docs: add funding information #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # spellchecker:ignore: aquasecurity, htmlproofer, junitresults, martinbeentjes, nvmrc, vuln | |
| name: "Node.js CI" | |
| on: | |
| push: | |
| pull_request: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Otherwise the commitlint checks would fail for `--from initial` since by default only the last commit is fetched | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .nvmrc | |
| cache: "npm" | |
| - name: Check for Git conflict markers | |
| run: git diff --check | |
| - name: Install NPM packages | |
| run: npm ci | |
| - name: Audit NPM package signatures # protects against attacks via a registry mirror or proxy (https://docs.npmjs.com/about-registry-signatures) | |
| run: npm audit signatures | |
| - name: Check commit messages (commitlint) | |
| run: npx commitlint --from initial_algebra.ts --to HEAD # don't check commits from before the fork | |
| - name: Check spelling (CSpell) | |
| run: npx cspell --dot . | |
| - name: Check formatting (Prettier) | |
| run: npx prettier --check . | |
| - name: Lint Markdown (markdownlint) | |
| run: npx markdownlint-cli2 '**/*.md' '#node_modules' | |
| - name: Lint JavaScript (ESLint) | |
| run: npx eslint --max-warnings=0 . | |
| - name: Test (Jest) | |
| run: npm run test:ci | |
| - name: Coverage (Jest to Coveralls) | |
| env: | |
| COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
| run: npm run coveralls | |
| - name: Build | |
| run: npm run build | |
| - name: get-npm-version | |
| if: ${{ github.ref_type == 'tag' }} | |
| id: package-version | |
| uses: martinbeentjes/npm-get-version-action@v1.3.1 | |
| - name: Upload build artifact for Git tags | |
| if: ${{ github.ref_type == 'tag' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: algebra-${{ steps.package-version.outputs.current-version }}.ts | |
| path: "dist/algebra-${{ steps.package-version.outputs.current-version }}.*" | |
| - name: Test summary | |
| if: always() | |
| uses: test-summary/action@v2.3 | |
| with: | |
| paths: .jest-results/junit.xml | |
| check_documentation: | |
| name: check documentation | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: docs | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
| working-directory: docs | |
| - name: Generate documentation | |
| run: bundle exec jekyll build --strict_front_matter --destination ./_site/algebra.ts --baseurl /algebra.ts # use `destination` to simulate non-root hosting for `htmlproofer` | |
| - name: Check documentation (html-proofer) | |
| run: bundle exec htmlproofer --typhoeus='{"headers":{"User-Agent":"Mozilla/5.0 (compatible; GitHub build HTML checker)"}}' ./_site # Some sites block the default `html-proofer` user agent. Since the builds and their resulting checks are infrequent, this workaround should be acceptable. | |
| security_scan: | |
| name: security scan | |
| runs-on: ubuntu-latest | |
| needs: build | |
| timeout-minutes: 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .nvmrc | |
| cache: "npm" | |
| - name: Install project production dependencies | |
| run: npm install --omit=dev --ignore-scripts # `--ignore-scripts` is needed because normally the dev dependencies are installed including Husky but they are omitted for the security scan and `scripts.prepare` in `package.json` runs `husky install`. | |
| - name: Run security scan with Trivy | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: fs | |
| scanners: vuln,secret,config | |
| format: table | |
| exit-code: 1 |