Last active
April 14, 2023 22:22
-
-
Save unicornware/48a2e88a33301ea3161faa9b548588d7 to your computer and use it in GitHub Desktop.
GitHub Workflows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add To Project | |
# | |
# Add new issues and pull requests to the project board. | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#issues | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#issues | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://github.com/actions/add-to-project | |
--- | |
name: add-to-project | |
on: | |
issues: | |
types: | |
- opened | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
jobs: | |
add-to-project: | |
runs-on: ubuntu-latest | |
steps: | |
- id: add-item | |
name: Add ${{ format('#{0}', github.event.number) }} to project | |
uses: actions/add-to-project@v0.5.0 | |
with: | |
github-token: ${{ secrets.PAT_REPO }} | |
project-url: | | |
${{ format('{0}/orgs/{1}/projects/{2}', github.server_url, github.repository_owner, secrets.GH_PROJECT_ID) }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Approve Pull Request | |
# | |
# Automatically approve a pull request when a review is requested from @flexdevelopment by certain | |
# users. | |
# | |
# References: | |
# | |
# - https://cli.github.com/manual/gh_pr_review | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/using-github-cli-in-workflows | |
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://github.com/actions/checkout | |
# - https://github.com/hmarr/debug-action | |
--- | |
name: approve-pr | |
on: | |
pull_request: | |
types: | |
- review_requested | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_BOT }} | |
jobs: | |
approve-pr: | |
runs-on: ubuntu-latest | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout ${{ github.head_ref }} | |
uses: actions/checkout@v3.5.2 | |
with: | |
persist-credentials: false | |
ref: ${{ github.head_ref }} | |
- id: requested-reviewers | |
name: Get requested reviewers | |
run: | | |
echo "result=${{ join(github.event.pull_request.requested_reviewers.*.login, ',') }}" >>$GITHUB_OUTPUT | |
- id: approve | |
name: Approve pull request | |
if: | | |
contains(steps.requested-reviewers.outputs.result, 'flexdevelopment') | |
&& (github.actor == 'dependabot[bot]' || github.actor == 'unicornware') | |
run: gh pr review ${{ github.event.number }} --approve --body 'lgtm 👍🏾' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Pull request auto-merge | |
# | |
# Automatically merge pull requests after requirements are met. | |
# | |
# References: | |
# | |
# - https://cli.github.com/manual/gh_pr_merge | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/using-github-cli-in-workflows | |
# - https://docs.github.com/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://github.com/actions/checkout | |
# - https://github.com/hmarr/debug-action | |
--- | |
name: auto-merge | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_REPO }} | |
jobs: | |
auto-merge: | |
if: github.event.pull_request.auto_merge == null && github.event.pull_request.draft == false | |
runs-on: ubuntu-latest | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout ${{ github.head_ref }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ github.head_ref }} | |
- id: enable | |
name: Enable auto-merge | |
run: gh pr merge ${{ github.event.number }} --auto --squash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Cache Cleanup | |
# | |
# Delete caches when a pull request is closed or on workflow dispatch. | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-workflows/caching-dependencies-to-speed-up-workflows#force-deleting-cache-entries | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/actions/using-workflows/using-github-cli-in-workflows | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/actions/checkout | |
# - https://github.com/actions/gh-actions-cache | |
# - https://github.com/hmarr/debug-action | |
--- | |
name: cache-cleanup | |
on: | |
pull_request: | |
types: | |
- closed | |
workflow_dispatch: | |
inputs: | |
all: | |
default: false | |
description: delete caches without filtering by branch | |
type: boolean | |
permissions: | |
actions: write | |
env: | |
BRANCH: | | |
${{ github.event.number && format('refs/pull/{0}/merge', github.event.number) || github.ref }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ format('refs/heads/{0}', github.head_ref || github.ref_name) }} | |
jobs: | |
cache-cleanup: | |
runs-on: ubuntu-latest | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout main | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: main | |
- id: gh-actions-cache | |
name: Install actions/gh-actions-cache | |
run: gh extension install actions/gh-actions-cache | |
- id: cleanup | |
name: Delete caches${{ !inputs.all && format(' created by {0}', env.BRANCH) || '' }} | |
env: | |
BRANCH_FILTER: ${{ !inputs.all && format('--branch {0}', env.BRANCH) || '' }} | |
run: | | |
# prevent workflow failure while deleting cache keys | |
set +e | |
# delete all caches or caches created by ${{ env.BRANCH }} | |
for key in $(gh actions-cache list $BRANCH_FILTER --limit 100 | cut -f 1); do | |
gh actions-cache delete $key $BRANCH_FILTER --confirm | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Continuous Integration | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/GitGuardian/ggshield-action | |
# - https://github.com/actions/cache | |
# - https://github.com/actions/cache/discussions/650 | |
# - https://github.com/actions/checkout | |
# - https://github.com/actions/setup-node | |
# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration | |
# - https://github.com/actions/upload-artifact | |
# - https://github.com/andstor/file-existence-action | |
# - https://github.com/codecov/codecov-action | |
# - https://github.com/hmarr/debug-action | |
# - https://yarnpkg.com/cli/pack | |
--- | |
name: ci | |
on: | |
pull_request: | |
push: | |
branches: | |
- feat/** | |
- hotfix/** | |
- main | |
- release/** | |
workflow_dispatch: | |
permissions: | |
contents: read | |
packages: read | |
env: | |
CACHE_PATH: node_modules | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HUSKY: 0 | |
REF: ${{ github.head_ref || github.ref }} | |
REF_NAME: ${{ github.head_ref || github.ref_name }} | |
SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.ref }} | |
jobs: | |
preflight: | |
if: | | |
github.event.head_commit.author.name != 'dependabot[bot]' | |
&& github.event.head_commit.author.username != 'flexdevelopment' | |
&& !startsWith(github.event.head_commit.message, 'release:') | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.version.outputs.result }} | |
version-typescript: ${{ steps.version-typescript.outputs.result }} | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: yarn | |
name: Install dependencies | |
run: yarn ${{ github.actor == 'dependabot[bot]' && '--no-immutable' || '--immutable' }} | |
- id: cache | |
name: Cache dependencies | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: version | |
name: Get package version | |
run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT | |
- id: version-typescript | |
name: Get TypeScript version | |
run: echo "result=$(jq .devDependencies.typescript package.json -r)" >>$GITHUB_OUTPUT | |
commitlint: | |
needs: preflight | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: lint | |
name: Check commitlint status | |
if: github.run_number != '1' | |
run: yarn commitlint --from $SHA~${{ github.event.pull_request.commits || 1 }} --to $SHA | |
gitguardian: | |
needs: commitlint | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: scan | |
name: Scan commits for secrets and policy breaches | |
uses: GitGuardian/ggshield-action@master | |
with: | |
args: --all-policies --show-secrets --verbose | |
env: | |
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }} | |
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }} | |
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }} | |
format: | |
needs: | |
- commitlint | |
- gitguardian | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: format | |
name: Check code formatting | |
run: yarn check:format | |
lint: | |
needs: | |
- commitlint | |
- gitguardian | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: lint | |
name: Check lint status | |
run: yarn check:lint | |
spelling: | |
needs: | |
- commitlint | |
- gitguardian | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: spelling | |
name: Check spelling | |
run: yarn check:spelling | |
typescript: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
typescript-version: | |
- ${{ needs.preflight.outputs.version-typescript }} | |
- latest | |
- ~4.9.0 | |
- ~4.8.0 | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: test-files-check | |
name: Check for typecheck files | |
uses: andstor/file-existence-action@v2.0.0 | |
with: | |
files: '**/__tests__/*.spec-d.ts' | |
- id: node | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Restore dependencies cache | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: typescript | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Install typescript@${{ matrix.typescript-version }} | |
run: yarn add -D typescript@${{ matrix.typescript-version }} | |
- id: set-typescript-version | |
name: Set env.TYPESCRIPT_VERSION | |
run: | | |
echo "TYPESCRIPT_VERSION=$(jq .devDependencies.typescript package.json -r)" >>$GITHUB_ENV | |
- id: print-typescript-version | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Print TypeScript version | |
run: echo $TYPESCRIPT_VERSION | |
- id: typecheck | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Run typecheck | |
run: yarn typecheck | |
test: | |
needs: | |
- commitlint | |
- gitguardian | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: | |
- 19 | |
- 18 | |
- 16 | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: test-files-check | |
name: Check for test files | |
uses: andstor/file-existence-action@v2.0.0 | |
with: | |
files: '**/__tests__/*.spec.+(ts|tsx)' | |
- id: node | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Setup Node.js v${{ matrix.node-version }} | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version: ${{ matrix.node-version }} | |
- id: cache | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Restore dependencies cache | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: test | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
name: Run tests | |
run: yarn test:cov --segfault-retry=3 | |
- id: codecov | |
name: Upload coverage report to Codecov | |
if: steps.test-files-check.outputs.files_exists == 'true' | |
uses: codecov/codecov-action@v3.1.1 | |
with: | |
env_vars: GITHUB_JOB,GITHUB_REF,GITHUB_REF_TYPE,GITHUB_RUN_ID,GITHUB_SHA,GITHUB_WORKSPACE | |
fail_ci_if_error: true | |
file: ./coverage/lcov.info | |
flags: ${{ format('node{0}', matrix.node-version) }} | |
override_branch: ${{ env.REF }} | |
override_build: ${{ github.run_id }} | |
override_commit: ${{ env.SHA }} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
verbose: true | |
env: | |
GITHUB_JOB: ${{ github.job }} | |
GITHUB_REF: ${{ github.ref }} | |
GITHUB_REF_TYPE: ${{ github.ref_type }} | |
GITHUB_RUN_ID: ${{ github.run_id }} | |
GITHUB_SHA: ${{ env.SHA }} | |
GITHUB_WORKSPACE: ${{ github.workspace }} | |
build: | |
needs: | |
- commitlint | |
- gitguardian | |
- preflight | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: cache | |
name: Restore dependencies cache | |
uses: actions/cache@v3.3.1 | |
with: | |
key: ${{ runner.os }}-${{ github.run_id }} | |
path: ${{ env.CACHE_PATH }} | |
- id: pack | |
name: Pack project | |
run: yarn pack -o %s-%v.tgz | |
- id: typecheck | |
name: Run typecheck | |
run: yarn check:types:build | |
- id: pkg-size-report | |
name: Package size report | |
run: yarn pkg-size | |
- id: archive | |
name: Archive production artifacts | |
uses: actions/upload-artifact@v3.1.2 | |
with: | |
name: | | |
${{ format('@{0}-{1}-{2}', github.repository_owner, github.event.repository.name, needs.preflight.outputs.version) }} | |
path: '*.tgz' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Dependabot Auto | |
# | |
# Enable auto-merge and approve pull requests authored by @dependabot. | |
# | |
# Note: @dependabot generates Yarn v1 lockfiles despite this project using a different Yarn version. | |
# This corrupts the project lockfile. A workaround has been implemented to autofix lockfile format | |
# and deduplicate dependencies. Check https://github.com/dependabot/dependabot-core/issues/1297 for | |
# details pertaining to the safe removal of this workflow. | |
# | |
# References: | |
# | |
# - https://cli.github.com/manual/gh_pr_merge | |
# - https://cli.github.com/manual/gh_pr_review | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/using-github-cli-in-workflows | |
# - https://docs.github.com/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://github.com/actions/checkout | |
# - https://github.com/crazy-max/ghaction-import-gpg | |
# - https://github.com/dependabot/fetch-metadata | |
# - https://github.com/hmarr/debug-action | |
--- | |
