ci(workflows): [ci] workflow improvements

Signed-off-by: Lexus Drumgold <[email protected]>

Author: unicornware

.github/infrastructure.yml

@@ -28,7 +28,6 @@ branches:
           - context: commitlint
           - context: dependabot-dedupe
           - context: format
-          - context: gitguardian
           - context: lint
           - context: spelling
           - context: test (24)

.github/workflows/ci.yml

@@ -12,7 +12,6 @@
 # - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request
 # - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push
 # - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch
-# - https://github.com/GitGuardian/ggshield-action
 # - https://github.com/actions/cache
 # - https://github.com/actions/cache/discussions/650
 # - https://github.com/actions/checkout
@@ -21,8 +20,13 @@
 # - https://github.com/actions/upload-artifact
 # - https://github.com/andstor/file-existence-action
 # - https://github.com/codecov/codecov-action
+# - https://github.com/codecov/test-results-action
+# - https://github.com/dprint/check
 # - https://github.com/flex-development/grease
+# - https://github.com/flex-development/jq-action
+# - https://github.com/flex-development/manver-action
 # - https://github.com/hmarr/debug-action
+# - https://github.com/streetsidesoftware/cspell-action
 # - https://yarnpkg.com/cli/pack
 
 ---
@@ -54,7 +58,7 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       cache-key: ${{ steps.cache-key.outputs.result }}
-      version: ${{ steps.version.outputs.result }}
+      version: ${{ steps.version.outputs.build }}
     steps:
       - id: debug
         name: Print environment variables and event payload
@@ -75,24 +79,20 @@ jobs:
       - id: dependencies
         name: Install dependencies
         env:
-          YARN_ENABLE_IMMUTABLE_INSTALLS: ${{ github.actor != 'dependabot[bot]' }}
+          YARN_ENABLE_IMMUTABLE_INSTALLS: ${{ github.actor != vars.DEPENDABOT }}
         run: yarn
       - id: cache-key
         name: Get cache key
-        run: echo "result=${{ runner.os }}-${{ github.run_id }}" >>$GITHUB_OUTPUT
+        run: echo "result=${{ hashFiles('yarn.lock') }}" >>$GITHUB_OUTPUT
       - id: cache
         name: Cache dependencies
         uses: actions/[email protected]
         with:
           key: ${{ steps.cache-key.outputs.result }}
           path: ${{ env.CACHE_PATH }}
-      - id: version-manifest
-        name: Get manifest version
-        run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT
       - id: version
-        name: Get build version
-        run: |
-          echo "result=${{ startsWith(github.head_ref || github.ref_name, 'release/') && steps.version-manifest.outputs.result || format('{0}+{1}', steps.version-manifest.outputs.result, github.event.pull_request.head.sha || github.sha) }}" >>$GITHUB_OUTPUT
+        name: Extract version metadata
+        uses: flex-development/[email protected]
   commitlint:
     needs: preflight
     runs-on: ubuntu-latest
@@ -121,31 +121,8 @@ jobs:
         name: Check commitlint status
         if: github.run_number != '1'
         run: yarn commitlint --from $SHA~${{ github.event.pull_request.commits || 1 }} --to $SHA
-  gitguardian:
-    needs: commitlint
-    runs-on: ubuntu-latest
-    steps:
-      - id: checkout
-        name: Checkout
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-      - id: scan
-        name: Scan commits with ggshield
-        uses: GitGuardian/[email protected]
-        env:
-          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
-          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
-          GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
-          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
-          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
-        with:
-          args: --all-policies --format sarif --show-secrets --with-incident-details --verbose
