Skip to content

chore(deps): lock file maintenance #664

chore(deps): lock file maintenance

chore(deps): lock file maintenance #664

Workflow file for this run

# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
name: "Lint"
on: # yamllint disable-line rule:truthy
# eslint-disable-next-line yml/no-empty-mapping-value
pull_request: # yamllint disable-line rule:empty-values
types: ["opened", "synchronize"]
merge_group: # yamllint disable-line rule:empty-values
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
permissions:
contents: "read" # to fetch code (actions/checkout)
env:
NX_BRANCH: "${{ github.event.number }}"
NX_RUN_GROUP: "${{ github.run_id }}"
HEAD_REF: "${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref_name }}"
HEAD_REPOSITORY: "${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name || github.repository }}"
jobs:
files-changed:
name: "Detect what files changed"
if: "github.repository == 'anolilab/semantic-release'"
runs-on: "ubuntu-24.04"
timeout-minutes: 3
# Map a step output to a job output
outputs:
frontend_lintable: "${{ steps.changes.outputs.frontend_lintable }}"
markdown_lintable: "${{ steps.changes.outputs.markdown_lintable }}"
yaml_lintable: "${{ steps.changes.outputs.yaml_lintable }}"
package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" # v4.2.2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- name: "Check for file changes"
uses: "dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36" # v3.0.2
id: "changes"
with:
token: "${{ github.token }}"
filters: ".github/file-filters.yml"
eslint:
if: "needs.files-changed.outputs.frontend_lintable == 'true'"
needs: "files-changed"
name: "Lint (eslint)"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" # v4.2.2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
with:
# Number of commits to fetch. 0 indicates all history for all branches and tags.
# Pulls all commits (needed for NX)
fetch-depth: 0
- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
- name: "Setup resources and environment"
id: "setup"
uses: "anolilab/workflows/step/setup@main"
with:
cache-prefix: "lint"
# Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
- name: "Get changed files"
id: "files"
uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
with:
files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
base_sha: "${{ steps.setSHAs.outputs.base }}"
separator: ","
- name: "Build"
run: "pnpm run build:affected:packages --files=${{ steps.files.outputs.all_changed_files }}"
- name: "lint eslint"
run: "pnpm run lint:affected:eslint --files=${{ steps.files.outputs.all_changed_files }}"
- name: "Prepare nx cache"
shell: "bash"
run: "tar -cf - .nx/cache | lz4 > /tmp/nx_cache.tar.lz4" # compress nx cache
package-json-lint:
if: "needs.files-changed.outputs.package_json_lintable == 'true'"
needs: "files-changed"
name: "Lint (package.json)"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" # v4.2.2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
with:
# Number of commits to fetch. 0 indicates all history for all branches and tags.
# Pulls all commits (needed for NX)
fetch-depth: 0
- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
- name: "Setup resources and environment"
id: "setup"
uses: "anolilab/workflows/step/setup@main"
with:
cache-prefix: "lint"
# Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
- name: "Get changed files"
id: "files"
uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
with:
files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
base_sha: "${{ steps.setSHAs.outputs.base }}"
separator: ","
- name: "Build"
run: "pnpm run build:affected:packages --files=${{ steps.files.outputs.all_changed_files }}"
- name: "lint package.json"
run: "pnpm run lint:affected:package-json --files=${{ steps.files.outputs.all_changed_files }}"
- name: "Prepare nx cache"
shell: "bash"
run: "tar -cf - .nx/cache | lz4 > /tmp/nx_cache.tar.lz4" # compress nx cache
types-lint:
if: "needs.files-changed.outputs.frontend_lintable == 'true'"
needs: "files-changed"
name: "Lint (Typescript types)"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" # v4.2.2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
with:
# Number of commits to fetch. 0 indicates all history for all branches and tags.
# Pulls all commits (needed for NX)
fetch-depth: 0
- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
- name: "Setup resources and environment"
id: "setup"
uses: "anolilab/workflows/step/setup@main"
with:
cache-prefix: "lint"
# Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
- name: "Get changed files"
id: "files"
uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
with:
files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
base_sha: "${{ steps.setSHAs.outputs.base }}"
separator: ","
- name: "Build"
run: "pnpm run build:affected:packages --files=${{ steps.files.outputs.all_changed_files }}"
- name: "lint typescript files"
run: "pnpm run lint:affected:types --files=${{ steps.files.outputs.all_changed_files }}"
- name: "Prepare nx cache"
shell: "bash"
run: "tar -cf - .nx/cache | lz4 > /tmp/nx_cache.tar.lz4" # compress nx cache
yaml-lint:
if: "needs.files-changed.outputs.yaml_lintable == 'true'"
needs: "files-changed"
name: "Lint (yaml)"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" # v4.2.2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- name: "Lint YAML files"
uses: "ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c" # v3.1.1
with:
config_file: ".yamllint.yaml"
file_or_dir: "."
strict: true
lint-workflows:
if: "needs.files-changed.outputs.yaml_lintable == 'true'"
needs: "files-changed"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Git checkout"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" # v4.2.2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
# From https://github.com/rhysd/actionlint/main/docs/usage.md#use-actionlint-on-github-actions
- name: "Lint github workflows"
run: |
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
# The -ignore flag is used to ignore a specific error for a working solution in test.yml
./actionlint -color -shellcheck=""
markdown-lint:
if: "needs.files-changed.outputs.markdown_lintable == 'true'"
needs: "files-changed"
name: "Lint (markdown)"
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}"
uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" # v4.2.2
env:
GIT_COMMITTER_NAME: "GitHub Actions Shell"
GIT_AUTHOR_NAME: "GitHub Actions Shell"
EMAIL: "github-actions[bot]@users.noreply.github.com"
- uses: "pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2" # v4.0.0
with:
run_install: false
- name: "Use Node.js 18.x"
uses: "actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af" # v4.1.0
with:
node-version: "18.x"
cache: "pnpm"
- name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
run: "pnpm dlx audit-ci@^6 --config ./audit-ci.jsonc --report-type=summary"
- name: "Install packages"
run: "pnpm install --frozen-lockfile --prefer-offline"
env:
"PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD": 1
SKIP_CHECK: "true"
- name: "lint"
run: "pnpm run lint:text"
continue-on-error: true
- name: "skipping markdown lint for now"
run: "exit 0"
# This check runs once all dependant jobs have passed
# It symbolizes that all required Frontend checks have succesfully passed (Or skipped)
# This check is the only required GitHub check
test-required-check:
needs: ["files-changed", "eslint", "yaml-lint", "package-json-lint"] # TODO add "markdown-lint"
name: "Check Lint Run"
# This is necessary since a failed/skipped dependent job would cause this job to be skipped
if: "always()"
runs-on: "ubuntu-24.04"
steps:
# If any jobs we depend on fail, we will fail since this is a required check
# NOTE: A timeout is considered a failure
- name: "Harden Runner"
uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
with:
egress-policy: "audit"
- name: "Check for failures"
if: "contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')"
run: |
echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1