name: dependabot-auto | |
on: pull_request | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_BOT }} | |
YARN_ENABLE_IMMUTABLE_INSTALLS: false | |
jobs: | |
dependabot-auto: | |
if: github.actor == 'dependabot[bot]' || github.actor == 'flexdevelopment' | |
runs-on: ubuntu-latest | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: metadata | |
name: Fetch metadata | |
uses: dependabot/fetch-metadata@v1.3.6 | |
with: | |
skip-commit-verification: true | |
- id: checkout | |
name: Checkout ${{ github.head_ref }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: ${{ steps.metadata.outputs.package-ecosystem == 'npm_and_yarn' }} | |
ref: ${{ github.head_ref }} | |
token: ${{ env.GITHUB_TOKEN }} | |
- id: gpg-import | |
name: Import GPG key | |
if: steps.metadata.outputs.package-ecosystem == 'npm_and_yarn' | |
uses: crazy-max/ghaction-import-gpg@v5.2.0 | |
with: | |
git_commit_gpgsign: true | |
git_config_global: true | |
git_user_signingkey: true | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
# todo: remove when https://github.com/crazy-max/ghaction-import-gpg/issues/118 is resolved | |
- id: gpg-trust | |
name: Set trust on GPG key | |
if: steps.metadata.outputs.package-ecosystem == 'npm_and_yarn' | |
run: | | |
gpg --no-tty --command-fd 0 --edit-key ${{ steps.gpg-import.outputs.keyid }} << EOTRUST | |
trust | |
5 | |
y | |
quit | |
EOTRUST | |
- id: lockfile-fix | |
name: Fix yarn.lock | |
if: steps.metadata.outputs.package-ecosystem == 'npm_and_yarn' | |
run: yarn --mode=update-lockfile | |
- id: dedupe | |
name: Deduplicate dependencies | |
if: steps.metadata.outputs.package-ecosystem == 'npm_and_yarn' | |
run: yarn dedupe --mode=update-lockfile | |
- id: lockfile-push | |
name: Push yarn.lock | |
if: steps.metadata.outputs.package-ecosystem == 'npm_and_yarn' | |
env: | |
GIT_AUTHOR_EMAIL: ${{ steps.gpg-import.outputs.email }} | |
GIT_COMMITTER_EMAIL: ${{ steps.gpg-import.outputs.email }} | |
COMMIT_MESSAGE: 'build(yarn): [dependabot skip] fix lockfile for @dependabot' | |
run: | | |
git add yarn.lock | |
git status | |
git diff-index --quiet HEAD || git commit -s -m "$COMMIT_MESSAGE" && git push -f | |
- id: approve-pr | |
name: Approve pull request containing minor or patch updates | |
if: steps.metadata.outputs.update-type != 'version-update:semver-major' | |
run: gh pr review ${{ github.event.number }} --approve |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Repository Infrastructure Management | |
# | |
# Update repository infrastructure on `push` or `workflow_dispatch` when the infrastructure config | |
# file (or this workflow) is updated. The user triggering the workflow run (`github.actor`) must be | |
# a repository admin. | |
# | |
# Note: The permissions of `github.actor` is checked because workflow re-runs will reuse the | |
# privileges of `github.actor` even if the actor initiating the re-run (`github.triggering_actor`) | |
# has different privileges. | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/actions-cool/check-user-permission | |
# - https://github.com/actions/checkout | |
# - https://github.com/flex-development/rice-action | |
# - https://github.com/hmarr/debug-action | |
--- | |
name: infrastructure | |
on: | |
push: | |
branches: | |
- main | |
- release/** | |
paths: | |
- .github/infrastructure.yml | |
- .github/workflows/infrastructure.yml | |
workflow_dispatch: | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.ref }} | |
jobs: | |
infrastructure: | |
runs-on: ubuntu-latest | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: check-actor-permission | |
name: Check @${{ github.actor }} permission level | |
uses: actions-cool/check-user-permission@v2.2.0 | |
with: | |
require: admin | |
username: ${{ github.actor }} | |
- id: checkout | |
name: Checkout ${{ github.ref_name }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ github.ref }} | |
- id: update | |
if: steps.check-actor-permission.outputs.require-result == 'true' | |
name: Update repository infrastructure | |
