Skip to content

chore(deps): update actions/setup-node action to v4 #285

chore(deps): update actions/setup-node action to v4

chore(deps): update actions/setup-node action to v4 #285

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the action will run. Triggers the workflow on push or pull request
on:
push:
branches: [ main ]
pull_request:
types: [opened, synchronize, reopened]
workflow_call:
secrets:
CODECOV_TOKEN:
required: true
SONAR_TOKEN:
required: true
SNYK_TOKEN:
required: true
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
prepare:
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: pnpm/action-setup@v2
name: Install pnpm
id: pnpm-install
with:
run_install: true
version: latest
- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
name: Setup pnpm cache
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install
list-packages:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v2
name: Install pnpm
id: pnpm-install
with:
run_install: true
version: latest
- id: set-matrix
run: |
export MATRIX=$(pnpm -s m ls --depth -1 -F "./packages/**" --json | jq -c)
echo "matrix=${MATRIX}" | tee -a $GITHUB_OUTPUT
tests:
needs: [prepare, list-packages]
strategy:
fail-fast: false
matrix:
package: ${{ fromJson(needs.list-packages.outputs.matrix) }}
node-version: [ lts/*, 16, 18, 20, latest ]
# The type of runner that the job will run on
runs-on: ubuntu-latest
name: Test package ${{ matrix.package.name }} with node ${{ matrix.node-version }}
permissions:
checks: write
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./.github/workflows/build_and_test
with:
node-version: ${{ matrix.node-version }}
package_path: ${{ matrix.package.path }}
package_name: ${{ matrix.package.name }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
metrics:
needs: [prepare, list-packages]
strategy:
fail-fast: false
matrix:
package: ${{ fromJson(needs.list-packages.outputs.matrix) }}
# The type of runner that the job will run on
runs-on: ubuntu-latest
name: Test and send metrics
permissions:
checks: write
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- uses: ./.github/workflows/build_and_test
with:
node-version: ${{ matrix.node-version }}
package_path: ${{ matrix.package.path }}
check: "true"
package_name: ${{ matrix.package.name }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
security:
permissions:
actions: read
contents: read
security-events: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: pnpm/action-setup@v2
name: Install pnpm
id: pnpm-install
with:
run_install: true
version: latest
- name: Get pnpm store directory
id: pnpm-cache
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
name: Setup pnpm cache
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --all-projects --exclude=examples,dev
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif