Skip to content

ci(deps): Bump actions/github-script from 6.4.1 to 7.0.1 (#468) #2541

ci(deps): Bump actions/github-script from 6.4.1 to 7.0.1 (#468)

ci(deps): Bump actions/github-script from 6.4.1 to 7.0.1 (#468) #2541

Workflow file for this run

# Continuous Integration
#
# References:
#
# - https://docs.github.com/actions/learn-github-actions/contexts
# - https://docs.github.com/actions/learn-github-actions/expressions
# - https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch
# - https://github.com/GitGuardian/ggshield-action
# - https://github.com/actions/cache
# - https://github.com/actions/cache/discussions/650
# - https://github.com/actions/checkout
# - https://github.com/actions/setup-node
# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration
# - https://github.com/actions/upload-artifact
# - https://github.com/andstor/file-existence-action
# - https://github.com/codecov/codecov-action
# - https://github.com/flex-development/grease
# - https://github.com/hmarr/debug-action
# - https://vercel.com/guides/how-can-i-use-github-actions-with-vercel
# - https://yarnpkg.com/cli/pack
---
name: ci
on:
pull_request:
push:
branches:
- feat/**
- hotfix/**
- main
workflow_dispatch:
permissions:
contents: read
packages: read
env:
CACHE_PATH: node_modules
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HUSKY: 0
REF: ${{ github.head_ref || github.ref }}
REF_NAME: ${{ github.head_ref || github.ref_name }}
SHA: ${{ github.event.pull_request.head.sha || github.sha }}
concurrency:
cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
preflight:
if: |
github.event.head_commit.author.name != 'dependabot[bot]'
&& github.event.head_commit.author.username != 'flexdevelopment[bot]'
&& !startsWith(github.event.head_commit.message, 'release:')
&& !startsWith(github.event.head_commit.message, 'release(chore):')
runs-on: ubuntu-latest
outputs:
cache-key: ${{ steps.cache-key.outputs.result }}
version: ${{ steps.version.outputs.result }}
version-typescript: ${{ steps.version-typescript.outputs.result }}
steps:
- id: debug
name: Print environment variables and event payload
uses: hmarr/[email protected]
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: yarn
name: Install dependencies
env:
YARN_ENABLE_IMMUTABLE_INSTALLS: ${{ github.actor != 'dependabot[bot]' }}
run: yarn
- id: cache-key
name: Get cache key
run: echo "result=${{ runner.os }}-${{ github.run_id }}" >>$GITHUB_OUTPUT
- id: cache
name: Cache dependencies
uses: actions/[email protected]
with:
key: ${{ steps.cache-key.outputs.result }}
path: ${{ env.CACHE_PATH }}
- id: version
name: Get manifest version
run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT
- id: version-typescript
name: Get TypeScript version
run: echo "result=$(jq .devDependencies.typescript package.json -r)" >>$GITHUB_OUTPUT
commitlint:
needs: preflight
runs-on: ubuntu-latest
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: lint
name: Check commitlint status
if: github.run_number != '1'
run: yarn commitlint --from $SHA~${{ github.event.pull_request.commits || 1 }} --to $SHA
gitguardian:
needs: commitlint
runs-on: ubuntu-latest
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ env.REF }}
- id: scan
name: Scan commits for secrets and policy breaches
uses: GitGuardian/ggshield-action@master
env:
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
with:
args: --all-policies --show-secrets --verbose
format:
needs:
- commitlint
- gitguardian
- preflight
runs-on: ubuntu-latest
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: format
name: Check code formatting
run: yarn check:format
lint:
needs:
- commitlint
- gitguardian
- preflight
runs-on: ubuntu-latest
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: build
name: Build project
run: yarn build
- id: lint
name: Check lint status
run: yarn check:lint
spelling:
needs:
- commitlint
- gitguardian
- preflight
runs-on: ubuntu-latest
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: spelling
name: Check spelling
run: yarn check:spelling
typescript:
needs:
- commitlint
- gitguardian
- preflight
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
typescript-version:
- ${{ needs.preflight.outputs.version-typescript }}
- latest
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.REF }}
- id: test-files-check
name: Check for typecheck files
uses: andstor/[email protected]
with:
files: '**/__tests__/*.spec-d.ts'
- id: node
if: steps.test-files-check.outputs.files_exists == 'true'
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
if: steps.test-files-check.outputs.files_exists == 'true'
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: typescript
if: steps.test-files-check.outputs.files_exists == 'true'
