ci: set persist-credentials to false for checkout action #314
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node CI | |
on: | |
push: | |
branches: | |
- '**' | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+*' | |
pull_request: | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Prepare Environment | |
run: | | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Run typecheck and linter | |
run: | | |
yarn lint | |
env: | |
CI: true | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: [14.x, 16.x, 18.x, 20.x, 22.x] | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Prepare Environment | |
run: | | |
yarn install | |
env: | |
CI: true | |
- name: Run tests | |
run: | | |
yarn unit | |
env: | |
CI: true | |
- name: Send coverage | |
uses: codecov/codecov-action@v4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
if: matrix.node-version == '18.x' | |
- name: Check docs generation | |
if: matrix.node-version == '18.x' | |
run: | | |
yarn docs:test | |
env: | |
CI: true | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
# only run for tags | |
if: contains(github.ref, 'refs/tags/') | |
needs: | |
- test | |
# - validate-dependencies | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Check release is desired | |
id: do-publish | |
run: | | |
if [ -z "${{ secrets.NPM_TOKEN }}" ]; then | |
echo "No Token" | |
else | |
PUBLISHED_VERSION=$(yarn npm info --json . | jq -c '.version' -r) | |
THIS_VERSION=$(node -p "require('./package.json').version") | |
# Simple bash helper to comapre version numbers | |
verlte() { | |
[ "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ] | |
} | |
verlt() { | |
[ "$1" = "$2" ] && return 1 || verlte $1 $2 | |
} | |
if verlt $PUBLISHED_VERSION $THIS_VERSION | |
then | |
echo "Publishing latest" | |
echo "tag=latest" >> $GITHUB_OUTPUT | |
else | |
echo "Publishing hotfix" | |
echo "tag=hotfix" >> $GITHUB_OUTPUT | |
fi | |
fi | |
- name: Prepare build | |
if: ${{ steps.do-publish.outputs.tag }} | |
run: | | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Publish to NPM | |
if: ${{ steps.do-publish.outputs.tag }} | |
run: | | |
yarn config set npmAuthToken $NPM_AUTH_TOKEN | |
NEW_VERSION=$(node -p "require('./package.json').version") | |
yarn npm publish --access=public --tag ${{ steps.do-publish.outputs.tag }} | |
echo "**Published:** $NEW_VERSION" >> $GITHUB_STEP_SUMMARY | |
env: | |
NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
CI: true | |
- name: Generate docs | |
if: ${{ steps.do-publish.outputs.tag }} == 'latest' | |
run: | | |
yarn docs:html | |
- name: Publish docs | |
uses: peaceiris/actions-gh-pages@v4 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs | |
# validate-dependencies: | |
# name: Validate production dependencies | |
# runs-on: ubuntu-latest | |
# continue-on-error: true | |
# timeout-minutes: 15 | |
# steps: | |
# - uses: actions/checkout@v4 | |
# - name: Use Node.js 18.x | |
# uses: actions/setup-node@v4 | |
# with: | |
# node-version: 18.x | |
# - name: Prepare Environment | |
# run: | | |
# yarn install | |
# env: | |
# CI: true | |
# - name: Validate production dependencies | |
# run: | | |
# if ! git log --format=oneline -n 1 | grep -q "\[ignore-audit\]"; then | |
# yarn validate:dependencies | |
# else | |
# echo "Skipping audit" | |
# fi | |
# env: | |
# CI: true | |
# validate-all-dependencies: | |
# name: Validate all dependencies | |
# runs-on: ubuntu-latest | |
# continue-on-error: true | |
# timeout-minutes: 15 | |
# steps: | |
# - uses: actions/checkout@v4 | |
# - name: Use Node.js 18.x | |
# uses: actions/setup-node@v4 | |
# with: | |
# node-version: 18.x | |
# - name: Prepare Environment | |
# run: | | |
# yarn install | |
# env: | |
# CI: true | |
# - name: Validate production dependencies | |
# run: | | |
# yarn validate:dependencies | |
# env: | |
# CI: true | |
# - name: Validate dev dependencies | |
# run: | | |
# yarn validate:dev-dependencies | |
# env: | |
# CI: true |