fix(deps): update non-major-dependencies (#74) #206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################################################################################## | |
# The following secrets are required: | |
# | |
# 1. GH_ACCESS_TOKEN - A "fine-grained personal access token" generated through the | |
# Github UI. It seems like these tokens are scoped to a user, rather than an | |
# organisation. | |
# | |
# The following minimum permissions are required: | |
# Read - access to metadata | |
# Read & write - access to actions and code | |
# 2. GH_USER_NAME - The name (not username) associated with the Git user. e.g. John Smith | |
# 3. GH_USER_EMAIL - The email associated with the Git user | |
# 4. NPM_TOKEN - A token for publishing to npm | |
######################################################################################## | |
name: Continuous Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [18, 20] | |
name: Build, lint and test - Node ${{ matrix.node-version }} | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 | |
- name: Install pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
- name: Install Dependencies | |
run: pnpm install | |
- name: Lint | |
run: pnpm run prettier:check && pnpm run eslint:check | |
required-checks-passed: | |
name: All required checks passed | |
runs-on: ubuntu-latest | |
needs: [lint] | |
steps: | |
- run: exit 0 | |
tag-and-release: | |
name: Tag and release | |
runs-on: ubuntu-latest | |
needs: required-checks-passed | |
# Only tag and release on pushes to main | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
strategy: | |
matrix: | |
node-version: [20] | |
permissions: | |
id-token: write | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.GH_ACCESS_TOKEN }} | |
- name: Install pnpm | |
uses: pnpm/action-setup@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
- name: Configure Git credentials | |
run: | | |
git config --global user.name '${{ secrets.GH_USER_NAME }}' | |
git config --global user.email '${{ secrets.GH_USER_EMAIL }}' | |
- name: Install Dependencies | |
run: pnpm install | |
- name: Get package.json version | |
id: get-version | |
run: echo "version=$(cat package.json | jq -r '.version' | sed 's/^/v/')" >> $GITHUB_OUTPUT | |
- name: Validate tag | |
id: validate-tag | |
run: test "$(git tag -l '${{ steps.get-version.outputs.version }}' | awk '{print $NF}')" = "${{ steps.get-version.outputs.version }}" || echo "new-tag=true" >> $GITHUB_OUTPUT | |
- name: Tag and release on Github | |
if: ${{ steps.validate-tag.outputs.new-tag }} | |
run: pnpm run release:tag | |
env: | |
GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} | |
- name: Publish to npm | |
if: ${{ steps.validate-tag.outputs.new-tag }} | |
run: | | |
npm config set "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" | |
pnpm publish --access public | |
env: | |
NPM_CONFIG_PROVENANCE: true |