uses: flex-development/rice-action@1.0.0 | |
with: | |
token: ${{ secrets.PAT_REPO }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Integrity Check | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/actions/checkout | |
# - https://yarnpkg.com/cli/dedupe | |
--- | |
name: integrity | |
on: | |
pull_request: | |
paths: | |
- .github/workflows/integrity.yml | |
- .yarnrc.yml | |
- yarn.lock | |
types: | |
- opened | |
- reopened | |
- synchronize | |
push: | |
branches: | |
- main | |
paths: | |
- .github/workflows/integrity.yml | |
- .yarnrc.yml | |
- yarn.lock | |
workflow_dispatch: | |
permissions: | |
packages: read | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.ref }} | |
jobs: | |
integrity: | |
if: github.actor != 'dependabot[bot]' | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout ${{ github.head_ref || github.ref_name }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ github.head_ref || github.ref }} | |
- id: dedupe-check | |
name: Check for duplicate dependencies in lockfile | |
run: yarn dedupe --check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Label Linked Issues | |
# | |
# Add the `status:merged`, `status:prereleased`, or `status:released` label to a pull request's | |
# linked issues when a pull request is merged into `main` or on workflow dispatch. | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions | |
# - https://docs.github.com/graphql/reference/objects#pullrequest | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/actions/github-script | |
# - https://github.com/hmarr/debug-action | |
# - https://github.com/octokit/graphql-action | |
--- | |
name: label-linked-issues | |
on: | |
pull_request: | |
branches: | |
- main | |
types: | |
- closed | |
workflow_dispatch: | |
inputs: | |
pr: | |
description: pull request number | |
required: true | |
type: number | |
permissions: | |
issues: write | |
jobs: | |
label-linked-issues: | |
if: github.event_name == 'workflow_dispatch' || github.event.pull_request.merged | |
runs-on: ubuntu-latest | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout main | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: main | |
- id: version | |
name: Get project version | |
run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT | |
- id: query | |
name: Query linked issues | |
uses: octokit/graphql-action@v2.2.23 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
query: | | |
query ($limit: Int = 20, $owner: String!, $pr: Int!, $repo: String!) { | |
repository(name: $repo, owner: $owner) { | |
pullRequest(number: $pr) { | |
closingIssuesReferences( | |
first: $limit | |
orderBy: { direction: ASC, field: CREATED_AT } | |
) { | |
edges { | |
node { | |
number | |
} | |
} | |
} | |
} | |
} | |
} | |
owner: ${{ github.repository_owner }} | |
pr: ${{ inputs.pr || github.event.number }} | |
repo: ${{ github.event.repository.name }} | |
- id: label | |
name: Label linked issues | |
uses: actions/github-script@v6.4.1 | |
env: | |
DATA: ${{ steps.query.outputs.data }} | |
PRERELEASE: ${{ contains(steps.version.outputs.result, '-') }} | |
RELEASE_BRANCH: ${{ contains(github.head_ref || github.ref_name, 'release/') }} | |
with: | |
script: | | |
const { closingIssuesReferences } = JSON.parse(process.env.DATA).repository.pullRequest | |
const issues = closingIssuesReferences.edges.map(edge => edge.node.number) | |
const release = JSON.parse(process.env.RELEASE_BRANCH || 'false') | |
const prerelease = JSON.parse(process.env.PRERELEASE || 'false') | |
for (const issue_number of issues) { | |
await github.rest.issues.addLabels({ | |
...context.repo, | |
issue_number, | |
labels: [release ? `status:${prerelease ? 'pre' : ''}released` : 'status:merged'] | |
}) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Lock Inactive Threads | |
# | |
# References: | |
# | |
# - https://github.com/dessant/lock-threads | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#schedule | |
--- | |
name: lock-inactive-threads | |
on: | |
schedule: | |
- cron: 0 0 * * * | |
permissions: | |
issues: write | |
pull-requests: write | |
jobs: | |
lock-inactive-threads: | |
runs-on: ubuntu-latest | |
steps: | |
- id: lock | |
name: Lock inactive issues and pull requests | |
uses: dessant/lock-threads@v4.0.0 | |
