chore(ci): migrate circleCI CI/CD to github actions to support trusted publishing to npmjs.com

Author: ethan-ozelius-contentful

.circleci/config.yml

@@ -5,6 +5,3 @@ services:
       - dependabot
       - packages-read
       - semantic-release
-  circleci:
-    policies:
-      - semantic-release-ecosystem

.contentful/vault-secrets.yaml

@@ -0,0 +1,37 @@
+name: Build
+
+permissions:
+  contents: read
+
+on:
+  workflow_call:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+          cache: 'npm'
+
+      - name: Install latest npm
+        run: npm install -g npm@latest
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Save Build folders
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            dist
+          key: build-cache-${{ github.run_id }}-${{ github.run_attempt }}

.github/workflows/build.yaml

@@ -0,0 +1,43 @@
+name: Run Checks
+
+permissions:
+  contents: read
+
+on:
+  workflow_call:
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+          cache: 'npm'
+
+      - name: Install latest npm
+        run: npm install -g npm@latest
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Restore the build folders
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            dist
+          key: build-cache-${{ github.run_id }}-${{ github.run_attempt }}
+
+      - name: Run linter
+        run: npm run lint
+
+      - name: Check prettier formatting
+        run: npm run prettier:check
+
+      - name: Run tests
+        run: npm run test:cover

.github/workflows/check.yaml

@@ -3,11 +3,7 @@ name: "CodeQL Scan for GitHub Actions Workflows"
 
 on:
   push:
-    branches: [master]
-    paths: [".github/workflows/**"]
-  pull_request:
-    branches: [master]
-    paths: [".github/workflows/**"]
+    branches: ['*']
 
 jobs:
   analyze:
@@ -19,14 +15,14 @@ jobs:
       security-events: write
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: actions
 
       - name: Run CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: actions

.github/workflows/codeql.yml .github/workflows/codeql.yaml.github/workflows/codeql.yml renamed to .github/workflows/codeql.yaml

@@ -7,9 +7,10 @@ jobs:
     permissions:
       contents: write
       id-token: write
+      pull-requests: write
     runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
     steps:
-      - uses: contentful/github-auto-merge@v1
+      - uses: contentful/github-auto-merge@v2
         with:
-          VAULT_URL: ${{ secrets.VAULT_URL }}
+          VAULT_URL: ${{ secrets.VAULT_URL }}

…dependabot-approve-and-request-merge.yml …ependabot-approve-and-request-merge.yaml.github/workflows/dependabot-approve-and-request-merge.yml renamed to .github/workflows/dependabot-approve-and-request-merge.yaml .github/workflows/dependabot-approve-and-request-merge.yml renamed to .github/workflows/dependabot-approve-and-request-merge.yaml

@@ -0,0 +1,113 @@
+name: Create Issue on Workflow Failure
+
+permissions:
+  contents: read
+  issues: write
+
+on:
+  workflow_call:
+    inputs:
+      workflow_name:
+        description: 'Name of the failed workflow'
+        required: true
+        type: string
+      job_name:
+        description: 'Name of the failed job(s)'
+        required: false
+        type: string
+        default: 'Unknown'
+      failure_reason:
+        description: 'Reason for the failure(s)'
+        required: false
+        type: string
+        default: 'Unknown failure reason'
+
+jobs:
+  create-failure-issue:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Create Issue
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const workflowName = '${{ inputs.workflow_name }}';
+            const jobName = '${{ inputs.job_name }}';
+            const failureReason = '${{ inputs.failure_reason }}';
+            const runUrl = `${context.payload.repository.html_url}/actions/runs/${context.runId}`;
+            const commitSha = context.sha;
+            const commitUrl = `${context.payload.repository.html_url}/commit/${commitSha}`;
+            const branch = context.ref.replace('refs/heads/', '');
+            const actor = context.actor;
+            
+            // Check if there's already an open issue for this workflow
+            const existingIssues = await github.rest.issues.listForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              labels: 'workflow-failure,' + workflowName.toLowerCase().replace(/\s+/g, '-')
+            });
+            
+            const title = `🚨 Workflow Failure: ${workflowName}`;
+            const body = `## Workflow Failure Report
+            
+            **Workflow:** ${workflowName}
+            **Job:** ${jobName}
+            **Branch:** ${branch}
+            **Commit:** [${commitSha.substring(0, 7)}](${commitUrl})
+            **Triggered by:** @${actor}
+            **Run URL:** [View Failed Run](${runUrl})
+            
+            ### Failure Details
+            ${failureReason}
+            
+            ### Debugging Information
+            - **Timestamp:** ${new Date().toISOString()}
+            - **Repository:** ${context.payload.repository.full_name}
+            - **Event:** ${context.eventName}
+            
+            ### Next Steps
+            1. Check the [workflow run logs](${runUrl}) for detailed error information
+            2. Review the changes in [commit ${commitSha.substring(0, 7)}](${commitUrl})
+            3. Fix the issue and re-run the workflow
+            4. Close this issue once resolved
+            
+            ---
+            *This issue was automatically created by the failure notification workflow.*`;
+            
+            // If no existing open issue, create a new one
+            if (existingIssues.data.length === 0) {
+              await github.rest.issues.create({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: title,
+                body: body,
+                labels: [
+                  'workflow-failure',
+                  'bug',
+                  workflowName.toLowerCase().replace(/\s+/g, '-'),
+                  'automated'
+                ]
+              });
+              console.log(`Created new issue for ${workflowName} failure`);
+            } else {
+              console.log(`Issue already exists for ${workflowName} failure`);
+              // Optionally add a comment to the existing issue
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: existingIssues.data[0].number,
+                body: `## Additional Failure Report
+                
+                **New failure detected:**
+                - **Job:** ${jobName}
+                - **Commit:** [${commitSha.substring(0, 7)}](${commitUrl})
+                - **Run URL:** [View Failed Run](${runUrl})
+                - **Timestamp:** ${new Date().toISOString()}
+                
+                ${failureReason}`
+              });
+              console.log(`Added comment to existing issue for ${workflowName} failure`);
+            }

.github/dependabot.yml .github/workflows/dependabot.yaml.github/dependabot.yml renamed to .github/workflows/dependabot.yaml

@@ -0,0 +1,41 @@
+name: CI
+permissions:
+  contents: read
+
+on:
+  push:
+    branches: ['**']
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+
+  check:
+    needs: build
+    uses: ./.github/workflows/check.yaml
+
+  release:
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/beta')
+    needs: [build, check]
+    permissions:
+      contents: write
+      id-token: write
+      actions: read
+    uses: ./.github/workflows/release.yaml
+    secrets:
+      VAULT_URL: ${{ secrets.VAULT_URL }}
+
+  notify-failure:
+    if: |
+      always() && 
+      (needs.build.result == 'failure' || needs.check.result == 'failure' || needs.release.result == 'failure') && 
+      (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/next' || github.ref == 'refs/heads/beta' || github.ref == 'refs/heads/alpha')
+    needs: [build, check, release]
+    permissions:
+      contents: read
+      issues: write
+    uses: ./.github/workflows/failure-notification.yaml
+    with:
+      workflow_name: "Main CI Pipeline"
+      job_name: ${{ needs.build.result == 'failure' && 'build' || needs.check.result == 'failure' && 'check' || needs.release.result == 'failure' && 'release' || 'unknown' }}
+      failure_reason: "One or more jobs in the main CI pipeline failed. Check the workflow run for detailed error information."