From 3eee49d4ac00351b83d5743ede308fe60c387ec8 Mon Sep 17 00:00:00 2001 From: Divine Tettey Date: Wed, 5 Jun 2024 14:51:21 +0000 Subject: [PATCH 1/9] ci(dependency-review): Add depcheck to workflow for detecting unused dependencies --- .github/workflows/dependency-review.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index cefe8752..e044e1f8 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -18,4 +18,22 @@ jobs: fail-on-severity: high allow-licenses: MIT, Apache-2.0, BSD-3-Clause, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0 fail-on-scopes: development, runtime - allow-dependencies-licenses: 'pkg:npm/caniuse-lite' \ No newline at end of file + allow-dependencies-licenses: 'pkg:npm/caniuse-lite' + - name: 'Setup Node.js' + uses: actions/setup-node@v4 + with: + node-version: '18.x' + + - name: 'Install depcheck globally' + run: npm install -g depcheck + - name: 'Run depcheck' + run: | + depcheck_result=$(depcheck --oneline --skip-missing) + if [[ $depcheck_result == *"Unused dependencies"* ]] || [[ $depcheck_result == *"Unused devDependencies"* ]] + then + echo "Unused dependencies or devDependencies found." + echo "$depcheck_result" + exit 1 + fi + + \ No newline at end of file From 9af5654b6a2a50b5b9f6c0ee027de08377e07289 Mon Sep 17 00:00:00 2001 From: Divine Tettey Date: Fri, 7 Jun 2024 12:29:00 +0000 Subject: [PATCH 2/9] ci(dependency-review): simplify depcheck usage and add npm install step --- .github/workflows/dependency-review.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index e044e1f8..92eb6f14 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -23,17 +23,15 @@ jobs: uses: actions/setup-node@v4 with: node-version: '18.x' - + - name: 'Install dependencies' + run: npm install - name: 'Install depcheck globally' run: npm install -g depcheck - name: 'Run depcheck' run: | - depcheck_result=$(depcheck --oneline --skip-missing) - if [[ $depcheck_result == *"Unused dependencies"* ]] || [[ $depcheck_result == *"Unused devDependencies"* ]] - then + npx depcheck --skip-missing --ignores="@babel/*,@commitlint/*,eslint-*,husky,mocha" + echo $? + if [[ $? == 1 ]]; then echo "Unused dependencies or devDependencies found." - echo "$depcheck_result" exit 1 - fi - - \ No newline at end of file + fi \ No newline at end of file From 328c50559b5002c6987f2400d9613d6c67baccd1 Mon Sep 17 00:00:00 2001 From: Divine Tettey Date: Wed, 12 Jun 2024 17:46:34 +0000 Subject: [PATCH 3/9] ci(dependency-review): remove unnecessary npm install step --- .github/workflows/dependency-review.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 92eb6f14..5bae64c4 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -23,8 +23,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: '18.x' - - name: 'Install dependencies' - run: npm install - name: 'Install depcheck globally' run: npm install -g depcheck - name: 'Run depcheck' From 969b2c82c6ce9a71cf896bd6391253aec102c4b9 Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Thu, 13 Jun 2024 10:42:34 +0100 Subject: [PATCH 4/9] Update .github/workflows/dependency-review.yml --- .github/workflows/dependency-review.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5bae64c4..ba509ea8 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -23,8 +23,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: '18.x' - - name: 'Install depcheck globally' - run: npm install -g depcheck - name: 'Run depcheck' run: | npx depcheck --skip-missing --ignores="@babel/*,@commitlint/*,eslint-*,husky,mocha" From b9cf2f5a144cb30bc90b77e35798f38d46abfd60 Mon Sep 17 00:00:00 2001 From: Divine Tettey Date: Fri, 14 Jun 2024 11:38:28 +0000 Subject: [PATCH 5/9] ci(dependency-review): move unused dependencies check to separate workflow file --- .github/workflows/dependency-review.yml | 12 ----------- .github/workflows/unused-dependencies.yml | 26 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/unused-dependencies.yml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ba509ea8..893ee9bb 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -19,15 +19,3 @@ jobs: allow-licenses: MIT, Apache-2.0, BSD-3-Clause, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0 fail-on-scopes: development, runtime allow-dependencies-licenses: 'pkg:npm/caniuse-lite' - - name: 'Setup Node.js' - uses: actions/setup-node@v4 - with: - node-version: '18.x' - - name: 'Run depcheck' - run: | - npx depcheck --skip-missing --ignores="@babel/*,@commitlint/*,eslint-*,husky,mocha" - echo $? - if [[ $? == 1 ]]; then - echo "Unused dependencies or devDependencies found." - exit 1 - fi \ No newline at end of file diff --git a/.github/workflows/unused-dependencies.yml b/.github/workflows/unused-dependencies.yml new file mode 100644 index 00000000..28d7be11 --- /dev/null +++ b/.github/workflows/unused-dependencies.yml @@ -0,0 +1,26 @@ +name: 'Unused Dependencies Check' +on: [pull_request] + +permissions: + contents: read + pull-requests: write + +jobs: + unused-dependecies: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v4 + - name: 'Setup Node.js' + uses: actions/node@v4 + with: + node-version: '18.x' + - name: 'Run depcheck' + run: | + npx depcheck --skip-missing --ignores="@babel/*,@commitlint/*,@eslint-*,husky,mocha" + echo $? + if [[ $? == 1 ]]; then + echo "Unused dependencies or devDependencies found" + exit 1 + fi + From 9832264524ad992135aa26fd8bf73a44e3d6147b Mon Sep 17 00:00:00 2001 From: Divine Tettey Date: Fri, 14 Jun 2024 12:51:34 +0000 Subject: [PATCH 6/9] ci(unused-dependencies): update node setup action in unused-dependencies workflow --- .github/workflows/unused-dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unused-dependencies.yml b/.github/workflows/unused-dependencies.yml index 28d7be11..3498b26a 100644 --- a/.github/workflows/unused-dependencies.yml +++ b/.github/workflows/unused-dependencies.yml @@ -12,7 +12,7 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@v4 - name: 'Setup Node.js' - uses: actions/node@v4 + uses: actions/setup-node@v4 with: node-version: '18.x' - name: 'Run depcheck' From 01f38889a2b110eb9135b61350cdde110c9b58c3 Mon Sep 17 00:00:00 2001 From: Divine Tettey Date: Tue, 18 Jun 2024 09:08:56 +0000 Subject: [PATCH 7/9] ci(github-actions): update ignored packages(eslint,nyc,prettier,concurrently) in depcheck command --- .github/workflows/unused-dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unused-dependencies.yml b/.github/workflows/unused-dependencies.yml index 3498b26a..32dde55d 100644 --- a/.github/workflows/unused-dependencies.yml +++ b/.github/workflows/unused-dependencies.yml @@ -17,7 +17,7 @@ jobs: node-version: '18.x' - name: 'Run depcheck' run: | - npx depcheck --skip-missing --ignores="@babel/*,@commitlint/*,@eslint-*,husky,mocha" + npx depcheck --skip-missing --ignores="@babel/*,@commitlint/*,eslint,eslint-*,husky,mocha,concurrently,nyc,prettier" echo $? if [[ $? == 1 ]]; then echo "Unused dependencies or devDependencies found" From 4d54e57cf2e57d6803f280b344672044109ce63d Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Tue, 18 Jun 2024 13:26:20 +0100 Subject: [PATCH 8/9] Update .github/workflows/unused-dependencies.yml --- .github/workflows/unused-dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unused-dependencies.yml b/.github/workflows/unused-dependencies.yml index 32dde55d..85b0f16d 100644 --- a/.github/workflows/unused-dependencies.yml +++ b/.github/workflows/unused-dependencies.yml @@ -1,4 +1,4 @@ -name: 'Unused Dependencies Check' +name: 'Unused Dependencies' on: [pull_request] permissions: From d4110dc5f444e55fbc71bec8afd8551c2187c410 Mon Sep 17 00:00:00 2001 From: Divine Tettey Date: Tue, 18 Jun 2024 12:46:22 +0000 Subject: [PATCH 9/9] ci(.github/workflows): remove write access to pull-requests in unused-dependencies.yml --- .github/workflows/unused-dependencies.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/unused-dependencies.yml b/.github/workflows/unused-dependencies.yml index 85b0f16d..e25beda7 100644 --- a/.github/workflows/unused-dependencies.yml +++ b/.github/workflows/unused-dependencies.yml @@ -3,7 +3,6 @@ on: [pull_request] permissions: contents: read - pull-requests: write jobs: unused-dependecies: