Test #1259
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI & Release | |
# Workflow name based on selected inputs. Fallback to default Github naming when expression evaluates to empty string | |
run-name: >- | |
${{ | |
inputs.release && 'Test ➤ Publish to NPM' || | |
'Test' | |
}} | |
on: | |
# Build on pushes branches that have a PR (including drafts) | |
pull_request: | |
# Build on commits pushed to branches without a PR if it's in the allowlist | |
push: | |
branches: [main] | |
# Also run as part of merge queues | |
merge_group: | |
# https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow | |
workflow_dispatch: | |
inputs: | |
release: | |
description: Release new version | |
required: true | |
default: false | |
type: boolean | |
concurrency: | |
# On PRs builds will cancel if new pushes happen before the CI completes, as it defines `github.head_ref` and gives it the name of the branch the PR wants to merge into | |
# Otherwise `github.run_id` ensures that you can quickly merge a queue of PRs without causing tests to auto cancel on any of the commits pushed to main. | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
permissions: | |
contents: read # for checkout | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
name: Lint & Build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
cache: npm | |
node-version: lts/* | |
- run: npm clean-install | |
- run: npm run lint | |
# But not the build script, as semantic-release will crash if this command fails so it makes sense to test it early | |
- run: npm run prepublishOnly | |
test: | |
needs: build | |
# The test matrix can be skipped, in case a new release needs to be fast-tracked and tests are already passing on main | |
runs-on: ${{ matrix.os }} | |
name: Node.js ${{ matrix.node }} / ${{ matrix.os }} | |
strategy: | |
# A test failing on windows doesn't mean it'll fail on macos. It's useful to let all tests run to its completion to get the full picture | |
fail-fast: false | |
matrix: | |
# Run the testing suite on each major OS with the latest LTS release of Node.js | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
node: [lts/*] | |
# It makes sense to also test the oldest, and latest, versions of Node.js, on ubuntu-only since it's the fastest CI runner | |
include: | |
- os: ubuntu-latest | |
# Test the oldest LTS release of Node that's still receiving bugfixes and security patches, versions older than that have reached End-of-Life | |
node: lts/-1 | |
# disabled for now, waiting for pkg-utils fix | |
# Test the actively developed version that will become the latest LTS release | |
# - os: ubuntu-latest | |
# node: current | |
steps: | |
# It's only necessary to do this for windows, as mac and ubuntu are sane OS's that already use LF | |
- name: Set git to use LF | |
if: matrix.os == 'windows-latest' | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
cache: npm | |
node-version: ${{ matrix.node }} | |
- run: npm install | |
- run: npm test | |
release: | |
permissions: | |
id-token: write # to enable use of OIDC for npm provenance | |
needs: [build, test] | |
# only run if opt-in during workflow_dispatch | |
if: always() && github.event.inputs.release == 'true' && needs.build.result != 'failure' && needs.test.result != 'failure' && needs.test.result != 'cancelled' | |
runs-on: ubuntu-latest | |
name: Semantic release | |
steps: | |
- uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ secrets.ECOSPARK_APP_ID }} | |
private-key: ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }} | |
- uses: actions/checkout@v4 | |
with: | |
# Need to fetch entire commit history to | |
# analyze every commit since last release | |
fetch-depth: 0 | |
# Uses generated token to allow pushing commits back when strict branch rules are used | |
token: ${{ steps.app-token.outputs.token }} | |
# Make sure the value of GITHUB_TOKEN will not be persisted in repo's config | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
cache: npm | |
node-version: lts/* | |
- run: npm clean-install | |
- run: npm audit signatures | |
# Branches that will release new versions are defined in .releaserc.json | |
- run: npx semantic-release | |
# Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state | |
# e.g. git tags were pushed but it exited before `npm publish` | |
if: always() | |
env: | |
NPM_CONFIG_PROVENANCE: true | |
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} |