Add lint:ci script to test package.json

Co-authored-by: neilime <[email protected]>
Signed-off-by: Emilien Escalle <[email protected]>

Author: Copilot

.github/linters/actionlint.yml

@@ -8,3 +8,4 @@ paths:
       - '"env" section must be mapping node but got scalar node'
       - '"ports" section must be sequence node but got scalar node'
       - '"volumes" section must be sequence node but got scalar node'
+      - '"runs-on" section is alias node but mapping node is expected'

.github/workflows/continuous-integration.md

@@ -56,28 +56,21 @@ on:
           Whether to enable linting.
           Set to `null` or empty to disable.
           Accepts a JSON object for lint options. See [lint action](../actions/lint/README.md).
-
-          Supported options:
-          - `command`: NPM script to run (default: "lint:ci"). The command should generate lint report files.
-          - `report-file`: Path to lint report file for annotations.
-
-          Example:
-          ```json
-          {
-            "command": "lint:ci",
-            "report-file": "reports/eslint.json"
-          }
-          ```
         type: string
         required: false
         default: "true"
       code-ql:
-        description: "Code QL analysis language. See <https://github.com/github/codeql-action>."
+        description: |
+          Code QL analysis language.
+          See https://github.com/github/codeql-action.
         type: string
         required: false
         default: "typescript"
       dependency-review:
-        description: "Enable dependency review scan. See <https://github.com/actions/dependency-review-action>."
+        description: |
+          Enable dependency review scan.
+          Works with public repositories and private repositories with a GitHub Advanced Security license.
+          See https://github.com/actions/dependency-review-action.
         type: boolean
         required: false
         default: true
@@ -86,20 +79,6 @@ on:
           Whether to enable testing.
           Set to `null` or empty to disable.
           Accepts a JSON object for test options. See [test action](../actions/test/README.md).
-
-          Supported options:
-          - `command`: NPM script to run (default: "test:ci"). The command should generate coverage report files.
-          - `coverage`: Coverage reporter ("github", "codecov", or "" for none).
-          - `coverage-files`: Path to coverage files for reporting.
-
-          Example:
-          ```json
-          {
-            "command": "test:ci",
-            "coverage": "github",
-            "coverage-files": "coverage/cobertura-coverage.xml"
-          }
-          ```
         type: string
         required: false
         default: "true"
@@ -114,11 +93,13 @@ on:
           Accepts either a string (container image name) or a JSON object with container options.
 
           String format (simple):
+
           ```yml
           container: "node:18"
           ```
 
           JSON object format (advanced):
+
           ```json
           {
             "image": "node:18",
@@ -159,6 +140,11 @@ on:
           Used when the container image is hosted in a private registry.
           See https://docs.github.com/en/actions/how-tos/write-workflows/choose-where-workflows-run/run-jobs-in-a-container#defining-credentials-for-a-container-registry.
         required: false
+      github-token:
+        description: |
+          GitHub token to use for authentication.
+          Defaults to `GITHUB_TOKEN` if not provided.
+        required: false
     outputs:
       build-artifact-id:
         description: "ID of the build artifact) uploaded during the build step."
@@ -169,7 +155,7 @@ permissions: {}
 jobs:
   prepare:
     name: 📦 Prepare configuration
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
+    runs-on: &ci-runner ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
     permissions: {}
     outputs:
       container-image: ${{ steps.parse.outputs.container-image }}
@@ -203,8 +189,8 @@ jobs:
               try {
                 const parsedContainer = JSON.parse(containerInput);
                 core.debug(`Parsed container input as JSON: ${JSON.stringify(parsedContainer)}`);
-                container = { 
-                  ...container, 
+                container = {
+                  ...container,
                   ...parsedContainer,
                   options: `${container.options} ${parsedContainer.options || ''}`.trim()
                 };
@@ -254,7 +240,7 @@ jobs:
     if: inputs.checks == true && inputs.code-ql != ''
     permissions:
       security-events: write
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
+    runs-on: *ci-runner
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@d95c78dc4b10250a07e227d3ddf33b0ea093e28d # 0.29.0
       - uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
@@ -267,32 +253,35 @@ jobs:
     if: github.event_name == 'pull_request' && inputs.checks == true && inputs.dependency-review
     permissions:
       contents: read
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
+    runs-on: *ci-runner
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@d95c78dc4b10250a07e227d3ddf33b0ea093e28d # 0.29.0
       - uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
 
