action-setup-node/action.yaml at master · linz/action-setup-node · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: Setup node build environment
description: |
  Configure Aikido Safe-Chain and Node environment
inputs:
  node-version:
    description: 'Version Spec of the version to use. Examples: 12.x, 10.15.1, >=10.15.0.'
  node-version-file:
    description: 'File containing the version Spec of the version to use.  Examples: package.json, .nvmrc, .node-version, .tool-versions.'
  architecture:
    description: 'Target architecture for Node to use. Examples: x86, x64. Will use system architecture by default.'
  check-latest:
    description: 'Set this option if you want the action to check for the latest available version that satisfies the version spec.'
    default: false
  registry-url:
    description: 'Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, and set up auth to read in from env.NODE_AUTH_TOKEN.'
  scope:
    description: 'Optional scope for authenticating against scoped registries. Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/).'
  token:
    description: Used to pull node distributions from node-versions. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting.
    default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
  cache:
    description: 'Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.'
  package-manager-cache:
    description: 'Set to false to disable automatic caching. By default, caching is enabled when either devEngines.packageManager or the top-level packageManager field in package.json specifies npm as the package manager.'
    default: true
  cache-dependency-path:
    description: 'Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.'
  mirror:
    description: 'Used to specify an alternative mirror to downlooad Node.js binaries from'
  mirror-token:
    description: 'The token used as Authorization header when fetching from the mirror'
outputs:
  cache-hit:
    description: 'A boolean value to indicate if a cache was hit.'
    value: ${{ steps.setup-node.outputs.cache-hit }}
  node-version:
    description: 'The installed node version.'
    value: ${{ steps.setup-node.outputs.node-version }}


runs:
  using: composite
  steps:
    - name: Setup Node.js
      id: setup-node
      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
      with:
        node-version: ${{ inputs.node-version }}
        node-version-file: ${{ inputs.node-version-file }}
        architecture: ${{ inputs.architecture }}
        check-latest: ${{ inputs.check-latest }}
        registry-url: ${{ inputs.registry-url }}
        scope: ${{ inputs.scope }}
        token: ${{ inputs.token }}
        cache: ${{ inputs.cache }}
        package-manager-cache: ${{ inputs.package-manager-cache }}
        cache-dependency-path: ${{ inputs.cache-dependency-path }}
        mirror: ${{ inputs.mirror }}
        mirror-token: ${{ inputs.mirror-token }}
    - name: Setup Aikido Safe-Chain
      shell: bash
      env:
        SAFE_CHAIN_MINIMUM_PACKAGE_AGE_EXCLUSIONS: "@linz/*,@linzjs/*,@basemaps/*"
      run: |
        set -Eeuo pipefail

        echo "SAFE_CHAIN_MINIMUM_PACKAGE_AGE_EXCLUSIONS=${SAFE_CHAIN_MINIMUM_PACKAGE_AGE_EXCLUSIONS}" >> "$GITHUB_ENV"

        MAX_ATTEMPTS=5
        DELAY=5  # seconds

        echo "Installing @aikidosec/safe-chain globally with exponential backoff (max $MAX_ATTEMPTS attempts)..."
        for ATTEMPT in $(seq 1 "$MAX_ATTEMPTS"); do
          if npm install -g "@aikidosec/safe-chain"; then
            echo "✅ @aikidosec/safe-chain installed successfully on attempt $ATTEMPT"
            break
          fi

          if [[ "$ATTEMPT" -eq "$MAX_ATTEMPTS" ]]; then
            echo "❌ Failed to install @aikidosec/safe-chain after $MAX_ATTEMPTS attempts"
            exit 1
          fi

          echo "⚠️ Attempt $ATTEMPT failed. Retrying in $DELAYs..."
          sleep "$DELAY"
          DELAY=$(( DELAY * 2 ))  # exponential backoff
        done

        # Proceed with setup after successful install
        safe-chain setup-ci
        npm config set ignore-scripts true