fix: excplicitely require direct dependency `packageurl-js` #2582

Workflow file for this run

	# For details of what checks are run for PRs please refer below
	# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions

	name: Node CI

	on:
	push:
	branches: [ 'main', 'master', '1.0-dev' ]
	pull_request:
	workflow_dispatch:
	schedule:
	# schedule weekly tests, since dependencies are not intended to be locked
	# this means: at 23:42 on Fridays
	- cron: '42 23 * * 5'

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	env:
	NODE_ACTIVE_LTS: '20' # https://nodejs.org/en/about/releases/
	DIST_DIR: dist
	REPORTS_DIR: "CI_reports"
	TESTS_REPORTS_ARTIFACT: tests-reports

	jobs:
	build:
	name: build
	runs-on: 'ubuntu-latest'
	timeout-minutes: 10
	steps:
	- name: Checkout
	# see https://github.com/actions/checkout
	uses: actions/checkout@v4
	- name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
	# see https://github.com/actions/setup-node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_ACTIVE_LTS }}
	# cache: 'npm'
	- name: setup subject
	run: npm i --ignore-scripts --loglevel=silly
	- name: build
	run: npm run build
	- name: artifact build result
	# see https://github.com/actions/upload-artifact
	uses: actions/upload-artifact@v3
	with:
	name: ${{ env.DIST_DIR }}
	path: ${{ env.DIST_DIR }}
	if-no-files-found: error

	test-standards:
	name: test standards
	timeout-minutes: 30
	runs-on: 'ubuntu-latest'
	steps:
	- name: Checkout
	# see https://github.com/actions/checkout
	uses: actions/checkout@v4
	- name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
	# see https://github.com/actions/setup-node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_ACTIVE_LTS }}
	# cache: 'npm'
	- name: install subject
	run: npm i --loglevel=silly
	- name: run tests
	run: npm run test:standard

	test-jest:
	needs: [ 'build' ]
	name: jest (node${{ matrix.node-version }} ${{ matrix.os }})
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	node-version:
	## action based on https://github.com/actions/node-versions/releases
	## see also: https://nodejs.org/en/about/releases/
	- '20' # Current
	- '18' # Active LTS
	- '16'
	- '14'
	os:
	- ubuntu-latest
	- windows-latest
	- macos-latest
	timeout-minutes: 15
	steps:
	- name: Checkout
	# see https://github.com/actions/checkout
	uses: actions/checkout@v4
	- name: Setup Node.js ${{ matrix.node-version }}
	# see https://github.com/actions/setup-node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	# cache: 'npm'
	- name: setup subject
	shell: bash
	run: \|
	set -ex
	## dont install all the dev-packages, especially since some are not runnable on node 14.0.0
	npm i --ignore-scripts --omit=dev --only=prod --production --loglevel=silly
	## rebuild deps for which scripts were ignored, or partially installed - since "ignore-scripts" was used
	npm rebuild --loglevel=silly libxmljs2 \|\| npm uninstall --no-save libxmljs2
	## install the needed dev-deps
	npm i --no-save jest jest-junit imurmurhash fast-glob
	- name: fetch build artifact
	# see https://github.com/actions/download-artifact
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.DIST_DIR }}
	path: ${{ env.DIST_DIR }}
	- name: test
	run: >
	npm run test:jest --
	--ci
	--verbose
	--runInBand
	--logHeapUsage
	--coverage
	--coverageDirectory='${{ env.REPORTS_DIR }}/node${{ matrix.node-version }}_${{ matrix.os }}/coverage'
	env:
	JEST_JUNIT_OUTPUT_DIR: ${{ env.REPORTS_DIR }}/node${{ matrix.node-version }}_${{ matrix.os }}
	- name: artifact test logs
	if: ${{ failure() }}
	# see https://github.com/actions/upload-artifact
	uses: actions/upload-artifact@v3
	with:
	name: logs-jest_node${{ matrix.node-version }}-${{ matrix.os }}
	path: tests/_log
	if-no-files-found: error
	- name: artifact test reports
	if: ${{ ! cancelled() }}
	# see https://github.com/actions/upload-artifact
	uses: actions/upload-artifact@v3
	with:
	name: ${{ env.TESTS_REPORTS_ARTIFACT }}
	path: ${{ env.REPORTS_DIR }}
	if-no-files-found: error

