Skip to content

chore(deps): bump rollup from 4.61.0 to 4.61.1 in the npm-minor-and-p… #94

chore(deps): bump rollup from 4.61.0 to 4.61.1 in the npm-minor-and-p…

chore(deps): bump rollup from 4.61.0 to 4.61.1 in the npm-minor-and-p… #94

Workflow file for this run

---
name: '🏗️ CI'
on:
workflow_dispatch:
pull_request:
push:
branches: ['main', 'beta']
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}'
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
ci:
runs-on: 'ubuntu-latest'
timeout-minutes: 10
permissions:
contents: 'read' # to check out the repository
steps:
- name: 'Checkout'
uses: actions/checkout@v6.0.2
with: { ref: '${{ github.event.pull_request.head.sha }}' }
- name: 'Setup Node.js'
uses: actions/setup-node@v6.4.0
with: { node-version-file: '.nvmrc', cache: 'npm' }
- name: 'Install'
run: npm ci --no-fund --no-audit
- name: 'Test'
run: npm run test
- name: 'Upload coverage report'
uses: actions/upload-artifact@v7.0.1
with:
name: 'cobertura-report'
path: 'coverage/cobertura-coverage.xml'
if-no-files-found: 'error'
- name: 'Audit'
# Registry attestation lookups occasionally 404 transiently, so retry
# with backoff before treating it as a real signature failure.
run: |
for attempt in 1 2 3; do
if npm audit signatures; then
exit 0
fi
if [ "$attempt" -lt 3 ]; then
echo "::warning::npm audit signatures failed (attempt ${attempt}/3), retrying in $((attempt * 10))s..."
sleep $((attempt * 10))
fi
done
echo "::error::npm audit signatures failed after 3 attempts"
exit 1
- name: 'Lint'
run: npm run lint:check
- name: 'Format'
run: npm run format:check
- name: 'Build'
run: npm run build
- name: 'Pack tarball'
run: npm pack ./dist --pack-destination .
- name: 'Upload package tarball'
uses: actions/upload-artifact@v7.0.1
with:
name: 'npm-package'
path: '*.tgz'
if-no-files-found: 'error'
upload-coverage:
needs: 'ci'
runs-on: 'ubuntu-latest'
timeout-minutes: 10
permissions:
contents: 'read'
code-quality: 'write' # to upload coverage to GitHub's code coverage API
pull-requests: 'read' # to resolve the PR number on push events
steps:
- name: 'Download coverage report'
uses: actions/download-artifact@v8.0.1
with: { name: 'cobertura-report' }
- name: 'Upload to code coverage API'
uses: actions/upload-code-coverage@v1.3.0
with:
file: 'cobertura-coverage.xml'
language: 'TypeScript'
label: 'code-coverage/jest'
smoke:
needs: 'ci'
runs-on: 'ubuntu-latest'
timeout-minutes: 10
permissions:
contents: 'read' # to check out the repository
strategy:
fail-fast: false
matrix:
node: ['lts/hydrogen', 'lts/iron', 'lts/jod', 'lts/krypton']
steps:
- name: 'Checkout'
uses: actions/checkout@v6.0.2
with: { ref: '${{ github.event.pull_request.head.sha }}' }
- name: 'Setup Node.js'
uses: actions/setup-node@v6.4.0
with: { node-version: '${{ matrix.node }}' }
- name: 'Download package tarball'
uses: actions/download-artifact@v8.0.1
with: { name: 'npm-package', path: 'pkg' }
# Install the packed artifact in a clean project and exercise the public
# entry points via both `import` and `require` on each Node version,
# without rebuilding from source.
- name: 'Smoke test (ESM + CJS)'
run: |
work="$(mktemp -d)"
cp test/smoke.mjs test/smoke.cjs "$work"/
cd "$work"
npm init -y >/dev/null
npm install "$GITHUB_WORKSPACE"/pkg/*.tgz --no-fund --no-audit
node smoke.mjs
node smoke.cjs
e2e:
needs: 'ci'
runs-on: 'ubuntu-latest'
timeout-minutes: 15
permissions:
contents: 'read' # to check out the repository
steps:
- name: 'Checkout'
uses: actions/checkout@v6.0.2
with: { ref: '${{ github.event.pull_request.head.sha }}' }
- name: 'Setup Node.js'
uses: actions/setup-node@v6.4.0
with: { node-version-file: '.nvmrc' }
- name: 'Download package tarball'
uses: actions/download-artifact@v8.0.1
with: { name: 'npm-package', path: 'pkg' }
- name: 'Configure kernel for Elasticsearch'
run: sudo sysctl -w vm.max_map_count=262144
- name: 'Start SonarQube'
run: docker compose up --detach
- name: 'Wait for SonarQube to be ready'
run: |
echo 'Waiting for SonarQube to report status UP...'
for attempt in $(seq 1 60); do
body="$(curl -fsS http://localhost:9000/api/system/status || true)"
echo "attempt ${attempt}: ${body:-<no response>}"
case "$body" in
*'"status":"UP"'*)
echo 'SonarQube is UP'
exit 0
;;
esac
sleep 5
done
echo '::error::SonarQube did not become ready in time'
exit 1
# Install the packed artifact in a clean project and exercise the client
# against the live SonarQube instance.
- name: 'Run e2e tests'
run: |
work="$(mktemp -d)"
cp test/e2e.mjs "$work"/
cd "$work"
npm init -y >/dev/null
npm install "$GITHUB_WORKSPACE"/pkg/*.tgz --no-fund --no-audit
node e2e.mjs
env:
SONAR_BASE_URL: 'http://localhost:9000'
- name: 'Dump SonarQube logs'
if: failure()
run: docker compose logs --no-color sonarqube
- name: 'Stop SonarQube'
if: always()
run: docker compose down --volumes
release:
needs: ['ci', 'smoke', 'e2e']
runs-on: 'ubuntu-latest'
# Only enter the protected release environment for real releases; pull
# request dry runs run without it (its branch policy blocks PR refs).
environment: ${{ github.event_name == 'push' && 'release' || '' }}
timeout-minutes: 10
permissions:
contents: 'write' # to be able to publish a GitHub release
issues: 'write' # to be able to comment on released issues
pull-requests: 'write' # to be able to comment on released pull requests
id-token: 'write' # OIDC: npm trusted publishing (token-free auth) + provenance
steps:
- name: 'Checkout'
uses: actions/checkout@v6.0.2
with: { fetch-depth: '0', ref: '${{ github.event.pull_request.head.sha }}' }
- name: 'Setup Node.js'
uses: actions/setup-node@v6.4.0
with: { node-version-file: '.nvmrc', cache: 'npm' }
- name: 'Install'
run: npm ci --no-fund --no-audit
- name: 'Build'
run: npm run build
- name: '🎉 Release'
run: npm run release ${{ github.event_name != 'push' && '-- --dry-run' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_CONFIG_PROVENANCE: 'true' # attach npm provenance via OIDC