CI improvements #288
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,24 @@ | |
|
|
||
| name: CI | ||
|
|
||
| on: | ||
| # Run on pushes to the default branch. | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| # Run on all PRs. | ||
| pull_request: | ||
| types: | ||
| - opened | ||
| - synchronize | ||
| - reopened | ||
|
|
||
| # Support merge queues. | ||
| merge_group: | ||
|
|
||
| # Allow running this workflow manually from the Actions tab. | ||
| workflow_dispatch: | ||
|
|
||
| defaults: | ||
| run: | ||
|
|
@@ -20,29 +37,39 @@ jobs: | |
| # Steps represent a sequence of tasks that will be executed as part of the job | ||
| steps: | ||
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | ||
| - name: Git checkout | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| submodules: recursive | ||
| clean: true | ||
| persist-credentials: false | ||
| set-safe-directory: true | ||
|
|
||
| - name: Setup Node.js environment | ||
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | ||
| with: | ||
| node-version: 16.x | ||
| cache: 'npm' | ||
|
|
||
| - name: Cache ~/.elm | ||
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | ||
| with: | ||
| path: ~/.elm | ||
| key: elm-${{ runner.os }}-${{ hashFiles('**/elm.json', 'elm-tooling.json') }} | ||
| restore-keys: | | ||
| elm-${{ runner.os }}- | ||
|
There was a problem hiding this comment. I've read https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows but I still don't get how this is not dangerous. If There was a problem hiding this comment. Say I've got an |
||
|
|
||
| - name: Cache node_modules | ||
| id: cache-node_modules | ||
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | ||
| with: | ||
| path: node_modules | ||
| key: node_modules-${{ runner.os }}-${{ hashFiles('package-lock.json') }} | ||
| restore-keys: | | ||
| node_modules-${{ runner.os }}- | ||
|
|
||
| - name: Cache turbo build setup | ||
| uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | ||
| with: | ||
| path: .turbo | ||
| key: ${{ runner.os }}-turbo-${{ github.sha }} | ||
|
|
@@ -53,15 +80,15 @@ jobs: | |
| if: steps.cache-node_modules.outputs.cache-hit != 'true' | ||
| env: | ||
| NO_ELM_TOOLING_INSTALL: 1 | ||
| run: npm ci --engine-strict | ||
|
|
||
| - name: elm-tooling install | ||
| run: npx --no-install elm-tooling install | ||
|
|
||
| - name: Install turbo | ||
| run: npm install -g turbo | ||
|
|
||
| - name: Test Node.js version requirements | ||
| run: turbo run check-engines | ||
|
|
||
| - name: Run tests | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe dependabot is not updating them because of the hash? Or because of the comment. Not sure either 🤷♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dependabot is smart enough for it to work on my other projects. If the comment is wrong, it'll also override it (rather than ignoring it or not updating), which is nice.
(Otherwise, I wouldn't use this. I prefer security updates+possible supply chain attack over old versions)