with: | |
issue-comment: | | |
This issue has been automatically locked since there has not been any recent activity | |
after it was closed. Please open a new issue for related bugs or features. Be sure to | |
reference this issue. | |
issue-inactive-days: 60 | |
pr-comment: | | |
This pull request has been automatically locked since there has not been any recent | |
activity after it was closed. Please open a new issue for related bugs or features. Be | |
sure to reference this issue. | |
pr-inactive-days: 60 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# No Response | |
# | |
# Closes issues that don't have enough information to be actionable. | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#issue_comment | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#schedule | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment | |
# - https://github.com/lee-dohm/no-response | |
--- | |
name: no-response | |
on: | |
issue_comment: | |
types: | |
- created | |
schedule: | |
# five minutes after the hour, every hour | |
- cron: 5 * * * * | |
permissions: | |
issues: write | |
jobs: | |
no-response: | |
runs-on: ubuntu-latest | |
steps: | |
- id: close-issues | |
name: Closes issues missing actionable info | |
uses: lee-dohm/no-response@v0.5.0 | |
with: | |
closeComment: | | |
This issue has been automatically closed because there has been no response to our | |
request for more information from the original author. With only the information that is | |
currently available, there isn't enough information to take action. Please reach out if | |
you have or find the answers needed so next steps, if any, can be determined. | |
daysUntilClose: 14 | |
responseRequiredLabel: status:awaiting-answers | |
token: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Publish | |
# | |
# Cross-publish package to GitHub Package Registry and NPM when a GitHub release is published or on | |
# workflow dispatch. | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#release | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#release | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/actions/checkout | |
# - https://github.com/actions/setup-node | |
# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration | |
# - https://github.com/hmarr/debug-action | |
--- | |
name: publish | |
on: | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: release tag | |
required: true | |
type: string | |
env: | |
REF: ${{ format('refs/tags/{0}', inputs.tag || github.event.release.tag_name) }} | |
TAG: ${{ inputs.tag || github.event.release.tag_name }} | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ inputs.tag || github.event.release.tag_name }} | |
jobs: | |
preflight: | |
permissions: | |
contents: read | |
runs-on: ubuntu-latest | |
outputs: | |
publish-command: ${{ steps.publish-command.outputs.result }} | |
version: ${{ steps.version.outputs.result }} | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout ${{ env.TAG }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: version | |
name: Get package version | |
run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT | |
- id: artifact | |
name: Get release artifact download URL | |
run: | | |
echo "result=${{ github.event_name == 'release' && github.event.release.assets[0].browser_download_url || format('{0}/{1}/releases/download/{2}/%40{3}-{4}-{5}.tgz', github.server_url, github.repository, env.TAG, github.repository_owner, github.event.repository.name, steps.version.outputs.result) }}" >>$GITHUB_OUTPUT | |
- id: dist-tag | |
name: Get dist tag | |
uses: flex-development/dist-tag-action@1.1.2 | |
with: | |
target: ${{ steps.version.outputs.result }} | |
- id: publish-command | |
name: Get publish command | |
env: | |
ARTIFACT: ${{ steps.artifact.outputs.result }} | |
FLAGS: ${{ steps.dist-tag.outputs.flag }} | |
run: echo "result=npm publish $ARTIFACT $FLAGS" >>$GITHUB_OUTPUT | |
gpr: | |
needs: preflight | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
environment: | |
name: gpr | |
url: | | |
${{ format('{0}/{1}/pkgs/npm/{2}', github.server_url, github.repository, | |
github.event.repository.name) }} | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.TAG }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: npmrc-cleanup | |
