Skip to content

[Snyk] Security upgrade sanity from 3.38.0 to 3.67.0 #54

[Snyk] Security upgrade sanity from 3.38.0 to 3.67.0

[Snyk] Security upgrade sanity from 3.38.0 to 3.67.0 #54

Workflow file for this run

---
name: CI & Release
# Workflow name based on selected inputs. Fallback to default Github naming when expression evaluates to empty string
run-name: >-
${{
inputs.release && inputs.test && 'Build ➤ Test ➤ Publish to NPM' ||
inputs.release && !inputs.test && 'Build ➤ Skip Tests ➤ Publish to NPM' ||
github.event_name == 'workflow_dispatch' && inputs.test && 'Build ➤ Test' ||
github.event_name == 'workflow_dispatch' && !inputs.test && 'Build ➤ Skip Tests' ||
''
}}
on:
# Build on pushes branches that have a PR (including drafts)
pull_request:
# Build on commits pushed to branches without a PR if it's in the allowlist
push:
branches: [main, studio-v2]
# https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
workflow_dispatch:
inputs:
test:
description: Run tests
required: true
default: true
type: boolean
release:
description: Release new version
required: true
default: false
type: boolean
concurrency:
# On PRs builds will cancel if new pushes happen before the CI completes, as it defines `github.head_ref` and gives it the name of the branch the PR wants to merge into
# Otherwise `github.run_id` ensures that you can quickly merge a queue of PRs without causing tests to auto cancel on any of the commits pushed to main.
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
log-the-inputs:
name: Log inputs
runs-on: ubuntu-latest
steps:
- run: |
echo "Inputs: $INPUTS"
env:
INPUTS: ${{ toJSON(inputs) }}
build:
runs-on: ubuntu-latest
name: Lint & Build
steps:
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
- uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
with:
cache: npm
node-version: lts/*
- run: npm ci
# Linting can be skipped
- run: npm run lint --if-present
if: github.event.inputs.test != 'false'
# But not the build script, as semantic-release will crash if this command fails so it makes sense to test it early
- run: npm run prepublishOnly --if-present
test:
needs: build
# The test matrix can be skipped, in case a new release needs to be fast-tracked and tests are already passing on main
if: github.event.inputs.test != 'false'
runs-on: ${{ matrix.os }}
name: Node.js ${{ matrix.node }} / ${{ matrix.os }}
strategy:
# A test failing on windows doesn't mean it'll fail on macos. It's useful to let all tests run to its completion to get the full picture
fail-fast: false
matrix:
# Run the testing suite on each major OS with the latest LTS release of Node.js
os: [macos-latest, ubuntu-latest, windows-latest]
node: [lts/*]
# It makes sense to also test the oldest, and latest, versions of Node.js, on ubuntu-only since it's the fastest CI runner
include:
- os: ubuntu-latest
# Test the oldest LTS release of Node that's still receiving bugfixes and security patches, versions older than that have reached End-of-Life
node: lts/-2
- os: ubuntu-latest
# Test the actively developed version that will become the latest LTS release next October
node: current
steps:
# It's only necessary to do this for windows, as mac and ubuntu are sane OS's that already use LF
- name: Set git to use LF
if: matrix.os == 'windows-latest'
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
- uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
with:
cache: npm
node-version: ${{ matrix.node }}
- run: npm i
- run: npm test --if-present
release:
needs: [build, test]
# only run if opt-in during workflow_dispatch
if: always() && github.event.inputs.release == 'true' && needs.build.result != 'failure' && needs.test.result != 'failure' && needs.test.result != 'cancelled'
runs-on: ubuntu-latest
name: Semantic release
steps:
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
with:
# Need to fetch entire commit history to
# analyze every commit since last release
fetch-depth: 0
- uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
with:
cache: npm
node-version: lts/*
- run: npm ci
# Branches that will release new versions are defined in .releaserc.json
- run: npx semantic-release
# Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state
# e.g. git tags were pushed but it exited before `npm publish`
if: always()
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
# Re-run semantic release with rich logs if it failed to publish for easier debugging
- run: npx semantic-release --dry-run --debug
if: failure()
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}