[Snyk] Security upgrade node from 18.14.0 to 18.20.5 #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
pull_request: | |
branches: | |
- main | |
env: | |
XDG_CACHE_HOME: ${{ github.workspace }}/.cache | |
jobs: | |
test: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v3.3.0 | |
- name: Install Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
node-version: 18 | |
- name: patch node gyp on windows to support Visual Studio 2019 | |
shell: powershell | |
if: runner.os == 'Windows' | |
run: | | |
npm install --global node-gyp@latest | |
npm prefix -g | % {npm config set node_gyp "$_\node_modules\node-gyp\bin\node-gyp.js"} | |
- name: Restore .cache | |
uses: actions/cache@v3.2.4 | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('**/package*json', '**/package-lock.json', '**/*config.js', '**/*.patch') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('**/package*json', '**/package-lock.json', '**/*config.js', '**/*.patch') }} | |
${{ runner.os }}- | |
- name: Restore node_modules | |
id: yarn-cache | |
uses: actions/cache@v3.2.4 | |
with: | |
path: node_modules | |
key: ${{ runner.os }}-${{ hashFiles('**/package*json', '**/package-lock.json', '**/*config.js', '**/*.patch') }} | |
- name: Install dependencies | |
if: steps.yarn-cache.outputs.cache-hit != 'true' | |
run: npm run ci:install | |
- name: Build | |
run: npm run ci:build | |
- name: Show build/ | |
run: du -h build/* | |
- name: Show dist/bundles/* | |
run: du -h add-on/dist/bundles/* | |
- name: Test | |
run: npm run ci:test | |
# tests should finish <30s, if it takes longer its a bug - fail fast | |
timeout-minutes: 5 | |
- name: Lint | |
# bundles are too big on Windows and fail addon-lint | |
# but as long we don't build releases on Windows, can be ignored | |
if: runner.os != 'Windows' | |
run: npm run ci:lint | |
# Persist produced binaries and effective config used for building them | |
# - this is not for releases, but for quick testing during the dev | |
# - action artifacts can be downloaded for 90 days, then are removed by github | |
# - binaries in PRs from forks won't be signed | |
- name: Attach produced packages to Github Action | |
uses: actions/upload-artifact@v3.1.2 | |
with: | |
name: built-on-${{ matrix.os }} | |
path: build/ipfs_companion*.* | |
if-no-files-found: error | |
- name: Show Cache | |
run: du -h ${{ github.workspace }}/.cache/* || true | |
release-pr: | |
runs-on: ubuntu-latest | |
needs: [test] | |
if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
steps: | |
- uses: google-github-actions/release-please-action@v3.7.3 | |
with: | |
changelog-notes-type: github | |
release-type: node | |
skip-github-release: true | |
skip-labeling: true | |
extra-files: | | |
add-on/manifest.common.json | |
release-assets: | |
runs-on: ubuntu-latest | |
needs: [test] | |
if: | | |
contains(github.ref, 'refs/tags/') && | |
(github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v3.3.0 | |
- name: Install Node.js | |
uses: actions/setup-node@v3.6.0 | |
with: | |
node-version: 18 | |
- name: Restore .cache | |
uses: actions/cache@v3.2.4 | |
id: cache | |
with: | |
path: ${{ github.workspace }}/.cache | |
key: ${{ runner.os }}-${{ hashFiles('**/package*json', '**/package-lock.json', '**/*config.js', '**/*.patch') }} | |
restore-keys: | | |
${{ runner.os }}-${{ hashFiles('**/package*json', '**/package-lock.json', '**/*config.js', '**/*.patch') }} | |
${{ runner.os }}- | |
- name: Restore node_modules | |
id: yarn-cache | |
uses: actions/cache@v3.2.4 | |
with: | |
path: node_modules | |
key: ${{ runner.os }}-${{ hashFiles('**/package*json', '**/package-lock.json', '**/*config.js', '**/*.patch') }} | |
- name: Install dependencies | |
if: steps.yarn-cache.outputs.cache-hit != 'true' | |
run: npm run ci:install | |
- name: Build Stable Release | |
run: npm run ci:build:stable | |
- name: Release | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
with: | |
files: build/*.zip | |
fail_on_unmatched_files: true | |
generate_release_notes: true | |
draft: true | |
append_body: true | |
body: 'Automated Release, please upload artifacts to respective webstores and mark this draft as released.' |