	dogfooding:
	needs: [ 'build' ]
	name: dogfooding npm ${{ matrix.npm-version }}
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	include:
	- npm-version: 'latest'
	- npm-version: '^10'
	## "node": "^18.17.0 \|\| >=20.5.0"
	node-version: '^20.5'
	- npm-version: '^9'
	## "node": "^14.17.0 \|\| ^16.13.0 \|\| >=18.0.0"
	node-version: '^18'
	- npm-version: '^8'
	## "node": "^12.13.0 \|\| ^14.15.0 \|\| >=16"
	# node-version: '^16' ## cannot pin due to https://github.com/npm/cli/issues/6743
	- npm-version: '^7'
	## "node": ">=10"
	# node-version: '^14' ## cannot pin due to https://github.com/npm/cli/issues/6743
	- npm-version: '^6'
	## "node": "6 >=6.2.0 \|\| 8 \|\| >=9.3.0"
	# node-version: '^14' ## cannot pin due to https://github.com/npm/cli/issues/6743
	env:
	npm_config_engine_strict: true
	timeout-minutes: 10
	steps:
	- name: Checkout
	# see https://github.com/actions/checkout
	uses: actions/checkout@v4
	- run: mkdir -p ${{ env.REPORTS_DIR }}
	- name: Setup Node.js ${{ matrix.node-version }}
	# see https://github.com/actions/setup-node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version \|\| env.NODE_ACTIVE_LTS }}
	# cache: 'npm'
	- name: setup npm ${{ matrix.npm-version }}
	run: \|
	npm i -g npm@${{ matrix.npm-version }}
	npm --version
	- name: setup subject
	shell: bash
	run: \|
	set -ex
	npm i --ignore-scripts --omit=dev --only=prod --production --loglevel=silly
	## rebuild deps for which scripts were ignored, or partially installed - since "ignore-scripts" was used
	npm rebuild --loglevel=silly libxmljs2 \|\| npm uninstall --no-save libxmljs2
	- name: fetch build artifact
	# see https://github.com/actions/download-artifact
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.DIST_DIR }}
	path: ${{ env.DIST_DIR }}
	- name: dogfooding
	run: >
	node -- bin/cyclonedx-npm-cli.js
	--ignore-npm-errors
	--omit=dev
	--validate
	--output-file=${{ env.REPORTS_DIR }}/bom.json
	- name: artifact test reports
	if: ${{ failure() }}
	# see https://github.com/actions/upload-artifact
	uses: actions/upload-artifact@v3
	with:
	name: dogfooding-direct_npm${{ matrix.npm-version }}
	path: ${{ env.REPORTS_DIR }}
	if-no-files-found: error

	report-coverage:
	name: Publish test coverage
	needs:
	- test-jest
	runs-on: ubuntu-latest
	timeout-minutes: 5
	steps:
	- name: fetch test artifacts
	# see https://github.com/actions/download-artifact
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.TESTS_REPORTS_ARTIFACT }}
	path: ${{ env.REPORTS_DIR }}
	- name: Run codacy-coverage-reporter
	env:
	CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
	if: ${{ env.CODACY_PROJECT_TOKEN != '' }} ## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
	# see https://github.com/codacy/codacy-coverage-reporter-action
	uses: codacy/codacy-coverage-reporter-action@v1
	with:
	project-token: ${{ env.CODACY_PROJECT_TOKEN }}
	coverage-reports: ${{ env.REPORTS_DIR }}/*/coverage/clover.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: excplicitely require direct dependency `packageurl-js` #2582

Workflow file

fix: excplicitely require direct dependency `packageurl-js` #2582

Jobs

Run details

Workflow file for this run

fix: excplicitely require direct dependency packageurl-js #2582

Workflow file

Workflow file for this run

fix: excplicitely require direct dependency `packageurl-js` #2582