build(deps): Bump the flex-development group across 1 directory with 2 updates #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Continuous Integration | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/GitGuardian/ggshield-action | |
# - https://github.com/actions/cache | |
# - https://github.com/actions/cache/discussions/650 | |
# - https://github.com/actions/checkout | |
# - https://github.com/actions/setup-node | |
# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration | |
# - https://github.com/actions/upload-artifact | |
# - https://github.com/andstor/file-existence-action | |
# - https://github.com/codecov/codecov-action | |
# - https://github.com/flex-development/grease | |
# - https://github.com/hmarr/debug-action | |
# - https://yarnpkg.com/cli/pack | |
--- | |
name: ci | |
on: | |
pull_request: | |
push: | |
branches: | |
- feat/** | |
- hotfix/** | |
- main | |
workflow_dispatch: | |
permissions: | |
contents: read | |
packages: read | |
env: | |
CACHE_PATH: node_modules | |
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_TOKEN }} | |
HUSKY: 0 | |
REF: ${{ github.head_ref || github.ref }} | |
REF_NAME: ${{ github.head_ref || github.ref_name }} | |
SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.ref }} | |
jobs: | |
preflight: | |
if: | | |
github.event.head_commit.author.name != 'dependabot[bot]' | |
&& github.event.head_commit.author.username != 'flexdevelopment[bot]' | |
&& !startsWith(github.event.head_commit.message, 'release:') | |
&& !startsWith(github.event.head_commit.message, 'release(chore):') | |
runs-on: ubuntu-latest | |
outputs: | |
cache-key: ${{ steps.cache-key.outputs.result }} | |
version: ${{ steps.version.outputs.result }} | |
version-typescript: ${{ steps.version-typescript.outputs.result }} | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v3.0.0 | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: yarn | |
name: Install dependencies | |
env: | |
YARN_ENABLE_IMMUTABLE_INSTALLS: ${{ github.actor != 'dependabot[bot]' }} | |
run: yarn | |
- id: cache-key | |
name: Get cache key | |
run: echo "result=${{ runner.os }}-${{ github.run_id }}" >>$GITHUB_OUTPUT | |
- id: cache | |
name: Cache dependencies | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ steps.cache-key.outputs.result }} | |
path: ${{ env.CACHE_PATH }} | |
- id: version | |
name: Get manifest version | |
run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT | |
- id: version-typescript | |
name: Get TypeScript version | |
run: echo "result=$(jq .devDependencies.typescript package.json -r)" >>$GITHUB_OUTPUT | |
commitlint: | |
needs: preflight | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: lint | |
name: Check commitlint status | |
if: github.run_number != '1' | |
run: yarn commitlint --from $SHA~${{ github.event.pull_request.commits || 1 }} --to $SHA | |
gitguardian: | |
needs: commitlint | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: scan | |
name: Scan commits for secrets and policy breaches | |
uses: GitGuardian/ggshield-action@master | |
env: | |
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} | |
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }} | |
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }} | |
with: | |
args: --all-policies --show-secrets --verbose | |
format: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: format | |
name: Check code formatting | |
run: yarn check:format | |
lint: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: lint | |
name: Check lint status | |
run: yarn check:lint | |
spelling: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: spelling | |
name: Check spelling | |
run: yarn check:spelling | |
typescript: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
typescript-version: | |
- ${{ needs.preflight.outputs.version-typescript }} | |
- 5.3.3 | |
- latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: test-files-check | |
name: Check for typecheck files | |
uses: andstor/file-existence-action@v3.0.0 | |
with: | |
files: '**/__tests__/*.spec-d.ts' | |
- id: node | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: typescript | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Install typescript@${{ matrix.typescript-version }} | |
run: yarn add -D typescript@${{ matrix.typescript-version }} | |
- id: print-typescript-version | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Print TypeScript version | |
run: jq .devDependencies.typescript package.json -r | |
- id: typecheck | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Run typecheck | |
run: yarn typecheck | |
test: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: | |
- 20 | |
- 19 | |
- 18 | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: test-files-check | |
name: Check for test files | |
uses: andstor/file-existence-action@v3.0.0 | |
with: | |
files: '**/__tests__/*.spec.+(ts|tsx)' | |
- id: node | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Setup Node.js v${{ matrix.node-version }} | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
node-version: ${{ matrix.node-version }} | |
- id: cache | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: test | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Run tests | |
run: yarn test:cov --segfault-retry=3 | |
- id: codecov | |
name: Upload coverage report to Codecov | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
uses: codecov/codecov-action@v4.1.0 | |
env: | |
GITHUB_JOB: ${{ github.job }} | |
GITHUB_REF: ${{ github.ref }} | |
GITHUB_REF_TYPE: ${{ github.ref_type }} | |
GITHUB_RUN_ID: ${{ github.run_id }} | |
GITHUB_SHA: ${{ env.SHA }} | |
GITHUB_WORKSPACE: ${{ github.workspace }} | |
with: | |
env_vars: GITHUB_JOB,GITHUB_REF,GITHUB_REF_TYPE,GITHUB_RUN_ID,GITHUB_SHA,GITHUB_WORKSPACE | |
fail_ci_if_error: true | |
file: ./coverage/lcov.info | |
flags: ${{ format('node{0}', matrix.node-version) }} | |
override_branch: ${{ env.REF }} | |
override_build: ${{ github.run_id }} | |
override_commit: ${{ env.SHA }} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
verbose: true | |
build: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
env: | |
TARFILE: | | |
${{ startsWith(github.head_ref || github.ref_name, 'release/') && format('@{0}-{1}-{2}.tgz', github.repository_owner, github.event.repository.name, needs.preflight.outputs.version) || format('@{0}-{1}-{2}+{3}.tgz', github.repository_owner, github.event.repository.name, needs.preflight.outputs.version, github.event.pull_request.head.sha || github.sha) }} | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: local-binaries | |
name: Add local binaries to $PATH | |
run: echo "$GITHUB_WORKSPACE/$CACHE_PATH/.bin" >> $GITHUB_PATH | |
- id: pack | |
name: Pack project | |
run: yarn pack -o ${{ env.TARFILE }} | |
- id: typecheck | |
name: Run typecheck | |
run: yarn check:types:build | |
- id: attw | |
name: Analyze types distribution | |
run: attw ${{ env.TARFILE }} | |
- id: archive | |
name: Archive production artifacts | |
uses: actions/upload-artifact@v4.3.1 | |
with: | |
name: ${{ env.TARFILE }} | |
path: ${{ env.TARFILE }} | |
changelog: | |
needs: | |
- build | |
- commitlint | |
- format | |
- gitguardian | |
- lint | |
- preflight | |
- spelling | |
- test | |
- typescript | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v4.1.1 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v4.0.2 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v4.0.1 | |
with: | |
key: ${{ needs.preflight.outputs.cache-key }} | |
path: ${{ env.CACHE_PATH }} | |
- id: local-binaries | |
name: Add local binaries to $PATH | |
run: echo "$GITHUB_WORKSPACE/$CACHE_PATH/.bin" >>$GITHUB_PATH | |
- id: summary | |
name: Get changelog preview | |
env: | |
TZ: ${{ vars.TZ }} | |
run: echo "$(grease changelog)" >>$GITHUB_STEP_SUMMARY |