ci: Upgrade GitHub Actions to Node 20 #3861
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
types: [opened, synchronize] | |
push: | |
branches: | |
- develop | |
- stable | |
# - ci/* # uncomment this when workin on CI without PR | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v3 | |
with: | |
version: 8 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
cache: 'pnpm' | |
- name: Install | |
run: pnpm install --no-optional | |
- name: Run linter | |
run: pnpm lint --quiet | |
- name: Run tests and collect coverage | |
run: pnpm test:coverage | |
- name: Typecheck | |
run: pnpm typecheck | |
- name: Build | |
run: pnpm build | |
- name: Run Codechecks | |
run: pnpm codechecks | |
env: | |
CC_SECRET: ${{ secrets.CC_SECRET }} | |
if: ${{ env.CC_SECRET != '' }} | |
# Dependabot and PRs from forks should not release canaries, | |
# but secrets and env vars cannot be read in `job.if`, so we check if | |
# GH_TOKEN is present before attempting to release. | |
release_check: | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- id: can_release | |
run: echo 'CAN_RELEASE=${{ env.CAN_RELEASE }}' >> $GITHUB_OUTPUT | |
env: | |
CAN_RELEASE: ${{ secrets.AUTO_RELEASE_GH_TOKEN != '' }} | |
outputs: | |
CAN_RELEASE: ${{ steps.can_release.outputs.CAN_RELEASE }} | |
release: | |
runs-on: ubuntu-latest | |
needs: [release_check] | |
if: > | |
!contains(github.event.head_commit.message, 'ci skip') && | |
!contains(github.event.head_commit.message, 'skip ci') && ( | |
github.event_name == 'push' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
) && ( | |
needs.release_check.outputs.CAN_RELEASE == 'true' | |
) | |
env: | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 100 | |
fetch-tags: true | |
- uses: pnpm/action-setup@v3 | |
with: | |
version: 8 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
cache: 'pnpm' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Install | |
run: pnpm install --no-optional --no-frozen-lockfile | |
- name: Queue in release turnstile | |
id: turnstyle | |
continue-on-error: true | |
uses: softprops/turnstyle@v1 | |
with: | |
abort-after-seconds: 600 | |
- name: Create release | |
if: steps.turnstyle.outcome == 'success' | |
# failing to release a canary because of network problems or duplicate tag shouldn't give the same message as failing tests | |
# continue-on-error: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.AUTO_RELEASE_GH_TOKEN }} | |
BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
run: pnpm release | |
- name: Check published prerelease | |
if: github.ref == 'refs/heads/develop' | |
run: | | |
cd scripts/typecheck-built-files | |
pnpm start |