Skip to content
Node CI

ci: set persist-credentials to false for checkout action #123

Sign in to view logs

ci: set persist-credentials to false for checkout action

ci: set persist-credentials to false for checkout action #123

Workflow file for this run

.github/workflows/node.yaml at e65bd40
name: Node CI
on:
push:
branches:
- '**'
tags:
- 'v[0-9]+.[0-9]+.[0-9]+*'
pull_request:
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
continue-on-error: true
timeout-minutes: 15
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js 18.x
uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Prepare Environment
run: |
yarn install
yarn build
env:
CI: true
- name: Run typecheck and linter
run: |
yarn lint
env:
CI: true
test:
name: Test
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
node-version: [14.x, 16.x, 18.x, 20.x]
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Prepare Environment
run: |
yarn install
env:
CI: true
- name: Run tests
run: |
yarn unit
env:
CI: true
- name: Send coverage
uses: codecov/codecov-action@v4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
if: matrix.node-version == '18.x'
- name: Check docs generation
if: matrix.node-version == '18.x'
run: |
yarn docs:test
env:
CI: true
release:
name: Release
runs-on: ubuntu-latest
timeout-minutes: 15
# only run for tags
if: contains(github.ref, 'refs/tags/')
needs:
- test
- validate-dependencies
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
persist-credentials: false
fetch-depth: 0
- name: Use Node.js 18.x
uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Check release is desired
id: do-publish
run: |
if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
echo "No Token"
else
PACKAGE_NAME=$(yarn info -s . name)
PUBLISHED_VERSION=$(yarn info -s $PACKAGE_NAME version)
THIS_VERSION=$(node -p "require('./package.json').version")
# Simple bash helper to comapre version numbers
verlte() {
[ "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ]
}
verlt() {
[ "$1" = "$2" ] && return 1 || verlte $1 $2
}
if verlt $PUBLISHED_VERSION $THIS_VERSION
then
echo "Publishing latest"
echo "tag=latest" >> $GITHUB_OUTPUT
else
echo "Publishing hotfix"
echo "tag=hotfix" >> $GITHUB_OUTPUT
fi
fi
- name: Prepare build
if: ${{ steps.do-publish.outputs.tag }}
run: |
yarn install
yarn build
env:
CI: true
- name: Publish to NPM
if: ${{ steps.do-publish.outputs.tag }}
run: |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc
NEW_VERSION=$(node -p "require('./package.json').version")
yarn publish --access=public --new-version=$NEW_VERSION --network-timeout 100000 --tag ${{ steps.do-publish.outputs.tag }}
env:
CI: true
- name: Generate docs
if: ${{ steps.do-publish.outputs.tag }} == 'latest'
run: |
yarn docs:html
- name: Publish docs
uses: peaceiris/actions-gh-pages@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs
validate-dependencies:
name: Validate production dependencies
runs-on: ubuntu-latest
continue-on-error: true
timeout-minutes: 15
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js 18.x
uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Prepare Environment
run: |
yarn install
env:
CI: true
- name: Validate production dependencies
run: |
if ! git log --format=oneline -n 1 | grep -q "\[ignore-audit\]"; then
yarn validate:dependencies
else
echo "Skipping audit"
fi
env:
CI: true
validate-all-dependencies:
name: Validate all dependencies
runs-on: ubuntu-latest
continue-on-error: true
timeout-minutes: 15
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Use Node.js 18.x
uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Prepare Environment
run: |
yarn install
env:
CI: true
- name: Validate production dependencies
run: |
yarn validate:dependencies
env:
CI: true
- name: Validate dev dependencies
run: |
yarn validate:dev-dependencies
env:
CI: true