Skip to content
Node.js CI

chore: release version 0.3.0 #9

Sign in to view logs

chore: release version 0.3.0

chore: release version 0.3.0 #9

Workflow file for this run

.github/workflows/node.js.yml at cc86d30
# spellchecker:ignore: aquasecurity, htmlproofer, junitresults, martinbeentjes, nvmrc, vuln
name: "Node.js CI"
on:
push:
pull_request:
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Otherwise the commitlint checks would fail for `--from initial` since by default only the last commit is fetched
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: "npm"
registry-url: "https://registry.npmjs.org"
- name: Check for Git conflict markers
run: git diff --check
- name: Install NPM packages
run: npm ci
- name: Audit NPM package signatures # protects against attacks via a registry mirror or proxy (https://docs.npmjs.com/about-registry-signatures)
run: npm audit signatures
- name: Check commit messages (commitlint)
run: npx commitlint --from initial_algebra.ts --to HEAD # don't check commits from before the fork
- name: Check spelling (CSpell)
run: npx cspell --dot .
- name: Check formatting (Prettier)
run: npx prettier --check .
- name: Lint Markdown (markdownlint)
run: npx markdownlint-cli2 '**/*.md' '#node_modules'
- name: Lint JavaScript (ESLint)
run: npx eslint --max-warnings=0 .
- name: Test (Jest)
run: npm run test:ci
- name: Coverage (Jest to Coveralls)
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
run: npm run coveralls
- name: Build
run: npm run build
- name: get-npm-version
if: ${{ github.ref_type == 'tag' }}
id: package-version
uses: martinbeentjes/npm-get-version-action@v1.3.1
- name: Upload build artifact for Git tags
if: ${{ github.ref_type == 'tag' }}
uses: actions/upload-artifact@v4
with:
name: algebra-${{ steps.package-version.outputs.current-version }}.ts
path: "dist/algebra-${{ steps.package-version.outputs.current-version }}.*"
- name: Publish to NPM
if: ${{ github.ref_type == 'tag' }}
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Test summary
if: always()
uses: test-summary/action@v2.3
with:
paths: .jest-results/junit.xml
check_documentation:
name: check documentation
runs-on: ubuntu-latest
defaults:
run:
working-directory: docs
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
working-directory: docs
- name: Generate documentation
run: bundle exec jekyll build --strict_front_matter --destination ./_site/algebra.ts --baseurl /algebra.ts # use `destination` to simulate non-root hosting for `htmlproofer`
- name: Check documentation (html-proofer)
run: bundle exec htmlproofer --typhoeus='{"headers":{"User-Agent":"Mozilla/5.0 (compatible; GitHub build HTML checker)"}}' ./_site # Some sites block the default `html-proofer` user agent. Since the builds and their resulting checks are infrequent, this workaround should be acceptable.
security_scan:
name: security scan
runs-on: ubuntu-latest
needs: build
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: "npm"
- name: Install project production dependencies
run: npm install --omit=dev --ignore-scripts # `--ignore-scripts` is needed because normally the dev dependencies are installed including Husky but they are omitted for the security scan and `scripts.prepare` in `package.json` runs `husky install`.
- name: Run security scan with Trivy
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
scanners: vuln,secret,config
format: table
exit-code: 1