.github/workflows/ci.yml

name: Continuous Integration
on:
  # Main branch updated
  push:
    branches:
      - main
  # Pull request
  pull_request:
    types:
      # Newly opened
      - opened
      # Updated (excludes change of base branch)
      - synchronize

jobs:
  test:
    strategy:
      matrix:
        platform: [ ubuntu-latest, macos-latest, windows-latest ]
        node-version: [ ^18.0.0, ^20.0.0 ]
    runs-on: ${{ matrix.platform }}
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
    - uses: actions/cache@v4
      with:
        path: ~/.pnpm-store
        key: pnpm-store+${{matrix.platform}}+${{matrix.node-version}}+${{ hashFiles('**/pnpm-lock.yaml') }}
        restore-keys: pnpm-store+${{matrix.platform}}+
    - uses: pnpm/action-setup@v4.0.0
      with:
        version: ^8.15.4
        run_install: true
    - run: pnpm run compile
    - run: ./node_modules/.bin/c8 --reporter=lcovonly pnpm test
    - uses: codecov/codecov-action@v5.0.2

  release-readiness:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: write
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-node@v4
      with:
        node-version: ^20.0.0
    - uses: actions/cache@v4
      with:
        path: ~/.pnpm-store
        key: pnpm-store+ubuntu-latest+^16.0.0+${{ hashFiles('**/pnpm-lock.yaml') }}
        restore-keys: pnpm-store+ubuntu-latest+
    - uses: pnpm/action-setup@v4.0.0
      with:
        version: ^8.15.4
        run_install: true
    - run: pnpm run release-readiness

  dependabot-approveOrMerge:
    needs: [test, release-readiness]
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: write
    steps:
    - uses: actions/checkout@v4
    - name: Assess changes
      uses: tony84727/changed-file-filter@v0.2.5
      id: filter
      with:
        filters: |
          requirementsChanged:
            - 'package.json'
    - name: Merge lockfile changes
      uses: fastify/github-action-merge-dependabot@v3.11.0
      if: steps.filter.outputs.requirementsChanged == 'false'
      with:
        github-token: ${{ secrets.GITHUB_TOKEN }}
    - name: Approve requirement changes
      uses: fastify/github-action-merge-dependabot@v3.11.0
      if: steps.filter.outputs.requirementsChanged == 'true'
      with:
        github-token: ${{ secrets.GITHUB_TOKEN }}
        approve-only: true