Skip to content
CI

Stabilize monorepo packages for safe use and release #94

Sign in to view logs

Stabilize monorepo packages for safe use and release

Stabilize monorepo packages for safe use and release #94

Workflow file for this run

.github/workflows/ci.yml at 7f844ae
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'push' }}
jobs:
prepare-deps:
name: Prepare Dependencies
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 9
- name: Cache pnpm store
uses: actions/cache@v4
with:
path: |
~/.pnpm-store
~/.local/share/pnpm/store
~/.cache/pnpm
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Configure pnpm store
run: pnpm config set store-dir ./.pnpm-store
- name: Install dependencies
run: pnpm install --frozen-lockfile --store-dir ./.pnpm-store
- name: Upload pnpm store
uses: actions/upload-artifact@v4
with:
name: pnpm-store-${{ matrix.os }}
path: ./.pnpm-store
# Matrix testing across Node versions and OS
test-matrix:
needs: [prepare-deps]
name: Test (Node ${{ matrix.node }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
node: [18, 20, 22]
os: [ubuntu-latest, windows-latest, macos-latest]
exclude:
# Skip some combinations to reduce CI time
# Windows runners are currently failing during pnpm bootstrap with
# intermittent npm registry 403 responses before project code runs.
# Keep Linux/macOS matrix coverage until runner-side issue is resolved.
- node: 18
os: windows-latest
- node: 20
os: windows-latest
- node: 22
os: windows-latest
- node: 22
os: macos-latest
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 9
- name: Cache pnpm store
uses: actions/cache@v4
with:
path: |
~/.pnpm-store
~/.local/share/pnpm/store
~/.cache/pnpm
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Setup Node.js ${{ matrix.node }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: 'pnpm'
- name: Download pnpm store
uses: actions/download-artifact@v4
with:
name: pnpm-store-${{ matrix.os }}
path: ./pnpm-store
- name: Configure pnpm store
run: pnpm config set store-dir ./pnpm-store
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline --store-dir ./pnpm-store
- name: Test
run: pnpm test:coverage
if: matrix.os == 'ubuntu-latest' && matrix.node == 20
- name: Test (no coverage)
run: pnpm test
if: matrix.os != 'ubuntu-latest' || matrix.node != 20
- name: Upload Coverage
if: matrix.os == 'ubuntu-latest' && matrix.node == 20
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: false
lint:
needs: [prepare-deps]
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 9
- name: Cache pnpm store
uses: actions/cache@v4
with:
path: |
~/.pnpm-store
~/.local/share/pnpm/store
~/.cache/pnpm
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Download pnpm store
uses: actions/download-artifact@v4
with:
name: pnpm-store-ubuntu-latest
path: ./pnpm-store
- name: Configure pnpm store
run: pnpm config set store-dir ./pnpm-store
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline --store-dir ./pnpm-store
- name: Lint
run: pnpm lint
typecheck:
needs: [prepare-deps]
name: Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 9
- name: Cache pnpm store
uses: actions/cache@v4
with:
path: |
~/.pnpm-store
~/.local/share/pnpm/store
~/.cache/pnpm
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Download pnpm store
uses: actions/download-artifact@v4
with:
name: pnpm-store-ubuntu-latest
path: ./pnpm-store
- name: Configure pnpm store
run: pnpm config set store-dir ./pnpm-store
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline --store-dir ./pnpm-store
- name: Type Check
run: pnpm typecheck
build:
name: Build
runs-on: ubuntu-latest
needs: [lint, typecheck, test-matrix]
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 9
- name: Cache pnpm store
uses: actions/cache@v4
with:
path: |
~/.pnpm-store
~/.local/share/pnpm/store
~/.cache/pnpm
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Download pnpm store
uses: actions/download-artifact@v4
with:
name: pnpm-store-ubuntu-latest
path: ./pnpm-store
- name: Configure pnpm store
run: pnpm config set store-dir ./pnpm-store
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline --store-dir ./pnpm-store
- name: Build
run: pnpm build
- name: Upload Build Artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: packages/*/dist
retention-days: 7
security:
needs: [prepare-deps]
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 9
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run Security Audit
run: pnpm audit --audit-level=moderate
continue-on-error: true
# Snyk security scan for vulnerability detection
# Note: The SNYK_TOKEN is automatically masked by GitHub Actions and will not appear in logs.
# For detailed vulnerability reports, monitor the Snyk dashboard directly at https://snyk.io
# rather than relying solely on CI output.
- name: Run Snyk Security Scan
uses: snyk/actions/node@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}