chore: postinstall for dependabot template-oss PR

.eslintrc.js

@@ -10,6 +10,9 @@ const localConfigs = readdir(__dirname)
 
 module.exports = {
   root: true,
+  ignorePatterns: [
+    'tap-testdir*/',
+  ],
   extends: [
     '@npmcli',
     ...localConfigs,

.github/actions/create-check/action.yml

@@ -0,0 +1,52 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+name: 'Create Check'
+inputs:
+  name:
+    required: true
+  token:
+    required: true
+  sha:
+    required: true
+  check-name:
+    default: ''
+outputs:
+  check-id:
+    value: ${{ steps.create-check.outputs.check_id }}
+runs:
+  using: "composite"
+  steps:
+    - name: Get Workflow Job
+      uses: actions/github-script@v6
+      id: workflow
+      env:
+        JOB_NAME: "${{ inputs.name }}"
+        SHA: "${{ inputs.sha }}"
+      with:
+        result-encoding: string
+        script: |
+          const { repo: { owner, repo}, runId, serverUrl } = context          
+          const { JOB_NAME, SHA } = process.env
+
+          const job = await github.rest.actions.listJobsForWorkflowRun({
+            owner,
+            repo,
+            run_id: runId,
+            per_page: 100
+          }).then(r => r.data.jobs.find(j => j.name.endsWith(JOB_NAME)))
+
+          return [
+            `This check is assosciated with ${serverUrl}/${owner}/${repo}/commit/${SHA}.`,
+            'Run logs:',
+            job?.html_url || `could not be found for a job ending with: "${JOB_NAME}"`,
+          ].join(' ')
+    - name: Create Check
+      uses: LouisBrunner/checks-action@v1.6.0
+      id: create-check
+      with:
+        token: ${{ inputs.token }}
+        sha: ${{ inputs.sha }}
+        status: in_progress
+        name: ${{ inputs.check-name || inputs.name }}
+        output: |
+          {"summary":"${{ steps.workflow.outputs.result }}"}

.github/actions/install-latest-npm/action.yml

@@ -0,0 +1,58 @@
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+name: 'Install Latest npm'
+description: 'Install the latest version of npm compatible with the Node version'
+inputs:
+  node:
+    description: 'Current Node version'
+    required: true
+runs:
+  using: "composite"
+  steps:
+    # node 10/12/14 ship with npm@6, which is known to fail when updating itself in windows
+    - name: Update Windows npm
+      if: |
+        runner.os == 'Windows' && (
+          startsWith(inputs.node, 'v10.') ||
+          startsWith(inputs.node, 'v12.') ||
+          startsWith(inputs.node, 'v14.')
+        )
+      shell: cmd
+      run: |
+        curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz
+        tar xf npm-7.5.4.tgz
+        cd package
+        node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz
+        cd ..
+        rmdir /s /q package
+    - name: Install Latest npm
+      shell: bash
+      env:
+        NODE_VERSION: ${{ inputs.node }}
+      working-directory: ${{ runner.temp }}
+      run: |
+        MATCH=""
+        SPECS=("latest" "next-10" "next-9" "next-8" "next-7" "next-6")
+
+        echo "node@$NODE_VERSION"
+
+        for SPEC in ${SPECS[@]}; do
+          ENGINES=$(npm view npm@$SPEC --json | jq -r '.engines.node')
+          echo "Checking if node@$NODE_VERSION satisfies npm@$SPEC ($ENGINES)"
+
+          if npx semver -r "$ENGINES" "$NODE_VERSION" > /dev/null; then
+            MATCH=$SPEC
+            echo "Found compatible version: npm@$MATCH"
+            break
+          fi  
+        done
+
+        if [ -z $MATCH ]; then
+          echo "Could not find a compatible version of npm for node@$NODE_VERSION"
+          exit 1
+        fi
+
+        npm i --prefer-online --no-fund --no-audit -g npm@$MATCH
+    - name: npm Version
+      shell: bash
+      run: npm -v

.github/workflows/audit.yml

@@ -29,52 +29,10 @@ jobs:
         with:
           node-version: 20.x
           check-latest: contains('20.x', '.x')
-
-      # node 10/12/14 ship with npm@6, which is known to fail when updating itself in windows
-      - name: Update Windows npm
-        if: |
-          matrix.platform.os == 'windows-latest' && (
-            startsWith(steps.node.outputs.node-version, 'v10.') || startsWith(steps.node.outputs.node-version, 'v12.') || startsWith(steps.node.outputs.node-version, 'v14.')
-          )
-        run: |
-          curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz
-          tar xf npm-7.5.4.tgz
-          cd package
-          node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz
-          cd ..
-          rmdir /s /q package
-
-      # Start on Node 10 because we dont test on anything lower
-      - name: Install npm@7 on Node 10
-        shell: bash
-        if: startsWith(steps.node.outputs.node-version, 'v10.')
-        id: npm-7
-        run: |
-          npm i --prefer-online --no-fund --no-audit -g npm@7
-          echo "updated=true" >> "$GITHUB_OUTPUT"
-
-      - name: Install npm@8 on Node 12
-        shell: bash
-        if: startsWith(steps.node.outputs.node-version, 'v12.')
-        id: npm-8
-        run: |
-          npm i --prefer-online --no-fund --no-audit -g npm@8
-          echo "updated=true" >> "$GITHUB_OUTPUT"
-
-      - name: Install npm@9 on Node 14/16/18.0
-        shell: bash
-        if: startsWith(steps.node.outputs.node-version, 'v14.') || startsWith(steps.node.outputs.node-version, 'v16.') || startsWith(steps.node.outputs.node-version, 'v18.0.')
-        id: npm-9
-        run: |
-          npm i --prefer-online --no-fund --no-audit -g npm@9
-          echo "updated=true" >> "$GITHUB_OUTPUT"
-
-      - name: Install npm@latest on Node
-        if: ${{ !(steps.npm-7.outputs.updated || steps.npm-8.outputs.updated || steps.npm-9.outputs.updated) }}
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
-
-      - name: npm Version
-        run: npm -v
+      - name: Install Latest npm
+        uses: ./.github/actions/install-latest-npm
+        with:
+          node: ${{ steps.node.outputs.node-version }}
       - name: Install Dependencies
         run: npm i --ignore-scripts --no-audit --no-fund --package-lock
       - name: Run Production Audit