diff --git a/.github/renovate.json b/.github/renovate.json index 0518e8cf..4922bd32 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -16,7 +16,11 @@ "group:commitlintMonorepo" ], "schedule": ["before 5am every weekday", "every weekend"], - "lockFileMaintenance": { "enabled": true, "automerge": true }, + "lockFileMaintenance": { + "enabled": true, + "automerge": true, + "automergeType": "branch" + }, "labels": ["dependencies"], "osvVulnerabilityAlerts": true, "packageRules": [ @@ -67,7 +71,8 @@ { "matchDepTypes": ["devDependencies"], "matchUpdateTypes": ["minor", "patch"], - "automerge": true + "automerge": true, + "automergeType": "branch" } ] } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 31bdfbe7..04303288 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Test & Release +name: Release on: push: @@ -8,32 +8,37 @@ on: - '+([0-9])?(.{+([0-9]),x}).x' jobs: - lint-and-test: + test: uses: ./.github/workflows/test.yml - secrets: inherit release: - needs: lint-and-test + needs: test runs-on: ubuntu-latest - env: - node-version: 20.x steps: - name: Checkout project uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: persist-credentials: false - - name: Use Node.js ${{ env.node-version }} + + - name: Use Node.js LTS uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4 with: - node-version: ${{ env.node-version }} + node-version: 'lts/*' + cache: npm + - name: Install packages run: npm ci + + - name: Audit npm signatures + run: npm audit signatures + - name: Build project run: npm run build + - name: Run Semantic Release - run: npm run release + run: npx semantic-release env: GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 70d39cf7..88b0c3cb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,34 +1,61 @@ -name: Lint & Test +name: Test on: - workflow_call: + push: + branches: + - renovate/** # branches generated by https://github.com/apps/renovate pull_request: branches: - main - beta - '+([0-9])?(.{+([0-9]),x}).x' + workflow_call: jobs: - lint-and-test: - runs-on: ${{ matrix.os }} + test_matrix: strategy: matrix: - node: [16.x, 18.x, 20.x] os: [ubuntu-latest, windows-latest, macos-latest] + node: [16, 18, 20] + + runs-on: ${{ matrix.os }} + timeout-minutes: 5 steps: - name: Checkout project uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: Use Node.js ${{ matrix.node }} uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4 with: node-version: ${{ matrix.node }} cache: 'npm' + - name: Install packages run: npm ci - - name: Build project - run: npm run build + + - name: Audit npm signatures + run: npm audit signatures + - name: Check codestyle compliance run: npm run lint + + - name: Build project + run: npm run build + - name: Run tests run: npm run test + + # separate job to set as required status check in branch protection + required_check: + runs-on: ubuntu-latest + needs: + - test_matrix + if: always() + steps: + - name: All required jobs and matrix versions passed + if: ${{ !(contains(needs.*.result, 'failure')) }} + run: exit 0 + - name: Some required jobs or matrix versions failed + if: ${{ contains(needs.*.result, 'failure') }} + run: exit 1 diff --git a/package.json b/package.json index 919d8293..a66c4061 100644 --- a/package.json +++ b/package.json @@ -19,8 +19,7 @@ "lint:fix": "npm run lint:eslint -- --fix && npm run lint:prettier -- --write", "test": "jest --coverage", "test:watch": "jest --watch --coverage", - "prepare": "husky install", - "release": "semantic-release" + "prepare": "husky install" }, "dependencies": { "@types/luxon": "~3.3.0",