name: Continuous Integration on: push: branches: [master] pull_request: # The branches below must be a subset of the branches above branches: [master] schedule: - cron: '0 2 * * 1' # At 02:00 on Monday permissions: {} jobs: test: name: Test timeout-minutes: 5 strategy: matrix: os: [ubuntu-latest] node-version: - 16 - 18 - 20 - 21 include: - os: macos-latest node-version: 20 # LTS - os: windows-latest node-version: 20 # LTS fail-fast: false runs-on: ${{ matrix.os }} steps: - uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 if: ${{ matrix.os == 'ubuntu-latest' }} with: disable-sudo: true egress-policy: block allowed-endpoints: > api.github.com:443 github.com:443 nodejs.org:443 registry.npmjs.org:443 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ matrix.node-version }} cache: npm - name: Bootstrap project run: npm ci --ignore-scripts --prefer-offline - uses: Yuri6037/Action-FakeTTY@1abc69c7d530815855caedcd73842bae5687c1a6 # v1.1 - name: Run tests run: faketty npm test --ignore-scripts code-lint: name: Code Lint runs-on: ubuntu-latest steps: - uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > api.github.com:443 github.com:443 nodejs.org:443 registry.npmjs.org:443 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Use Node.js 20 uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 20.20.0 cache: 'npm' - name: Bootstrap project run: | npm ci \ --ignore-scripts \ --prefer-offline - name: Verify code linting run: npm run lint --ignore-scripts commit-lint: name: Commit Lint runs-on: ubuntu-latest if: ${{ github.event.pull_request }} steps: - uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > github.com:443 registry.npmjs.org:443 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Use Node.js 20 uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 20.20.0 cache: npm - name: Bootstrap project run: | npm ci \ --ignore-scripts \ --prefer-offline - name: Verify commit linting run: | npm exec \ --no-install \ --package=@commitlint/cli \ -- \ commitlint \ --from=origin/master \ --to=HEAD \ --verbose lockfile-lint: name: Lockfile Lint runs-on: ubuntu-latest steps: - uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > github.com:443 registry.npmjs.org:443 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Use Node.js 20 uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 20.20.0 cache: npm - name: Bootstrap project run: | npm ci \ --ignore-scripts \ --prefer-offline - name: Verify commit linting run: | npm exec \ --no-install \ --package=lockfile-lint \ -- \ lockfile-lint \ --path=package-lock.json \ --allowed-hosts=npm \ --validate-https \ --validate-integrity \ --validate-package-names