ci: set persist-credentials to false for checkout action #1336
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node CI | |
on: | |
push: | |
branches: | |
- '**' | |
tags: | |
- '[0-9]+.[0-9]+.[0-9]+*' | |
pull_request: | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
lib-name: [timeline-state-resolver, timeline-state-resolver-types, quick-tsr] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.node-version' | |
- name: Prepare Environment | |
run: | | |
yarn config set cacheFolder /home/runner/lint-${{ matrix.lib-name }}-cache | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Run typecheck and linter | |
run: | | |
cd packages/${{ matrix.lib-name }} | |
yarn lint | |
env: | |
CI: true | |
docs: | |
name: Check docs generation | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.node-version' | |
- name: Prepare Environment | |
run: | | |
yarn config set cacheFolder /home/runner/docs-cache | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Generate docs | |
run: | | |
yarn docs | |
env: | |
CI: true | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: [14.x, 16.x, 18.x, 20.x] | |
lib-name: [timeline-state-resolver, timeline-state-resolver-types] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Prepare Environment | |
run: | | |
yarn config set cacheFolder /home/runner/test-${{ matrix.lib-name }}-${{ matrix.node-version }}-cache | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Run tests | |
run: | | |
cd packages/${{ matrix.lib-name }} | |
yarn unitci | |
env: | |
CI: true | |
- name: Send coverage | |
if: matrix.node-version == '16.x' | |
uses: codecov/codecov-action@v4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
# - name: Check docs generation | |
# if: matrix.node-version == '16.x' | |
# run: | | |
# yarn docs:test | |
# env: | |
# CI: true | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
# only run for tags | |
if: contains(github.ref, 'refs/tags/') | |
needs: | |
- test | |
# - validate-dependencies | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.node-version' | |
- name: Check release is desired | |
id: do-publish | |
run: | | |
if [ -z "${{ secrets.NPM_TOKEN }}" ]; then | |
echo "No Token" | |
else | |
# Use the timeline-state-resolver packkage to choose 'hotfix' or 'latest' | |
PACKAGE_NAME=timeline-state-resolver | |
PUBLISHED_VERSION=$(yarn npm info --json $PACKAGE_NAME | jq -c '.version' -r) | |
THIS_VERSION=$(node -p "require('./lerna.json').version") | |
# Simple bash helper to comapre version numbers | |
verlte() { | |
[ "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ] | |
} | |
verlt() { | |
[ "$1" = "$2" ] && return 1 || verlte $1 $2 | |
} | |
if verlt $PUBLISHED_VERSION $THIS_VERSION | |
then | |
echo "Publishing latest" | |
echo "tag=latest" >> $GITHUB_OUTPUT | |
else | |
echo "Publishing hotfix" | |
echo "tag=hotfix" >> $GITHUB_OUTPUT | |
fi | |
fi | |
- name: Prepare build | |
if: ${{ steps.do-publish.outputs.tag }} | |
run: | | |
yarn config set cacheFolder /home/runner/release-cache | |
yarn install | |
yarn build | |
env: | |
CI: true | |
- name: Publish to NPM | |
if: ${{ steps.do-publish.outputs.tag }} | |
run: | | |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc | |
git checkout .yarnrc.yml | |
yarn lerna publish from-package --tag-version-prefix='' --dist-tag ${{ steps.do-publish.outputs.tag }} --yes --no-verify-access | |
env: | |
CI: true | |
- name: Generate docs | |
if: ${{ steps.do-publish.outputs.tag }} == 'latest' | |
run: | | |
yarn docs | |
- name: Publish docs | |
uses: peaceiris/actions-gh-pages@v4 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs | |
validate-dependencies: | |
name: Validate production dependencies | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
lib-name: [timeline-state-resolver, timeline-state-resolver-types] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.node-version' | |
- name: Prepare Environment | |
run: | | |
yarn config set cacheFolder /home/runner/validate-deps-${{ matrix.lib-name }}-cache | |
yarn install | |
env: | |
CI: true | |
- name: Validate production dependencies | |
run: | | |
if ! git log --format=oneline -n 1 | grep -q "\[ignore-audit\]"; then | |
cd packages/${{ matrix.lib-name }} | |
yarn validate:dependencies | |
else | |
echo "Skipping audit" | |
fi | |
env: | |
CI: true | |
validate-all-dependencies: | |
name: Validate all dependencies | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
lib-name: [timeline-state-resolver, timeline-state-resolver-types] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Use Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.node-version' | |
- name: Prepare Environment | |
run: | | |
yarn config set cacheFolder /home/runner/validate-all-deps-${{ matrix.lib-name }}-cache | |
yarn install | |
env: | |
CI: true | |
- name: Validate production dependencies | |
run: | | |
cd packages/${{ matrix.lib-name }} | |
yarn validate:dependencies | |
env: | |
CI: true | |
- name: Validate dev dependencies | |
run: | | |
cd packages/${{ matrix.lib-name }} | |
yarn validate:dev-dependencies | |
env: | |
CI: true |