ci: [fkitdev-8448] use github actions

.github/workflows/pull-request.yaml

@@ -0,0 +1,144 @@
+name: Pull Request
+
+on:
+  pull_request:
+
+concurrency:
+  group: pr-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+env:
+  NODE_VERSION: "24"
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: yarn
+          cache-dependency-path: yarn.lock
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Lint
+        run: |
+          set -euo pipefail
+          yarn test 2>&1 | tee lint-results.txt
+
+      - name: Upload lint results
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: lint-results
+          path: lint-results.txt
+
+  audit:
+    name: Audit
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: yarn
+          cache-dependency-path: yarn.lock
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Audit
+        run: |
+          set -euo pipefail
+
+          set +e
+          yarn audit --groups dependencies 2>&1 | tee audit-results.txt
+          set -e
+
+          yarn run improved-yarn-audit \
+            --min-severity critical \
+            2>&1 | tee -a audit-results.txt
+
+      - name: Upload audit results
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: audit-results
+          path: audit-results.txt
+
+  sonar:
+    name: SonarQube Scan
+    runs-on: ubuntu-latest
+    needs: audit
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.login=${{ secrets.SONAR_TOKEN }}
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+            -Dsonar.pullrequest.branch=${{ github.head_ref }}
+            -Dsonar.pullrequest.base=${{ github.base_ref }}
+            -Dsonar.scanner.metadataFilePath=${{ github.workspace }}/sonar-report-task.txt
+
+      - name: Upload Sonar report metadata
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: sonar-report-task
+          path: sonar-report-task.txt
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: [lint, audit, sonar]
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: yarn
+          cache-dependency-path: yarn.lock
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Build
+        run: |
+          set -euo pipefail
+          yarn build 2>&1 | tee build-results.txt
+
+      - name: Upload build results
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: build-results
+          path: build-results.txt

.gitignore

@@ -1,6 +1,5 @@
 node_modules/
 .idea/
 npm-debug.log*
-yarn.lock
 test/*/*.bundle.js
 dist

package.json

@@ -34,6 +34,7 @@
   "type": "module",
   "homepage": "https://github.com/TechTeamer/janus-api#readme",
   "dependencies": {
+    "improved-yarn-audit": "^3.0.4",
     "isomorphic-ws": "^4.0.1",
     "sdp": "^3.0.1",
     "uuid": "^8.2.0",