   format:
-    needs:
-      - commitlint
-      - gitguardian
-      - preflight
+    needs: preflight
     runs-on: ubuntu-latest
     steps:
       - id: checkout
@@ -167,14 +144,21 @@ jobs:
         with:
           key: ${{ needs.preflight.outputs.cache-key }}
           path: ${{ env.CACHE_PATH }}
-      - id: format
-        name: Check code formatting
-        run: yarn check:format
+      - id: version
+        name: Get dprint version
+        uses: flex-development/[email protected]
+        with:
+          data: package.json
+          filter: .devDependencies.dprint
+      - id: check
+        name: Check formatting
+        uses: dprint/[email protected]
+        with:
+          args: --config-discovery=false --incremental=false --log-level=info
+          config-path: .dprint.jsonc
+          dprint-version: ${{ steps.version.outputs.result }}
   lint:
-    needs:
-      - commitlint
-      - gitguardian
-      - preflight
+    needs: preflight
     runs-on: ubuntu-latest
     steps:
       - id: checkout
@@ -196,46 +180,36 @@ jobs:
         with:
           key: ${{ needs.preflight.outputs.cache-key }}
           path: ${{ env.CACHE_PATH }}
+      - id: remark
+        name: Check markdown files
+        run: yarn remark
       - id: lint
-        name: Check lint status
+        name: Check eslint files
         run: yarn check:lint
   spelling:
-    needs:
-      - commitlint
-      - gitguardian
-      - preflight
     runs-on: ubuntu-latest
     steps:
       - id: checkout
         name: Checkout ${{ env.REF_NAME }}
         uses: actions/[email protected]
         with:
+          fetch-depth: ${{ github.event_name == 'pull_request' && 0 || 1 }}
           persist-credentials: false
           ref: ${{ env.REF }}
-      - id: node
-        name: Setup Node.js
-        uses: actions/[email protected]
-        with:
-          cache: yarn
-          cache-dependency-path: yarn.lock
-          node-version-file: .nvmrc
-      - id: cache
-        name: Restore dependencies cache
-        uses: actions/[email protected]
-        with:
-          key: ${{ needs.preflight.outputs.cache-key }}
-          path: ${{ env.CACHE_PATH }}
       - id: spelling
         name: Check spelling
-        run: yarn check:spelling
+        uses: streetsidesoftware/[email protected]
+        with:
+          check_dot_files: true
+          config: .cspell.json
+          incremental_files_only: ${{ github.event_name != 'pull_request' }}
+          inline: error
+          root: ${{ github.workspace }}
+          treat_flagged_words_as_errors: true
+          verbose: true
   typescript:
-    needs:
-      - commitlint
-      - gitguardian
-      - preflight
+    needs: preflight
     runs-on: ubuntu-latest
-    env:
-      VITEST_REPORT: ./.vitest-reports/typecheck.blob.json
     steps:
       - id: checkout
         name: Checkout ${{ env.REF_NAME }}
@@ -256,34 +230,28 @@ jobs:
         with:
           key: ${{ needs.preflight.outputs.cache-key }}
           path: ${{ env.CACHE_PATH }}
-      - id: print-version
-        name: Print TypeScript version
-        run: jq .devDependencies.typescript package.json -r
       - id: typecheck
         name: Run typecheck
         run: yarn typecheck
       - id: report
         name: Upload report
         uses: actions/[email protected]
         with:
-          name: ${{ format('typecheck-{0}.blob.json', env.SHA) }}
-          path: ${{ env.VITEST_REPORT }}
+          name: ${{ format('{0}.typecheck.blob.json', env.SHA) }}
+          path: ./.vitest-reports/typecheck.blob.json
   test:
-    needs:
-      - commitlint
-      - gitguardian
-      - preflight
+    needs: preflight
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         node-version:
           - 24
     env:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       COVERAGE_SUMMARY: ./coverage/coverage-summary.json
       NODE_NO_WARNINGS: 1
       PCT: .total.branches.pct + .total.functions.pct + .total.lines.pct + .total.statements.pct
-      VITEST_REPORT: ./.vitest-reports/test.blob.json
     steps:
       - id: checkout
         name: Checkout ${{ env.REF_NAME }}
@@ -307,50 +275,62 @@ jobs:
           path: ${{ env.CACHE_PATH }}
       - id: test
         name: Run tests
-        env:
-          TZ: ${{ vars.TZ }}
-        run: |
-          yarn test:cov --coverage.thresholds.100=false \
-          && echo "coverage=$(jq '${{ env.PCT }}' ${{ env.COVERAGE_SUMMARY }} -r)" >>$GITHUB_OUTPUT
+        run: yarn test:cov --coverage.thresholds.100=false
+      - id: coverage
+        name: Get coverage points
+        uses: flex-development/[email protected]
+        with:
+          data: ${{ env.COVERAGE_SUMMARY }}
+          filter: "'${{ env.PCT }}'"
       - id: pct
         name: Print coverage points
-        run: echo ${{ steps.test.outputs.coverage }}
+        run: echo ${{ steps.coverage.outputs.result }}
       - id: report
         name: Upload report
         uses: actions/[email protected]
         with:
-          name: ${{ format('test-node{0}-{1}.blob.json', matrix.node-version, env.SHA) }}
-          path: ${{ env.VITEST_REPORT }}
+          name: ${{ format('{0}.{1}.blob.json', env.SHA, matrix.node-version) }}
+          path: ./.vitest-reports/test.blob.json
       - id: coverage-summary
         name: Upload coverage summary
         uses: actions/[email protected]
         with:
-          name: ${{ format('coverage-node{0}-{1}.json', matrix.node-version, env.SHA) }}
+          name: ${{ format('{0}.{1}.coverage.json', env.SHA, matrix.node-version) }}
           path: ${{ env.COVERAGE_SUMMARY }}
-      - id: codecov
+      - id: codecov-results
+        if: ${{ !cancelled() }}
+        name: Upload test results to Codecov
+        uses: codecov/[email protected]
+        with:
+          disable_search: true
+          env_vars: GITHUB_JOB,GITHUB_REF_TYPE
+          fail_ci_if_error: true
+          files: ./__tests__/reports/junit.xml
+          flags: ${{ format('node{0}', matrix.node-version) }}
+          name: ${{ format('{0}.node{1}', env.SHA, matrix.node-version) }}
+          override_branch: ${{ env.REF_NAME }}
+          verbose: true
+      - id: codecov-coverage
         name: Upload coverage report to Codecov
         uses: codecov/[email protected]
         with:
+          disable_file_fixes: true
+          disable_search: true
           env_vars: GITHUB_JOB,GITHUB_REF_TYPE
           fail_ci_if_error: true
           files: ./coverage/lcov.info
           flags: ${{ format('node{0}', matrix.node-version) }}
-          name: ${{ format('node{0}-{1}', matrix.node-version, env.SHA) }}
-          override_branch: ${{ env.REF }}
-          override_build: ${{ github.run_id }}
-          override_commit: ${{ env.SHA }}
-          token: ${{ secrets.CODECOV_TOKEN }}
+          name: ${{ format('{0}.node{1}', env.SHA, matrix.node-version) }}
+          override_branch: ${{ env.REF_NAME }}
           verbose: true
-          working-directory: ${{ github.workspace }}
       - id: coverage-failure
-        if: steps.test.outputs.coverage != '400'
-        name: Coverage threshold failure (${{ steps.test.outputs.coverage }})
+        if: fromJson(steps.coverage.outputs.result) != 400
+        name: Coverage threshold failure (${{ steps.coverage.outputs.result }})
         run: yarn test:cov:reports
   artifacts:
     needs:
       - commitlint
       - format
-      - gitguardian
       - lint
       - preflight
       - spelling
@@ -384,7 +364,7 @@ jobs:
           path: ${{ env.CACHE_PATH }}
       - id: local-binaries
         name: Add local binaries to $PATH
-        run: echo "$GITHUB_WORKSPACE/$CACHE_PATH/.bin" >> $GITHUB_PATH
+        run: echo "$GITHUB_WORKSPACE/node_modules/.bin" >> $GITHUB_PATH
       - id: changelog
         name: Changelog preview
         env: