refactor: Security upgrade package-json from 7.0.0 to 8.0.0 #2502
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [ release, alpha, beta, next-major ] | |
pull_request: | |
branches: | |
- '**' | |
env: | |
NODE_VERSION: 20.11.1 | |
jobs: | |
check-ci: | |
name: Node Engine Check | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ env.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- name: CI Node Engine Check | |
run: npm run ci:checkNodeEngine | |
check-lint: | |
name: Lint | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ env.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- run: npm run lint | |
check-circular: | |
name: Circular Dependencies | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ env.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- name: Scan for circular dependencies | |
run: npm run madge:circular | |
check-docker: | |
strategy: | |
matrix: | |
include: | |
- name: Docker linux/amd64 | |
DOCKER_PLATFORM: linux/amd64 | |
RUNNER_TYPE: ubuntu-latest | |
# - name: Docker linux/arm64/v8 | |
# DOCKER_PLATFORM: linux/arm64/v8 | |
# # Replace this with a native arm linux runner when available, presumably by EOY 2024, see: | |
# # https://github.com/orgs/community/discussions/19197#discussioncomment-10550689 | |
# # The conditional setup of QEMU may need to be adapted to not run on native arm, | |
# # which will speed up the build process for arm64/v8 since no emulation will be needed. | |
# RUNNER_TYPE: ubuntu-latest | |
fail-fast: false | |
name: ${{ matrix.name }} | |
timeout-minutes: 45 | |
runs-on: ${{ matrix.RUNNER_TYPE }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
# Only set up QEMU if not running on native arm | |
if: ${{ matrix.DOCKER_PLATFORM != 'linux/amd64' && matrix.RUNNER_TYPE == 'ubuntu-latest' }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
install: true | |
- name: Build docker image | |
uses: docker/build-push-action@v3 | |
with: | |
platforms: ${{ matrix.DOCKER_PLATFORM }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
check-lock-file-version: | |
name: NPM Lock File Version | |
timeout-minutes: 5 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Check NPM lock file version | |
uses: mansona/npm-lockfile-version@v1 | |
with: | |
version: 3 | |
check-build: | |
strategy: | |
matrix: | |
include: | |
- name: Node 18 | |
NODE_VERSION: 18.20.4 | |
- name: Node 20 | |
NODE_VERSION: 20.18.0 | |
- name: Node 22 | |
NODE_VERSION: 22.9.0 | |
fail-fast: false | |
name: ${{ matrix.name }} | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
env: | |
NODE_VERSION: ${{ matrix.NODE_VERSION }} | |
steps: | |
- name: Determine major node version | |
id: node | |
run: | | |
node_major=$(echo "${{ matrix.NODE_VERSION }}" | cut -d'.' -f1) | |
echo "::set-output name=node_major::$(echo $node_major)" | |
- name: Fix usage of insecure GitHub protocol | |
run: sudo git config --system url."https://github".insteadOf "git://github" | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ matrix.NODE_VERSION }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ matrix.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci | |
- name: Tests | |
run: npm test | |
- name: Test bundles | |
run: ./scripts/before_script.sh | |
env: | |
CI: true | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true |