name: Install typescript@${{ matrix.typescript-version }}
run: yarn add -D typescript@${{ matrix.typescript-version }}
- id: print-typescript-version
if: steps.test-files-check.outputs.files_exists == 'true'
name: Print TypeScript version
run: jq .devDependencies.typescript package.json -r
- id: typecheck
if: steps.test-files-check.outputs.files_exists == 'true'
name: Run typecheck
run: yarn typecheck
test:
needs:
- commitlint
- gitguardian
- preflight
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
node-version:
- 20
- 19
- 18
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.REF }}
- id: test-files-check
name: Check for test files
uses: andstor/[email protected]
with:
files: '**/__tests__/*.spec.+(ts|tsx)'
- id: node
if: steps.test-files-check.outputs.files_exists == 'true'
name: Setup Node.js v${{ matrix.node-version }}
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
check-latest: true
node-version: ${{ matrix.node-version }}
- id: cache
if: steps.test-files-check.outputs.files_exists == 'true'
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: test
if: steps.test-files-check.outputs.files_exists == 'true'
name: Run tests
run: yarn test:cov --segfault-retry=3
- id: codecov
name: Upload coverage report to Codecov
if: steps.test-files-check.outputs.files_exists == 'true'
uses: codecov/[email protected]
env:
GITHUB_JOB: ${{ github.job }}
GITHUB_REF: ${{ github.ref }}
GITHUB_REF_TYPE: ${{ github.ref_type }}
GITHUB_RUN_ID: ${{ github.run_id }}
GITHUB_SHA: ${{ env.SHA }}
GITHUB_WORKSPACE: ${{ github.workspace }}
with:
env_vars: GITHUB_JOB,GITHUB_REF,GITHUB_REF_TYPE,GITHUB_RUN_ID,GITHUB_SHA,GITHUB_WORKSPACE
fail_ci_if_error: true
file: ./coverage/lcov.info
flags: ${{ format('node{0}', matrix.node-version) }}
override_branch: ${{ env.REF }}
override_build: ${{ github.run_id }}
override_commit: ${{ env.SHA }}
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
build:
needs:
- commitlint
- gitguardian
- preflight
runs-on: ubuntu-latest
env:
TARFILE: |
${{ startsWith(github.head_ref || github.ref_name, 'release/') && format('@{0}-{1}-{2}.tgz', github.repository_owner, github.event.repository.name, needs.preflight.outputs.version) || format('@{0}-{1}-{2}+{3}.tgz', github.repository_owner, github.event.repository.name, needs.preflight.outputs.version, github.event.pull_request.head.sha || github.sha) }}
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: local-binaries
name: Add local binaries to $PATH
run: echo "$GITHUB_WORKSPACE/$CACHE_PATH/.bin" >> $GITHUB_PATH
- id: pack
name: Pack project
run: yarn pack -o ${{ env.TARFILE }}
- id: typecheck
name: Run typecheck
run: yarn check:types:build
- id: attw
name: Analyze types distribution
run: attw ${{ env.TARFILE }}
- id: archive
name: Archive production artifacts
uses: actions/[email protected]
with:
name: ${{ env.TARFILE }}
path: ${{ env.TARFILE }}
changelog:
needs:
- build
- commitlint
- format
- gitguardian
- lint
- preflight
- spelling
- test
- typescript
runs-on: ubuntu-latest
env:
NODE_NO_WARNINGS: 1
steps:
- id: checkout
name: Checkout ${{ env.REF_NAME }}
uses: actions/[email protected]
with:
fetch-depth: 0
persist-credentials: false
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ needs.preflight.outputs.cache-key }}
path: ${{ env.CACHE_PATH }}
- id: local-binaries
name: Add local binaries to $PATH
run: echo "$GITHUB_WORKSPACE/$CACHE_PATH/.bin" >>$GITHUB_PATH
- id: summary
name: Get changelog preview
env:
TZ: ${{ vars.TZ }}
run: echo "$(grease changelog)" >>$GITHUB_STEP_SUMMARY
docs:
needs:
- build
- changelog
- commitlint
- format
- gitguardian
- lint
- preflight
- spelling
- test
- typescript
runs-on: ubuntu-latest
environment: preview
env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
steps:
- id: checkout
name: Checkout ${{ env.REF }}
uses: actions/[email protected]
with:
ref: ${{ env.REF }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: cache
name: Restore dependencies cache
uses: actions/[email protected]
with:
key: ${{ runner.os }}-${{ github.run_id }}
path: ${{ env.CACHE_PATH }}
- id: local-binaries
name: Add local binaries to $PATH
run: echo "$GITHUB_WORKSPACE/$CACHE_PATH/.bin" >> $GITHUB_PATH
- id: env
name: Pull environment
run: vc pull --environment=preview --yes --token=${{ secrets.VERCEL_TOKEN }}
- id: build
name: Build docs
run: vc build --token=${{ secrets.VERCEL_TOKEN }}
- id: deploy
name: Deploy docs preview
run: vc deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }}
- id: archive
name: Archive production artifacts
uses: actions/[email protected]
with:
name: |
${{ format('@{0}-{1}-{2}-docs', github.repository_owner, github.event.repository.name, needs.preflight.outputs.version) }}
path: |
.vercel/output/
docs/.vitepress/dist/