outputs.base_sha }} --to ${{ steps.commit_range.outputs.head_sha }} --verbose | |
| # Job 2: Build and Test | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: [commitlint] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.x' | |
| - name: Install | |
| run: npm ci --include=dev | |
| - name: Build | |
| run: npm run build | |
| - name: Test | |
| run: npm run test | |
| - name: List test logs | |
| run: ls -la .test-logs/ | |
| - name: Upload test logs | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: test-logs | |
| path: .test-logs/** | |
| include-hidden-files: true | |
| - name: Verify integrity of dependencies | |
| run: npm audit signatures | |
| # Job 3: Publish (only on push events) | |
| publish: | |
| if: github.event_name == 'push' | |
| needs: [test] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # To publish a GitHub release | |
| packages: write # To publish to GitHub Package registry | |
| issues: write # To comment on released issues | |
| pull-requests: write # To comment on released pull requests | |
| id-token: write # To enable OIDC for npm provenance | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.x' | |
| # registry-url: 'https://npm.pkg.github.com' | |
| # scope: '@mitre-attack' | |
| - name: Install dependencies | |
| run: npm clean-install | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies | |
| run: npm audit signatures | |
| - name: Release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| HUSKY: 0 # Temporarily disables all Git hooks | |
| run: npx semantic-release | |
| # Job 4: Update docs site (only on push events targeting main) | |
| deploy-docs: | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [publish] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.x' | |
| - name: Install schema dependencies | |
| run: npm install | |
| working-directory: ./ | |
| - name: Install docusaurus dependencies | |
| run: npm install | |
| working-directory: ./docusaurus | |
| - name: Generate schema documentation | |
| run: npm run gendocs | |
| working-directory: ./docusaurus | |
| - name: Build Docusaurus site | |
| run: npm run build | |
| working-directory: ./docusaurus | |
| - name: Deploy to GitHub Pages | |
| uses: peaceiris/actions-gh-pages@v3 | |
| with: | |
| deploy_key: ${{ secrets.DEPLOY_KEY }} | |
| publish_dir: ./docusaurus/build |