name: CI - Advanced on: push: branches: [main, develop] pull_request: branches: [main, develop]
workflow_dispatch: schedule: # Weekly full cross-platform regression testing (Mondays 8 AM UTC) -
cron: '0 8 * * 1' permissions: contents: read jobs: # Check what changes triggered this workflow
check-changes: name: Check Changes runs-on: ubuntu-latest outputs: needs-cross-platform: $\{{
steps.filter.outputs.cli == 'true' || steps.filter.outputs.workflows == 'true' ||
steps.filter.outputs.deps == 'true' || github.event_name == 'schedule' || github.event_name ==
'workflow_dispatch' }} is-scheduled: $\{{ github.event_name == 'schedule' }} steps: - uses:
actions/checkout@v4 - uses: dorny/paths-filter@v3 id: filter with: filters: | cli: - 'src/**'
{{#if IS_MONOREPO}}- 'packages/*/src/**'{{/if}}
workflows: - '.github/workflows/**' deps: - '{{#if
  (eq PACKAGE_MANAGER 'pnpm')
}}pnpm-lock.yaml{{else}}package-lock.json{{/if}}'
{{#if IS_MONOREPO}}- 'turbo.json'{{/if}}

# Cross-platform CI (only when needed) ci-cross-platform: name: Cross-Platform CI needs:
check-changes if: needs.check-changes.outputs.needs-cross-platform == 'true' strategy: fail-fast:
false matrix: os: [ubuntu-latest, windows-latest, macos-latest] node-version: [20] runs-on: $\{{
matrix.os }} steps: - name: Checkout uses: actions/checkout@v4 - name: Setup pnpm uses:
pnpm/action-setup@v4 with: version: latest - name: Setup Node.js uses: actions/setup-node@v4 with:
node-version: $\{{ matrix.node-version }} cache: '{{PACKAGE_MANAGER}}' - name: Install dependencies
run:
{{PACKAGE_MANAGER}}
install --frozen-lockfile - name: Cache build artifacts uses: actions/cache@v4 with: path: |
{{#if IS_MONOREPO}}.turbo{{else}}node_modules/.cache{{/if}}
coverage/ dist/ key: $\{{ runner.os }}-$\{{ matrix.node-version }}-$\{{ hashFiles('{{#if
  (eq PACKAGE_MANAGER 'pnpm')
}}pnpm-lock.yaml{{else}}package-lock.json{{/if}}') }} continue-on-error: true - name: Run linting
run:
{{PACKAGE_MANAGER}}
lint - name: Run type checking run:
{{PACKAGE_MANAGER}}
types - name: Run tests run:
{{PACKAGE_MANAGER}}
test{{#if IS_MONOREPO}} --concurrency=$\{{ matrix.os == 'macos-latest' && '25%' || '50%' }}{{/if}}
--reporter=verbose

{{#if IS_MONOREPO}}- name: Build packages run: {{PACKAGE_MANAGER}} build{{/if}}

- name: Upload coverage (Ubuntu only) if: matrix.os == 'ubuntu-latest' uses:
codecov/codecov-action@v4 with: files: ./coverage/lcov.info continue-on-error: true # Ubuntu-only CI
(for non-critical changes) ci-ubuntu: name: Ubuntu CI needs: check-changes if:
needs.check-changes.outputs.needs-cross-platform == 'false' runs-on: ubuntu-latest strategy:
fail-fast: false matrix: task: - name: lint command:
{{PACKAGE_MANAGER}}
lint - name: format command:
{{PACKAGE_MANAGER}}
format:check - name: types command:
{{PACKAGE_MANAGER}}
types - name: test command:
{{PACKAGE_MANAGER}}
test{{#if IS_MONOREPO}} --max-workers=4{{/if}}
- name: security command:
{{PACKAGE_MANAGER}}
audit
{{#if IS_MONOREPO}}- name: build command: {{PACKAGE_MANAGER}} build{{/if}}
steps: - name: Checkout uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4
with: version: latest - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20
cache: '{{PACKAGE_MANAGER}}' - name: Install dependencies run:
{{PACKAGE_MANAGER}}
install --frozen-lockfile - name: Cache $\{{ matrix.task.name }} uses: actions/cache@v4 with: path:
|
{{#if IS_MONOREPO}}.turbo{{else}}node_modules/.cache{{/if}}
coverage/ dist/ key: $\{{ runner.os }}-$\{{ matrix.task.name }}-$\{{ hashFiles('{{#if
  (eq PACKAGE_MANAGER 'pnpm')
}}pnpm-lock.yaml{{else}}package-lock.json{{/if}}') }} continue-on-error: true - name: Run $\{{
matrix.task.name }} run: $\{{ matrix.task.command }} continue-on-error: $\{{ matrix.task.name ==
'security' }} - name: Upload coverage if: matrix.task.name == 'test' uses: codecov/codecov-action@v4
with: files: ./coverage/lcov.info continue-on-error: true # Dependency review (PRs only)
dependency-review: name: Dependency Review if: github.event_name == 'pull_request' runs-on:
ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Dependency Review uses:
actions/dependency-review-action@v4 continue-on-error: true