Skip to content

chore(deps): update actions/dependency-review-action action to v4.2.4 #55472

chore(deps): update actions/dependency-review-action action to v4.2.4

chore(deps): update actions/dependency-review-action action to v4.2.4 #55472

Workflow file for this run

name: Build
on:
push:
branches:
- main
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
merge_group:
workflow_dispatch:
inputs:
dryRun:
description: 'Dry-Run'
default: 'true'
required: false
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: ${{ github.ref_name != 'main' }}
env:
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
NODE_VERSION: 18
DRY_RUN: true
SPARSE_CHECKOUT: |-
.github/actions/
data/
tools/
package.json
pnpm-lock.yaml
jobs:
setup:
runs-on: ubuntu-latest
outputs:
os-matrix: ${{ steps.os-matrix.outputs.os-matrix }}
os-matrix-is-full: ${{ steps.os-matrix-is-full.outputs.os-matrix-is-full }}
os-matrix-prefetch: ${{ steps.os-matrix-prefetch.outputs.matrix }}
test-shard-matrix: ${{ steps.schedule-test-shards.outputs.test-shard-matrix }}
test-matrix-empty: ${{ steps.schedule-test-shards.outputs.test-matrix-empty }}
steps:
- name: Calculate `os-matrix-is-full` output
id: os-matrix-is-full
env:
IS_FULL: >-
${{
(
github.event_name != 'pull_request' ||
contains(github.event.pull_request.labels.*.name, 'ci:fulltest')
) && 'true' || ''
}}
run: |
echo 'OS_MATRIX_IS_FULL=${{ env.IS_FULL }}' >> "$GITHUB_ENV"
echo 'os-matrix-is-full=${{ env.IS_FULL }}' >> "$GITHUB_OUTPUT"
- name: Calculate `os-matrix` output
id: os-matrix
env:
OS_ALL: '["ubuntu-latest", "macos-latest", "windows-latest"]'
OS_LINUX_ONLY: '["ubuntu-latest"]'
run: |
echo 'os-matrix=${{
env.OS_MATRIX_IS_FULL && env.OS_ALL || env.OS_LINUX_ONLY
}}' >> "$GITHUB_OUTPUT"
- name: Detect changed files
if: ${{ github.event_name == 'pull_request' }}
id: changed-files
env:
GH_TOKEN: ${{ github.token }}
GH_REPO: ${{ github.event.repository.full_name }}
PR_URL: >-
https://api.github.com/repos/{owner}/{repo}/compare/${{
github.event.pull_request.base.sha
}}...${{
github.event.pull_request.head.sha
}}
JQ_FILTER: >-
"changed-files=" + ([.files[].filename] | tostring)
run: gh api ${{ env.PR_URL }} | jq -rc '${{ env.JQ_FILTER }}' >> "$GITHUB_OUTPUT"
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
filter: blob:none # we don't need all blobs
- name: Calculate matrix for `node_modules` prefetch
uses: ./.github/actions/calculate-prefetch-matrix
id: os-matrix-prefetch
with:
repo: ${{ github.event.repository.full_name }}
token: ${{ github.token }}
node-version: ${{ env.NODE_VERSION }}
- name: Prefetch modules for `ubuntu-latest`
id: setup-node
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
save-cache: true
- name: Schedule test shards
id: schedule-test-shards
env:
ALL_PLATFORMS: ${{ env.OS_MATRIX_IS_FULL }}
FILTER_SHARDS: ${{ github.event.pull_request.draft && 'true' || '' }}
CHANGED_FILES: ${{ steps.changed-files.outputs.changed-files }}
run: |
echo "$(pnpm -s schedule-test-shards)" >> "$GITHUB_OUTPUT"
prefetch:
needs: [setup]
# We can't check `needs.setup.outputs.os-matrix-is-full` here,
# as it will lead to further complications that aren't solvable
# with current GitHub Actions feature set.
#
# Although this job sometimes may act as short-lived `no-op`,
# it's actually the best option available.
#
# However, in draft mode we can skip this step.
if: |
!(github.event.pull_request.draft == true &&
needs.setup.outputs.test-matrix-empty == 'true')
strategy:
matrix:
os: ${{ fromJSON(needs.setup.outputs.os-matrix-prefetch) }}
node-version: [18]
runs-on: ${{ matrix.os }}
timeout-minutes: 10
steps:
- name: Checkout code
if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
filter: blob:none # we don't need all blobs
- name: Setup Node.js
if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux'
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
save-cache: true
lint-eslint:
needs: [setup]
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
actions: write
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Restore eslint cache
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: .cache/eslint
key: eslint-main-cache
- name: Lint
run: pnpm eslint-ci
- name: Remove cache
if: github.event_name == 'push'
env:
GH_TOKEN: ${{ github.token }}
GH_REPO: ${{ github.event.repository.full_name }}
run: |
gh api --method DELETE /repos/{owner}/{repo}/actions/caches?key=eslint-main-cache ||
echo "Cache not found"
- name: Save eslint cache
if: github.event_name == 'push'
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: .cache/eslint
key: eslint-main-cache
lint-prettier:
needs: [setup]
runs-on: ubuntu-latest
timeout-minutes: 7
permissions:
actions: write
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Restore prettier cache
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: .cache/prettier
key: prettier-main-cache
- name: Lint
run: pnpm prettier --cache-location .cache/prettier
- name: Remove cache
if: github.event_name == 'push'
env:
GH_TOKEN: ${{ github.token }}
GH_REPO: ${{ github.event.repository.full_name }}
run: |
gh api --method DELETE /repos/{owner}/{repo}/actions/caches?key=prettier-main-cache ||
echo "Cache not found"
- name: Save prettier cache
if: github.event_name == 'push'
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: .cache/prettier
key: prettier-main-cache
lint-docs:
needs: [setup]
runs-on: ubuntu-latest
timeout-minutes: 7
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Lint markdown
uses: DavidAnson/markdownlint-cli2-action@510b996878fc0d1a46c8a04ec86b06dbfba09de7 # v15.0.0
- name: Lint fenced code blocks
run: pnpm doc-fence-check
- name: Lint documentation
run: pnpm lint-documentation
- name: Markdown lint
run: pnpm markdown-lint
lint-other:
needs: [setup]
runs-on: ubuntu-latest
timeout-minutes: 7
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Type check
run: pnpm type-check
- name: Lint project file structure
run: pnpm ls-lint
- name: Check git version
run: pnpm git-check
- name: Test schema
run: pnpm test-schema
test:
needs: [setup, prefetch]
if: |
!(github.event.pull_request.draft == true &&
needs.setup.outputs.test-matrix-empty == 'true')
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
timeout-minutes: ${{ matrix.runner-timeout-minutes }}
strategy:
matrix:
include: ${{ fromJSON(needs.setup.outputs.test-shard-matrix) }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Cache jest
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: .cache/jest
key: |
jest-cache-${{
runner.os
}}-${{
env.NODE_VERSION
}}-${{
hashFiles('pnpm-lock.yaml')
}}-${{
matrix.cache-key
}}
- name: Unit tests
shell: bash
run: |
for shard in ${{ matrix.shards }};
do
TEST_SHARD="$shard" pnpm jest \
--ci \
--test-timeout ${{ matrix.test-timeout-milliseconds }} \
--coverage ${{ matrix.coverage }}
done
- name: Move coverage files
if: (success() || failure()) && github.event.pull_request.draft != true && matrix.coverage
run: |
mkdir -p ./coverage/lcov
mkdir -p ./coverage/json
for shard in ${{ matrix.shards }};
do
mv ./coverage/shard/$shard/lcov.info ./coverage/lcov/$shard.lcov
mv ./coverage/shard/$shard/coverage-final.json ./coverage/json/$shard.json
done
- name: Save coverage artifacts
if: (success() || failure()) && github.event.pull_request.draft != true && matrix.coverage
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ matrix.upload-artifact-name }}
path: |
./coverage/lcov
./coverage/json
codecov:
needs: [test]
runs-on: ubuntu-latest
timeout-minutes: 3
if: (success() || failure()) && github.event.pull_request.draft != true
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
filter: blob:none # we don't need all blobs
- name: Download coverage reports
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
pattern: coverage-*
path: coverage
merge-multiple: true
- name: Codecov
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3.1.6
with:
directory: coverage/lcov
fail_ci_if_error: true
verbose: true
coverage-threshold:
needs:
- test
runs-on: ubuntu-latest
timeout-minutes: 3
if: (success() || failure()) && github.event.pull_request.draft != true
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
filter: blob:none # we don't need all blobs
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Download coverage reports
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
pattern: coverage-*
path: coverage
merge-multiple: true
- name: Merge coverage reports
run: pnpm nyc merge ./coverage/json ./coverage/nyc/coverage.json
- name: Report coverage
run: pnpm nyc report -t ./coverage/nyc --skip-full -r text -r text-summary
- name: Check coverage threshold
run: |
pnpm nyc check-coverage -t ./coverage/nyc \
--branches 100 \
--functions 100 \
--lines 100 \
--statements 100
# Catch-all required check for test matrix and coverage
test-success:
needs:
- setup
- test
- codecov
- coverage-threshold
runs-on: ubuntu-latest
timeout-minutes: 1
if: always()
steps:
- name: Fail for failed or cancelled tests
if: |
needs.test.result == 'failure' ||
needs.test.result == 'cancelled'
run: exit 1
- name: Fail for skipped tests when PR is ready for review
if: |
github.event_name == 'pull_request' &&
github.event.pull_request.draft != true &&
needs.test.result == 'skipped'
run: exit 1
- name: Fail for failed or cancelled codecov
if: |
needs.codecov.result == 'failure' ||
needs.codecov.result == 'cancelled'
run: exit 1
- name: Fail for skipped codecov when PR is ready for review
if: |
github.event_name == 'pull_request' &&
github.event.pull_request.draft != true &&
needs.codecov.result == 'skipped'
run: exit 1
- name: Fail for failed or cancelled coverage-threshold
if: |
needs.coverage-threshold.result == 'failure' ||
needs.coverage-threshold.result == 'cancelled'
run: exit 1
- name: Fail for skipped coverage-threshold when PR is ready for review
if: |
github.event_name == 'pull_request' &&
github.event.pull_request.draft != true &&
needs.coverage-threshold.result == 'skipped'
run: exit 1
build:
needs: setup
runs-on: ubuntu-latest
timeout-minutes: 5
if: github.event.pull_request.draft != true
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Build
run: pnpm build
- name: Build docker
run: pnpm build:docker build --tries=3
env:
LOG_LEVEL: debug
- name: Pack
run: pnpm test-e2e:pack
- name: Upload
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: renovate-package
path: renovate-0.0.0-semantic-release.tgz
build-docs:
needs: [lint-docs]
runs-on: ubuntu-latest
timeout-minutes: 5
if: github.event.pull_request.draft != true
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: Build
run: pnpm build:docs
- name: Upload
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: docs
path: tmp/docs/
test-e2e:
needs: [build]
runs-on: 'ubuntu-latest'
timeout-minutes: 7
if: github.event.pull_request.draft != true
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Setup Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: ${{ env.NODE_VERSION }}
- name: Enable corepack
shell: bash
run: corepack enable
- name: Download package
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: renovate-package
- name: Install dependencies
run: pnpm test-e2e:install
- name: E2E Test
run: pnpm test-e2e:run
release:
needs:
- setup
- lint-eslint
- lint-prettier
- lint-docs
- lint-other
- test-e2e
- test-success
- build-docs
- codecov
- coverage-threshold
if: github.repository == 'renovatebot/renovate' && github.event_name != 'pull_request'
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
packages: write
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0 # zero stands for full checkout, which is required for semantic-release
show-progress: false
filter: blob:none # we don't need all blobs, only the full tree
- name: docker-config
uses: containerbase/internal-tools@fcbf031ba03a836d9502ea4da2f15f2848359561 # v3.0.68
with:
command: docker-config
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: Docker registry login
run: |
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Check dry run
run: |
if [[ "${{github.event_name}}" == "workflow_dispatch" && "${{ github.event.inputs.dryRun }}" != "true" ]]; then
echo "DRY_RUN=false" >> "$GITHUB_ENV"
elif [[ "${{github.ref}}" == "refs/heads/${{env.DEFAULT_BRANCH}}" ]]; then
echo "DRY_RUN=false" >> "$GITHUB_ENV"
elif [[ "${{github.ref}}" =~ ^refs/heads/v[0-9]+(\.[0-9]+)?$ ]]; then
echo "DRY_RUN=false" >> "$GITHUB_ENV"
fi
- name: semantic-release
run: |
pnpm semantic-release --dry-run ${{env.DRY_RUN}}
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} # TODO: use action token?
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
LOG_LEVEL: debug