build(deps): bump actions/dependency-review-action from 3.1.5 to 4.1.3 #498
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| publishCanary: | |
| description: 'Publish a canary release' | |
| required: false | |
| default: '0' | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| jobs: | |
| test: | |
| name: Lint & Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 | |
| with: | |
| node-version: '18' | |
| # @see https://www.voorhoede.nl/en/blog/super-fast-npm-install-on-github-actions/ | |
| - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 | |
| id: cache | |
| with: | |
| path: ./node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('package-lock.json') }} | |
| - name: Install packages | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: npm ci | |
| - name: Run postinstall | |
| if: steps.cache.outputs.cache-hit == 'true' | |
| run: npm run --if-present postinstall && npm rebuild && npm run prepare --if-present | |
| - name: Lint | |
| run: npm run lint | |
| # Install playwright + deps with caching | |
| # @see https://github.com/microsoft/playwright/issues/7249#issuecomment-1385567519 | |
| - name: Store Playwright's Version | |
| run: | | |
| PLAYWRIGHT_VERSION=$(npm ls playwright | grep ' playwright' | sed 's/.*@//') | |
| echo "Playwright's Version: $PLAYWRIGHT_VERSION" | |
| echo "PLAYWRIGHT_VERSION=$PLAYWRIGHT_VERSION" >> $GITHUB_ENV | |
| - name: Cache Playwright Browsers for Playwright's Version | |
| id: cache-playwright-browsers | |
| uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 | |
| with: | |
| path: ~/.cache/ms-playwright | |
| key: playwright-browsers-${{ env.PLAYWRIGHT_VERSION }} | |
| - name: Setup Playwright | |
| if: steps.cache-playwright-browsers.outputs.cache-hit != 'true' | |
| run: npx playwright install --with-deps | |
| - name: Test | |
| run: sudo npx playwright install-deps && npm run test:ci | |
| # - name: Publish Code Coverage | |
| # uses: paambaati/codeclimate-action@4cace242c6e0a2dd554bbb3cc12c58047d8af3e5 # v5.0.0 | |
| # env: | |
| # CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
| # vrt: | |
| # name: Visual Regression Test | |
| # runs-on: macos-12 | |
| # steps: | |
| # - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| # - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 | |
| # with: | |
| # node-version: '18' | |
| # | |
| # # @see https://www.voorhoede.nl/en/blog/super-fast-npm-install-on-github-actions/ | |
| # - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 | |
| # id: cache | |
| # with: | |
| # path: ./node_modules | |
| # key: ${{ runner.os }}-modules-${{ hashFiles('package-lock.json') }} | |
| # | |
| # - name: Install packages | |
| # if: steps.cache.outputs.cache-hit != 'true' | |
| # run: npm ci | |
| # | |
| # - name: Run postinstall | |
| # if: steps.cache.outputs.cache-hit == 'true' | |
| # run: npm run --if-present postinstall && npm rebuild && npm run prepare --if-present | |
| # | |
| # - name: Test | |
| # run: npm run test:vrt | |
| # | |
| # - name: Archive visual diff results | |
| # uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
| # if: failure() | |
| # with: | |
| # name: visual-diffs | |
| # path: screenshots | |
| # retention-days: 7 | |
| release: | |
| name: Release & Deploy | |
| # Prevents changesets action from creating a PR on forks | |
| if: github.repository == 'inventage/web-components' | |
| runs-on: ubuntu-latest | |
| # needs: [ test, vrt ] | |
| needs: [ test ] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 | |
| with: | |
| node-version: '18' | |
| # @see https://www.voorhoede.nl/en/blog/super-fast-npm-install-on-github-actions/ | |
| - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 | |
| id: cache | |
| with: | |
| path: ./node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('package-lock.json') }} | |
| - name: Install packages | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: npm ci | |
| - name: Run postinstall | |
| if: steps.cache.outputs.cache-hit == 'true' | |
| run: npm run --if-present postinstall && npm rebuild && npm run prepare --if-present | |
| - name: Create .npmrc | |
| run: | | |
| cat << EOF > "$HOME/.npmrc" | |
| //registry.npmjs.org/:_authToken=$NPM_TOKEN | |
| EOF | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@f13b1baaa620fde937751f5d2c3572b9da32af23 # v1.4.5 | |
| with: | |
| publish: npm run release | |
| version: npm run version | |
| env: | |
| # Use PAT due to https://github.com/orgs/community/discussions/25702 | |
| GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} | |
| - name: Storybook Build | |
| run: npm run storybook:build | |
| - name: Upload Website Build | |
| uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
| with: | |
| name: storybook-static | |
| path: storybook-static | |
| - name: Deploy to Github Pages | |
| if: steps.changesets.outputs.published == 'true' | |
| uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: ./storybook-static | |
| allow_empty_commit: true | |
| - name: Publishing canary releases to npm registry | |
| if: steps.changesets.outputs.published != 'true' && github.event.inputs.publishCanary == '1' | |
| run: | | |
| git checkout $GITHUB_REF | |
| npx changeset version --snapshot canary | |
| node ./scripts/update-version-variables.mjs | |
| npx changeset publish --tag canary | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| commit-build: | |
| name: Commit Website Build | |
| needs: release | |
| # Prevents changesets action from creating a PR on forks | |
| if: github.repository == 'inventage/web-components' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| egress-policy: audit | |
| - name: Clone the repoitory | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| ref: website-build | |
| - name: Download website build | |
| uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 | |
| with: | |
| name: storybook-static | |
| path: storybook-static | |
| - name: Commit and Push | |
| run: | | |
| if [ $(git status --porcelain=v1 2>/dev/null | wc -l) != "0" ] ; then | |
| git config user.email "${GITHUB_ACTOR}" | |
| git config user.name "${GITHUB_ACTOR}@users.noreply.github.com" | |
| git add -f storybook-static | |
| git commit -m "gh-actions deployed a new website build" | |
| git push --force | |
| fi |