ci: set persist-credentials to false for checkout action #122
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node CI | |
on: | |
push: | |
branches: | |
- '**' | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+*' | |
pull_request: | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Prepare Environment | |
run: | | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Run typecheck and linter | |
run: | | |
yarn lint | |
env: | |
CI: true | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: [14.x, 16.x, 18.x, 20.x] | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Prepare Environment | |
run: | | |
yarn install | |
env: | |
CI: true | |
- name: Run tests | |
run: | | |
yarn unit | |
env: | |
CI: true | |
- name: Send coverage | |
uses: codecov/codecov-action@v4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
if: matrix.node-version == '18.x' | |
- name: Check docs generation | |
if: matrix.node-version == '18.x' | |
run: | | |
yarn docs:test | |
env: | |
CI: true | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
# only run for tags | |
if: contains(github.ref, 'refs/tags/') | |
needs: | |
- test | |
- validate-dependencies | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Check release is desired | |
id: do-publish | |
run: | | |
if [ -z "${{ secrets.NPM_TOKEN }}" ]; then | |
echo "No Token" | |
else | |
PACKAGE_NAME=$(yarn info -s . name) | |
PUBLISHED_VERSION=$(yarn info -s $PACKAGE_NAME version) | |
THIS_VERSION=$(node -p "require('./package.json').version") | |
# Simple bash helper to comapre version numbers | |
verlte() { | |
[ "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ] | |
} | |
verlt() { | |
[ "$1" = "$2" ] && return 1 || verlte $1 $2 | |
} | |
if verlt $PUBLISHED_VERSION $THIS_VERSION | |
then | |
echo "Publishing latest" | |
echo "tag=latest" >> $GITHUB_OUTPUT | |
else | |
echo "Publishing hotfix" | |
echo "tag=hotfix" >> $GITHUB_OUTPUT | |
fi | |
fi | |
- name: Prepare build | |
if: ${{ steps.do-publish.outputs.tag }} | |
run: | | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Publish to NPM | |
if: ${{ steps.do-publish.outputs.tag }} | |
run: | | |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc | |
NEW_VERSION=$(node -p "require('./package.json').version") | |
yarn publish --access=public --new-version=$NEW_VERSION --network-timeout 100000 --tag ${{ steps.do-publish.outputs.tag }} | |
env: | |
CI: true | |
- name: Generate docs | |
if: ${{ steps.do-publish.outputs.tag }} == 'latest' | |
run: | | |
yarn docs:html | |
- name: Publish docs | |
uses: peaceiris/actions-gh-pages@v4 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs | |
validate-dependencies: | |
name: Validate production dependencies | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Prepare Environment | |
run: | | |
yarn install | |
env: | |
CI: true | |
- name: Validate production dependencies | |
run: | | |
if ! git log --format=oneline -n 1 | grep -q "\[ignore-audit\]"; then | |
yarn validate:dependencies | |
else | |
echo "Skipping audit" | |
fi | |
env: | |
CI: true | |
validate-all-dependencies: | |
name: Validate all dependencies | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Prepare Environment | |
run: | | |
yarn install | |
env: | |
CI: true | |
- name: Validate production dependencies | |
run: | | |
yarn validate:dependencies | |
env: | |
CI: true | |
- name: Validate dev dependencies | |
run: | | |
yarn validate:dev-dependencies | |
env: | |
CI: true |