name: Remove stale .npmrc file | |
run: rm .npmrc | |
- id: npmrc | |
name: Setup .npmrc file | |
uses: actions/setup-node@v3.6.0 | |
with: | |
always-auth: true | |
node-version-file: .nvmrc | |
registry-url: https://npm.pkg.github.com | |
scope: ${{ github.repository_owner }} | |
- id: npmrc-print | |
name: Print contents of .npmrc file | |
run: cat $NPM_CONFIG_USERCONFIG | |
- id: publish | |
name: Publish package | |
run: ${{ needs.preflight.outputs.publish-command }} | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
npm: | |
needs: | |
- gpr | |
- preflight | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
environment: | |
name: npm | |
url: | | |
${{ format('https://npmjs.com/package/@{0}/v/{1}', github.repository, | |
needs.preflight.outputs.version) }} | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.TAG }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ env.REF }} | |
- id: npmrc-cleanup | |
name: Remove stale .npmrc file | |
run: rm .npmrc | |
- id: npmrc | |
name: Setup .npmrc file | |
uses: actions/setup-node@v3.6.0 | |
with: | |
always-auth: true | |
node-version-file: .nvmrc | |
registry-url: https://registry.npmjs.org | |
scope: ${{ github.repository_owner }} | |
- id: npmrc-print | |
name: Print contents of .npmrc file | |
run: cat $NPM_CONFIG_USERCONFIG | |
- id: publish | |
name: Publish package | |
run: ${{ needs.preflight.outputs.publish-command }} | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Release | |
# | |
# Publish a GitHub release on release branch merge or workflow dispatch. | |
# | |
# References: | |
# | |
# - https://cli.github.com/manual/gh_release_create | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/learn-github-actions/expressions | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/actions/using-workflows/using-github-cli-in-workflows | |
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://git-scm.com/book/en/v2/Git-Basics-Tagging | |
# - https://github.com/actions/checkout | |
# - https://github.com/bdougie/close-issues-based-on-label | |
# - https://github.com/crazy-max/ghaction-import-gpg | |
# - https://github.com/flex-development/dist-tag-action | |
# - https://github.com/hmarr/debug-action | |
# - https://yarnpkg.com/cli/pack | |
--- | |
name: release | |
on: | |
pull_request: | |
branches: | |
- main | |
types: | |
- closed | |
workflow_dispatch: | |
inputs: | |
sha: | |
description: release commit sha | |
required: true | |
type: string | |
env: | |
REF: ${{ inputs.sha || github.event.pull_request.merge_commit_sha }} | |
REF_NAME: ${{ format('main@{0}', inputs.sha || github.event.pull_request.merge_commit_sha) }} | |
jobs: | |
preflight: | |
if: | | |
(github.event.pull_request.merged && startsWith(github.head_ref, 'release/')) || | |
(github.event_name == 'workflow_dispatch' && github.ref_name == 'main') | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
outputs: | |
prerelease: ${{ steps.dist-tag.outputs.prerelease }} | |
tag: ${{ steps.tag.outputs.result }} | |
version: ${{ steps.version.outputs.result }} | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
ref: ${{ env.REF }} | |
- id: version | |
name: Get package version | |
run: echo "result=$(jq .version package.json -r)" >>$GITHUB_OUTPUT | |
- id: tag-prefix | |
name: Get release tag prefix | |
run: echo "result=$(jq .tagPrefix package.json -r)" >>$GITHUB_OUTPUT | |
- id: tag | |
name: Get release tag | |
run: | | |
echo "result=${{ format('{0}{1}', steps.tag-prefix.outputs.result, steps.version.outputs.result) }}" >>$GITHUB_OUTPUT | |
- id: dist-tag | |
name: Get dist tag | |
uses: flex-development/dist-tag-action@1.1.2 | |
with: | |
target: ${{ steps.version.outputs.result }} | |
publish: | |
needs: preflight | |
permissions: | |
contents: write | |
packages: read | |
runs-on: ubuntu-latest | |
environment: | |
name: release | |
url: | |
${{ format('{0}/{1}/releases/tag/{2}', github.server_url, github.repository, | |
needs.preflight.outputs.tag) }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HUSKY: 0 | |
NODE_ENV: production | |
NODE_NO_WARNINGS: 1 | |
NOTES_FILE: ./RELEASE_NOTES.md | |
PRERELEASE: ${{ needs.preflight.outputs.prerelease }} | |
TAG: ${{ needs.preflight.outputs.tag }} | |
steps: | |
- id: checkout | |
