chore(deps): bump rollup from 4.61.0 to 4.61.1 in the npm-minor-and-p… #94
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: '🏗️ CI' | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: ['main', 'beta'] | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.ref }}' | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| ci: | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: 'read' # to check out the repository | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v6.0.2 | |
| with: { ref: '${{ github.event.pull_request.head.sha }}' } | |
| - name: 'Setup Node.js' | |
| uses: actions/setup-node@v6.4.0 | |
| with: { node-version-file: '.nvmrc', cache: 'npm' } | |
| - name: 'Install' | |
| run: npm ci --no-fund --no-audit | |
| - name: 'Test' | |
| run: npm run test | |
| - name: 'Upload coverage report' | |
| uses: actions/upload-artifact@v7.0.1 | |
| with: | |
| name: 'cobertura-report' | |
| path: 'coverage/cobertura-coverage.xml' | |
| if-no-files-found: 'error' | |
| - name: 'Audit' | |
| # Registry attestation lookups occasionally 404 transiently, so retry | |
| # with backoff before treating it as a real signature failure. | |
| run: | | |
| for attempt in 1 2 3; do | |
| if npm audit signatures; then | |
| exit 0 | |
| fi | |
| if [ "$attempt" -lt 3 ]; then | |
| echo "::warning::npm audit signatures failed (attempt ${attempt}/3), retrying in $((attempt * 10))s..." | |
| sleep $((attempt * 10)) | |
| fi | |
| done | |
| echo "::error::npm audit signatures failed after 3 attempts" | |
| exit 1 | |
| - name: 'Lint' | |
| run: npm run lint:check | |
| - name: 'Format' | |
| run: npm run format:check | |
| - name: 'Build' | |
| run: npm run build | |
| - name: 'Pack tarball' | |
| run: npm pack ./dist --pack-destination . | |
| - name: 'Upload package tarball' | |
| uses: actions/upload-artifact@v7.0.1 | |
| with: | |
| name: 'npm-package' | |
| path: '*.tgz' | |
| if-no-files-found: 'error' | |
| upload-coverage: | |
| needs: 'ci' | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: 'read' | |
| code-quality: 'write' # to upload coverage to GitHub's code coverage API | |
| pull-requests: 'read' # to resolve the PR number on push events | |
| steps: | |
| - name: 'Download coverage report' | |
| uses: actions/download-artifact@v8.0.1 | |
| with: { name: 'cobertura-report' } | |
| - name: 'Upload to code coverage API' | |
| uses: actions/upload-code-coverage@v1.3.0 | |
| with: | |
| file: 'cobertura-coverage.xml' | |
| language: 'TypeScript' | |
| label: 'code-coverage/jest' | |
| smoke: | |
| needs: 'ci' | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: 'read' # to check out the repository | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node: ['lts/hydrogen', 'lts/iron', 'lts/jod', 'lts/krypton'] | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v6.0.2 | |
| with: { ref: '${{ github.event.pull_request.head.sha }}' } | |
| - name: 'Setup Node.js' | |
| uses: actions/setup-node@v6.4.0 | |
| with: { node-version: '${{ matrix.node }}' } | |
| - name: 'Download package tarball' | |
| uses: actions/download-artifact@v8.0.1 | |
| with: { name: 'npm-package', path: 'pkg' } | |
| # Install the packed artifact in a clean project and exercise the public | |
| # entry points via both `import` and `require` on each Node version, | |
| # without rebuilding from source. | |
| - name: 'Smoke test (ESM + CJS)' | |
| run: | | |
| work="$(mktemp -d)" | |
| cp test/smoke.mjs test/smoke.cjs "$work"/ | |
| cd "$work" | |
| npm init -y >/dev/null | |
| npm install "$GITHUB_WORKSPACE"/pkg/*.tgz --no-fund --no-audit | |
| node smoke.mjs | |
| node smoke.cjs | |
| e2e: | |
| needs: 'ci' | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: 'read' # to check out the repository | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v6.0.2 | |
| with: { ref: '${{ github.event.pull_request.head.sha }}' } | |
| - name: 'Setup Node.js' | |
| uses: actions/setup-node@v6.4.0 | |
| with: { node-version-file: '.nvmrc' } | |
| - name: 'Download package tarball' | |
| uses: actions/download-artifact@v8.0.1 | |
| with: { name: 'npm-package', path: 'pkg' } | |
| - name: 'Configure kernel for Elasticsearch' | |
| run: sudo sysctl -w vm.max_map_count=262144 | |
| - name: 'Start SonarQube' | |
| run: docker compose up --detach | |
| - name: 'Wait for SonarQube to be ready' | |
| run: | | |
| echo 'Waiting for SonarQube to report status UP...' | |
| for attempt in $(seq 1 60); do | |
| body="$(curl -fsS http://localhost:9000/api/system/status || true)" | |
| echo "attempt ${attempt}: ${body:-<no response>}" | |
| case "$body" in | |
| *'"status":"UP"'*) | |
| echo 'SonarQube is UP' | |
| exit 0 | |
| ;; | |
| esac | |
| sleep 5 | |
| done | |
| echo '::error::SonarQube did not become ready in time' | |
| exit 1 | |
| # Install the packed artifact in a clean project and exercise the client | |
| # against the live SonarQube instance. | |
| - name: 'Run e2e tests' | |
| run: | | |
| work="$(mktemp -d)" | |
| cp test/e2e.mjs "$work"/ | |
| cd "$work" | |
| npm init -y >/dev/null | |
| npm install "$GITHUB_WORKSPACE"/pkg/*.tgz --no-fund --no-audit | |
| node e2e.mjs | |
| env: | |
| SONAR_BASE_URL: 'http://localhost:9000' | |
| - name: 'Dump SonarQube logs' | |
| if: failure() | |
| run: docker compose logs --no-color sonarqube | |
| - name: 'Stop SonarQube' | |
| if: always() | |
| run: docker compose down --volumes | |
| release: | |
| needs: ['ci', 'smoke', 'e2e'] | |
| runs-on: 'ubuntu-latest' | |
| # Only enter the protected release environment for real releases; pull | |
| # request dry runs run without it (its branch policy blocks PR refs). | |
| environment: ${{ github.event_name == 'push' && 'release' || '' }} | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: 'write' # to be able to publish a GitHub release | |
| issues: 'write' # to be able to comment on released issues | |
| pull-requests: 'write' # to be able to comment on released pull requests | |
| id-token: 'write' # OIDC: npm trusted publishing (token-free auth) + provenance | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v6.0.2 | |
| with: { fetch-depth: '0', ref: '${{ github.event.pull_request.head.sha }}' } | |
| - name: 'Setup Node.js' | |
| uses: actions/setup-node@v6.4.0 | |
| with: { node-version-file: '.nvmrc', cache: 'npm' } | |
| - name: 'Install' | |
| run: npm ci --no-fund --no-audit | |
| - name: 'Build' | |
| run: npm run build | |
| - name: '🎉 Release' | |
| run: npm run release ${{ github.event_name != 'push' && '-- --dry-run' || '' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_CONFIG_PROVENANCE: 'true' # attach npm provenance via OIDC |