   setup:
     name: ⚙️ Setup
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
-    needs: prepare
-    container: &container-setup
+    runs-on: *ci-runner
+    needs:
+      - prepare
+    permissions:
+      contents: read
+      packages: read
+      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
+      id-token: write
+    container: &ci-container
       image: ${{ needs.prepare.outputs.container-image || '' }}
       env: ${{ fromJSON(needs.prepare.outputs.container-env || '{}') }}
       options: ${{ needs.prepare.outputs.container-options || ' ' }}
       ports: ${{ fromJSON(needs.prepare.outputs.container-ports || '[]') }}
       volumes: ${{ fromJSON(needs.prepare.outputs.container-volumes || '[]') }}
       credentials: ${{ fromJSON(needs.prepare.outputs.container-username && format('{{"username":{0},"password":{1}}}',toJSON(needs.prepare.outputs.container-username),toJSON(secrets.container-password)) || '{}') }}
-    permissions:
-      contents: read
-      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
-      id-token: write
     outputs:
       build-env: ${{ steps.build-variables.outputs.env }}
       build-commands: ${{ steps.build-variables.outputs.commands }}
       build-artifact: ${{ steps.build-variables.outputs.artifact }}
     steps:
-      - if: needs.prepare.outputs.container-image == null
+      - name: Checkout repository
+        if: inputs.container == ''
         uses: hoverkraft-tech/ci-github-common/actions/checkout@d95c78dc4b10250a07e227d3ddf33b0ea093e28d # 0.29.0
 
       - id: build-variables
@@ -395,21 +384,21 @@ jobs:
             core.setOutput('env', JSON.stringify(env));
 
   lint:
+    if: ${{ inputs.checks == true && inputs.lint }}
     name: 👕 Lint
-    if: inputs.checks == true && inputs.lint
+    runs-on: *ci-runner
+    container: *ci-container
     needs:
       - prepare
       - setup
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
-    container: *container-setup
-    # jscpd:ignore-start
     permissions:
       contents: read
+      packages: read
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       id-token: write
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@d95c78dc4b10250a07e227d3ddf33b0ea093e28d # 0.29.0
-        if: needs.prepare.outputs.container-image == null
+        if: inputs.container == ''
 
       - id: oidc
         uses: ChristopherHX/oidc@73eee1ff03fdfce10eda179f617131532209edbd # v3
@@ -423,7 +412,7 @@ jobs:
       - run: |
           if [ -f .gitignore ]; then grep -q "self-workflow" .gitignore || echo "self-workflow" >> .gitignore; else echo "self-workflow" >> .gitignore; fi
           if [ -f .dockerignore ]; then grep -q "self-workflow" .dockerignore || echo "self-workflow" >> .dockerignore; else echo "self-workflow" >> .dockerignore; fi
-      # jscpd:ignore-end
+
       - id: preparel-lint-options
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
@@ -446,42 +435,32 @@ jobs:
             core.setOutput('command', lintOptions.command || 'lint:ci');
             core.setOutput('report-file', lintOptions['report-file'] || '');
 
-      - uses: ./self-workflow/actions/lint
+      - name: Run lint
+        uses: ./self-workflow/actions/lint
         with:
           working-directory: ${{ inputs.working-directory }}
-          container: ${{ needs.prepare.outputs.container-image && 'true' || 'false' }}
+          container: ${{ inputs.container != '' && 'true' || 'false' }}
           command: ${{ steps.preparel-lint-options.outputs.command }}
           report-file: ${{ steps.preparel-lint-options.outputs.report-file }}
 
-      - name: 🔄 Rewrite lint report paths (container mode)
-        if: always() && needs.prepare.outputs.container-image
-        uses: ./self-workflow/actions/rewrite-report-paths
-        with:
-          working-directory: ${{ inputs.working-directory }}
-          report-files: |
-            **/*eslint*.json
-            **/*checkstyle*.xml
-            reports/**/*.json
-            reports/**/*.xml
-
   build:
+    if: ${{ inputs.checks == true }}
     name: 🏗️ Build
-    if: inputs.checks == true
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
-    container: *container-setup
-    # jscpd:ignore-start
+    runs-on: *ci-runner
+    container: *ci-container
     needs:
       - prepare
       - setup
     permissions:
       contents: read
+      packages: read
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       id-token: write
     outputs:
       artifact-id: ${{ steps.build.outputs.artifact-id }}
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@d95c78dc4b10250a07e227d3ddf33b0ea093e28d # 0.29.0
-        if: needs.setup.outputs.build-commands && needs.prepare.outputs.container-image == null
+        if: needs.setup.outputs.build-commands && inputs.container == ''
 
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       - id: oidc
@@ -499,37 +478,38 @@ jobs:
         run: |
           if [ -f .gitignore ]; then grep -q "self-workflow" .gitignore || echo "self-workflow" >> .gitignore; else echo "self-workflow" >> .gitignore; fi
           if [ -f .dockerignore ]; then grep -q "self-workflow" .dockerignore || echo "self-workflow" >> .dockerignore; else echo "self-workflow" >> .dockerignore; fi
-      # jscpd:ignore-end
+
       - id: build
         if: needs.setup.outputs.build-commands
         uses: ./self-workflow/actions/build
         with:
+          container: ${{ inputs.container != '' && 'true' || 'false' }}
           working-directory: ${{ inputs.working-directory }}
+          build-secrets: ${{ secrets.build-secrets }}
           build-commands: ${{ needs.setup.outputs.build-commands }}
           build-env: ${{ needs.setup.outputs.build-env }}
-          build-secrets: ${{ secrets.build-secrets }}
           build-artifact: ${{ needs.setup.outputs.build-artifact }}
-          container: ${{ needs.prepare.outputs.container-image && 'true' || 'false' }}
 
   test:
+    if: ${{ inputs.checks == true && inputs.test }}
     name: 🧪 Test
-    if: inputs.checks == true && inputs.test
-    runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
-    container: *container-setup
+    runs-on: *ci-runner
+    container: *ci-container
     needs:
       - prepare
       - setup
       - build
     permissions:
       contents: read
       pull-requests: write
+      packages: read
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       id-token: write
     steps:
       - uses: hoverkraft-tech/ci-github-common/actions/checkout@d95c78dc4b10250a07e227d3ddf33b0ea093e28d # 0.29.0
-        if: needs.prepare.outputs.container-image == null
+        if: inputs.container == ''
 
-      - if: needs.build.outputs.artifact-id && needs.prepare.outputs.container-image == null
+      - if: needs.build.outputs.artifact-id && inputs.container == ''
         uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           artifact-ids: ${{ needs.build.outputs.artifact-id }}
@@ -575,22 +555,12 @@ jobs:
             core.setOutput('coverage-files', testOptions['coverage-files'] || '');
             core.setOutput('command', testOptions.command || 'test:ci');
 
-      - uses: ./self-workflow/actions/test
+      - name: Run tests
+        uses: ./self-workflow/actions/test
         with:
           working-directory: ${{ inputs.working-directory }}
-          container: ${{ needs.prepare.outputs.container-image && 'true' || 'false' }}
+          container: ${{ inputs.container != '' && 'true' || 'false' }}
           command: ${{ steps.prepare-test-options.outputs.command }}
           coverage: ${{ steps.prepare-test-options.outputs.coverage }}
           coverage-files: ${{ steps.prepare-test-options.outputs.coverage-files }}
-          github-token: ${{ github.token }}
-
-      - name: 🔄 Rewrite coverage report paths (container mode)
-        if: always() && needs.prepare.outputs.container-image
-        uses: ./self-workflow/actions/rewrite-report-paths
-        with:
-          working-directory: ${{ inputs.working-directory }}
-          report-files: |
-            coverage/**/*.xml
-            coverage/**/*.info
-            coverage/**/*.json
-            test-results/**/*.xml
+          github-token: ${{ secrets.github-token || github.token }}