Merge pull request #1027 from actions-rs-plus/renovate/lock-file-main… #2794
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| checks: write | |
| pull-requests: write | |
| issues: write | |
| packages: write | |
| concurrency: | |
| group: "${{ github.workflow }} @ ${{ github.ref_name }}" | |
| cancel-in-progress: true | |
| jobs: | |
| changes: | |
| name: Detect changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| code: ${{ steps.filter.outputs.code }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| show-progress: false | |
| submodules: true | |
| - name: Check if we actually made changes | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| filters: .github/file-filters.yml | |
| warm-up-cache: | |
| name: Warm up the cache | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| submodules: true | |
| - name: Set up node | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| registry-url: https://npm.pkg.github.com | |
| - name: Ensure latest version of npm, older versions like v8 have broken caching | |
| shell: bash | |
| run: | | |
| npm install --location=global npm@latest | |
| - name: Download dependencies | |
| shell: bash | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| npm ci | |
| npm-build: | |
| name: Build the code | |
| runs-on: ubuntu-latest | |
| needs: | |
| - warm-up-cache | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.TOKEN_TO_TRIGGER_SUBSEQUENT_WORKFLOWS }} | |
| show-progress: false | |
| submodules: true | |
| - name: Set up node | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| - name: Download dependencies from cache | |
| shell: bash | |
| run: | | |
| npm ci --offline | |
| - name: Run build | |
| shell: bash | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| run: | | |
| npm run build | |
| - name: Compare the expected and actual dist/ directories | |
| id: diff | |
| env: | |
| # for gh-cli | |
| GH_TOKEN: ${{ secrets.TOKEN_TO_TRIGGER_SUBSEQUENT_WORKFLOWS }} | |
| run: | | |
| if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then | |
| PR_NUMBER="${{ github.event.pull_request.number }}" | |
| BRANCH="lock-file-maintenance-${PR_NUMBER}" | |
| echo "Detected uncommitted changes after build. Checking in changes on branch: ${BRANCH}" | |
| git checkout -b ${BRANCH} | |
| echo "Please see the artifacts of this build for the changes" | |
| git diff > diff.txt | |
| echo "Creating commit with changes" | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| echo "Committing changes in dist/" | |
| git add dist/ | |
| git commit --message "chore: changes caused by updating lock files. See #${PR_NUMBER}" | |
| # Remove GitHub's merging the tip of lock-file-maintenance branch into main's commit | |
| # it's not needed as we require a branch to up-to-date with main | |
| git rebase origin/main --autosquash | |
| echo "Pushing branch" | |
| git push --force --set-upstream origin HEAD | |
| echo "Creating PR" | |
| gh pr create --base main --head ${BRANCH} --title "chore(deps): rebuilding because of lock file maintenance" --fill | |
| exit 1 | |
| fi | |
| # If dist/ was different than expected, upload the expected version as an artifact | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| if: ${{ failure() && steps.diff.conclusion == 'failure' }} | |
| with: | |
| name: dist | |
| path: | | |
| dist/ | |
| diff.txt | |
| npm-lint: | |
| name: Lint the code | |
| runs-on: ubuntu-latest | |
| needs: | |
| - warm-up-cache | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| show-progress: false | |
| submodules: true | |
| - name: Set up node | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| - name: Download dependencies from cache | |
| shell: bash | |
| run: | | |
| npm ci --offline | |
| - name: Run lint | |
| shell: bash | |
| id: lint | |
| run: | | |
| npm run lint -- --format=json --output-file reports/lint-report.json | |
| continue-on-error: true | |
| - name: Annotate Code Linting Results | |
| uses: ataylorme/eslint-annotate-action@d57a1193d4c59cbfbf3f86c271f42612f9dbd9e9 # 3.0.0 | |
| with: | |
| report-json: reports/lint-report.json | |
| fail-on-error: true | |
| fail-on-warning: true | |
| only-pr-files: false | |
| - name: Fail if lint failed | |
| shell: bash | |
| if: | | |
| steps.lint.outcome != 'success' | |
| run: | | |
| echo "Lint failed" | |
| exit 1; | |
| npm-test: | |
| name: Test the code | |
| runs-on: ubuntu-latest | |
| needs: | |
| - warm-up-cache | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| show-progress: false | |
| submodules: true | |
| fetch-depth: 0 | |
| - name: Set up node | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| - name: Download dependencies from cache | |
| shell: bash | |
| run: | | |
| npm ci --offline | |
| - name: Run tests | |
| shell: bash | |
| id: tests | |
| run: | | |
| npm run test -- --reporter=basic --reporter=github-actions --reporter=junit --coverage.reporter=text --coverage.reporter=lcovonly | |
| continue-on-error: true | |
| - name: Upload coverage results (to Codecov.io) | |
| uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 | |
| with: | |
| disable_search: true | |
| fail_ci_if_error: true | |
| files: coverage/lcov.info | |
| plugins: "" | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload test results to Codecov | |
| uses: codecov/test-results-action@9739113ad922ea0a9abb4b2c0f8bf6a4aa8ef820 # v1.0.1 | |
| with: | |
| disable_search: true | |
| fail_ci_if_error: true | |
| files: reports/test-report.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Fail if tests failed | |
| shell: bash | |
| if: steps.tests.outcome != 'success' | |
| run: | | |
| echo "Tests failed" | |
| exit 1 | |
| npm-dependencies: | |
| name: Validate dependencies | |
| runs-on: ubuntu-latest | |
| needs: | |
| - warm-up-cache | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| show-progress: false | |
| - name: Set up node | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| cache-dependency-path: package-lock.json | |
| - name: Download dependencies from cache | |
| shell: bash | |
| run: | | |
| npm ci --offline | |
| - name: Check dependencies | |
| shell: bash | |
| run: | | |
| npm run deps:ci | |
| all-done: | |
| name: All done | |
| # this is the job that should be marked as required on GitHub. It's the only one that'll reliably trigger | |
| # when any upstream fails: success | |
| # when all upstream skips: pass | |
| # when all upstream success: success | |
| # combination of upstream skip and success: success | |
| runs-on: ubuntu-latest | |
| needs: | |
| - npm-build | |
| - npm-dependencies | |
| - npm-lint | |
| - npm-test | |
| if: ${{ always() }} | |
| steps: | |
| - name: Fail! | |
| shell: bash | |
| if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
| run: | | |
| echo "One / more upstream failed or was cancelled. Failing job..." | |
| exit 1 | |
| - name: Success! | |
| shell: bash | |
| run: | | |
| echo "Great success!" |