chore: update dependencies #206
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node CI | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| tags: | |
| - 'v[0-9]+.[0-9]+.[0-9]+*' | |
| pull_request: | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| # only run for tags | |
| if: contains(github.ref, 'refs/tags/') | |
| needs: | |
| - validate-dependencies | |
| permissions: | |
| contents: read | |
| attestations: write # needed for provenance | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Use Node.js 22.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| - name: Check release is desired | |
| id: do-publish | |
| run: | | |
| corepack enable | |
| if [ -z "${{ secrets.NPM_TOKEN }}" ]; then | |
| echo "No Token" | |
| else | |
| PUBLISHED_VERSION=$(yarn npm info --json . | jq -c '.version' -r) | |
| THIS_VERSION=$(node -p "require('./package.json').version") | |
| # Simple bash helper to comapre version numbers | |
| verlte() { | |
| [ "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ] | |
| } | |
| verlt() { | |
| [ "$1" = "$2" ] && return 1 || verlte $1 $2 | |
| } | |
| if verlt $PUBLISHED_VERSION $THIS_VERSION | |
| then | |
| echo "Publishing latest" | |
| echo "tag=latest" >> $GITHUB_OUTPUT | |
| else | |
| echo "Publishing hotfix" | |
| echo "tag=hotfix" >> $GITHUB_OUTPUT | |
| fi | |
| fi | |
| - name: Prepare build | |
| if: ${{ steps.do-publish.outputs.tag }} | |
| run: | | |
| yarn install | |
| env: | |
| CI: true | |
| - name: Publish to NPM | |
| if: ${{ steps.do-publish.outputs.tag }} | |
| run: | | |
| yarn config set npmAuthToken $NPM_AUTH_TOKEN | |
| NEW_VERSION=$(node -p "require('./package.json').version") | |
| yarn npm publish --access=public --provenance --tag ${{ steps.do-publish.outputs.tag }} | |
| echo "**Published:** $NEW_VERSION" >> $GITHUB_STEP_SUMMARY | |
| env: | |
| NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| CI: true | |
| validate-dependencies: | |
| name: Validate production dependencies | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Use Node.js 22.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| - name: Prepare Environment | |
| run: | | |
| corepack enable | |
| yarn install | |
| env: | |
| CI: true | |
| - name: Validate production dependencies | |
| run: | | |
| if ! git log --format=oneline -n 1 | grep -q "\[ignore-audit\]"; then | |
| yarn validate:dependencies | |
| else | |
| echo "Skipping audit" | |
| fi | |
| env: | |
| CI: true | |
| validate-all-dependencies: | |
| name: Validate all dependencies | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Use Node.js 22.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| - name: Prepare Environment | |
| run: | | |
| corepack enable | |
| yarn install | |
| env: | |
| CI: true | |
| - name: Validate production dependencies | |
| run: | | |
| yarn validate:dependencies | |
| env: | |
| CI: true | |
| - name: Validate dev dependencies | |
| run: | | |
| yarn validate:dev-dependencies | |
| env: | |
| CI: true |