name: Checkout ${{ env.REF_NAME }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
fetch-depth: 0 | |
persist-credentials: true | |
ref: ${{ env.REF }} | |
- id: gpg-import | |
name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v5.2.0 | |
with: | |
git_config_global: true | |
git_tag_gpgsign: true | |
git_user_signingkey: true | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
# todo: remove when https://github.com/crazy-max/ghaction-import-gpg/issues/118 is resolved | |
- id: gpg-trust | |
name: Set trust on GPG key | |
run: | | |
gpg --no-tty --command-fd 0 --edit-key ${{ steps.gpg-import.outputs.keyid }} << EOTRUST | |
trust | |
5 | |
y | |
quit | |
EOTRUST | |
- id: yarn | |
name: Install dependencies | |
run: yarn | |
- id: pack | |
name: Pack project | |
run: yarn pack -o %s-%v.tgz | |
- id: release-notes | |
name: Generate release notes | |
run: yarn changelog --outfile $NOTES_FILE --write | |
- id: tag | |
name: Create annotated tag | |
env: | |
GIT_AUTHOR_EMAIL: ${{ steps.gpg-import.outputs.email }} | |
GIT_COMMITTER_EMAIL: ${{ steps.gpg-import.outputs.email }} | |
run: | | |
git tag --annotate --force --sign $TAG --message "release: $TAG" | |
git tag --verify $TAG | |
git push origin $TAG | |
- id: publish | |
name: Publish release | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_REPO }} | |
run: gh release create $TAG *.tgz -t=$TAG -p=$PRERELEASE -F=$NOTES_FILE | |
- id: close-issues | |
name: Close released issues | |
uses: bdougie/close-issues-based-on-label@master | |
env: | |
LABEL: status:${{ needs.preflight.outputs.prerelease && 'prereleased' || 'released' }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# TypeScript Canary Check | |
# | |
# Run type tests against the latest and next versions of TypeScript. | |
# | |
# References: | |
# | |
# - https://docs.github.com/actions/learn-github-actions/contexts | |
# - https://docs.github.com/actions/using-jobs/using-a-matrix-for-your-jobs | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#schedule | |
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | |
# - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions | |
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch | |
# - https://github.com/actions/checkout | |
# - https://github.com/actions/setup-node | |
# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration | |
# - https://github.com/hmarr/debug-action | |
# - https://vitest.dev/guide/testing-types.html#run-typechecking | |
--- | |
name: typescript-canary | |
on: | |
schedule: | |
# every day, 3 hours after typescript@next release | |
# https://github.com/microsoft/TypeScript/blob/v4.9.5/.github/workflows/nightly.yaml | |
- cron: 0 10 * * * | |
workflow_dispatch: | |
permissions: | |
contents: read | |
packages: read | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HUSKY: 0 | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.ref }} | |
jobs: | |
typescript-canary: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
typescript-version: | |
- next | |
- latest | |
steps: | |
- id: debug | |
name: Print environment variables and event payload | |
uses: hmarr/debug-action@v2.1.0 | |
- id: checkout | |
name: Checkout ${{ github.ref_name }} | |
uses: actions/checkout@v3.5.0 | |
with: | |
persist-credentials: false | |
ref: ${{ github.ref }} | |
- id: node | |
name: Setup Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
node-version-file: .nvmrc | |
- id: yarn | |
name: Install dependencies | |
run: yarn ${{ github.actor == 'dependabot[bot]' && '--no-immutable' || '--immutable' }} | |
- id: typescript | |
name: Install typescript@${{ matrix.typescript-version }} | |
run: yarn add -D typescript@${{ matrix.typescript-version }} | |
- id: set-typescript-version | |
name: Set env.TYPESCRIPT_VERSION | |
run: | | |
echo "TYPESCRIPT_VERSION=$(jq .devDependencies.typescript package.json -r)" >>$GITHUB_ENV | |
- id: print-typescript-version | |
name: Print TypeScript version | |
run: echo $TYPESCRIPT_VERSION | |
- id: build | |
name: Build project | |
run: yarn build | |
- id: typecheck | |
name: Run typecheck | |
run: yarn typecheck | |
- id: typecheck-build | |
name: Run typecheck-build | |
run: yarn check:types:build |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment