name: Continuous Integration on: push: branches: [master] pull_request: # The branches below must be a subset of the branches above branches: [master] schedule: - cron: '0 2 * * 1' # At 02:00 on Monday permissions: {} jobs: test: name: Test timeout-minutes: 5 strategy: matrix: os: [ubuntu-latest] node-version: - 16 - 18 - 20 - 21 include: - os: macos-latest node-version: 20 # LTS - os: windows-latest node-version: 20 # LTS fail-fast: false runs-on: ${{ matrix.os }} steps: - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 if: ${{ matrix.os == 'ubuntu-latest' }} with: disable-sudo: true egress-policy: block allowed-endpoints: > api.github.com:443 github.com:443 nodejs.org:443 registry.npmjs.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 with: node-version: ${{ matrix.node-version }} cache: npm - name: Bootstrap project run: npm ci --ignore-scripts --prefer-offline - uses: Yuri6037/Action-FakeTTY@1abc69c7d530815855caedcd73842bae5687c1a6 # v1.1 - name: Run tests run: faketty npm test --ignore-scripts code-lint: name: Code Lint runs-on: ubuntu-latest steps: - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > api.github.com:443 github.com:443 nodejs.org:443 registry.npmjs.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: Use Node.js 20 uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 with: node-version: 20 cache: 'npm' - name: Bootstrap project run: | npm ci \ --ignore-scripts \ --prefer-offline - name: Verify code linting run: npm run lint --ignore-scripts commit-lint: name: Commit Lint runs-on: ubuntu-latest if: ${{ github.event.pull_request }} steps: - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > github.com:443 registry.npmjs.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 persist-credentials: false - name: Use Node.js 20 uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 with: node-version: 20 cache: npm - name: Bootstrap project run: | npm ci \ --ignore-scripts \ --prefer-offline - name: Verify commit linting run: | npm exec \ --no-install \ --package=@commitlint/cli \ -- \ commitlint \ --from=origin/master \ --to=HEAD \ --verbose lockfile-lint: name: Lockfile Lint runs-on: ubuntu-latest steps: - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > github.com:443 registry.npmjs.org:443 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: Use Node.js 20 uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 with: node-version: 20 cache: npm - name: Bootstrap project run: | npm ci \ --ignore-scripts \ --prefer-offline - name: Verify commit linting run: | npm exec \ --no-install \ --package=lockfile-lint \ -- \ lockfile-lint \ --path=package-lock.json \ --allowed-hosts=npm \ --validate-https \ --validate-integrity \ --validate-package-names