1+ # Note: The cache steps on this workflow has been removed Supply Chain attack through GitHub Action Pwn Request.
2+ # Here's more info on how that works: https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/
13name : v4.x releases
24
35on :
1214 - ' v4.[0-9]+.[0-9]+-beta.[0-9]+'
1315
1416jobs :
15- install :
16- name : Install
17+ debug :
18+ name : Debug
19+ runs-on : ubuntu-latest
20+ steps :
21+ - uses : hmarr/debug-action@v3
22+
23+ test-node :
24+ name : Node Test Specs
1725 runs-on : ubuntu-latest
26+ strategy :
27+ fail-fast : false
28+ matrix :
29+ node-version : [14.x, 16.x, 18.x, 20.x, 22.x]
30+ # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
1831 steps :
1932 - uses : actions/checkout@v4
20- - name : Cache node_modules
21- id : cacheModules
22- uses : actions/cache@v4
33+ - name : Use Node.js ${{ matrix.node-version }}
34+ uses : actions/setup-node@v4
2335 with :
24- path : ~/.npm # cache where "npm install" uses before going out to the network
25- key : ${{ runner.os }}-node-${{ hashFiles('**/package.json') }}
26- - name : Install dependencies
27- if : steps.cacheModules.outputs.cache-hit != 'true'
28- run : npm install
36+ node-version : ${{ matrix.node-version }}
37+ - run : npm install --prefer-offline
38+ - run : make test-node
2939
30- debug :
31- name : Debug
40+ test-browser :
41+ name : Browser Test Specs
3242 runs-on : ubuntu-latest
3343 steps :
34- - uses : hmarr/debug-action@v3
44+ - uses : actions/checkout@v4
45+ - run : npm install --prefer-offline
46+ - run : make test-browser
3547
36- checks :
37- name : Check
38- needs : [install]
39- uses : ./.github/workflows/checks.yml
40- with :
41- ref : ${{ github.sha }}
48+ lint :
49+ name : Code Lint
50+ runs-on : ubuntu-latest
51+ steps :
52+ - uses : actions/checkout@v4
53+ - run : npm install --prefer-offline
54+ - run : make lint
55+
56+ typecheck :
57+ name : Types
58+ runs-on : ubuntu-latest
59+ steps :
60+ - uses : actions/checkout@v4
61+ - run : npm install --prefer-offline
62+ - run : make typecheck
4263
4364 # The security job can't run on pull requests opened from forks because
4465 # Github doesn't pass down the SNYK_TOKEN environment variable.
4566 security :
4667 name : Check Security
47- needs : [install]
4868 runs-on : ubuntu-latest
4969 steps :
5070 - uses : actions/checkout@v4
51- - uses : actions/cache@v4
52- with :
53- path : ~/.npm # cache where "npm install" uses before going out to the network
54- key : ${{ runner.os }}-node-${{ hashFiles('**/package.json') }}
5571 - run : npm install --prefer-offline
5672 - run : make secure
5773 env :
@@ -60,18 +76,14 @@ jobs:
6076 publish :
6177 name : Publish to NPM registry
6278 runs-on : ubuntu-latest
63- needs : [checks , security]
79+ needs : [test-node, test-browser, lint, typecheck , security]
6480 steps :
6581 - uses : actions/checkout@v4
6682 - uses : actions/setup-node@v4
6783 with :
6884 node-version-file : ' .nvmrc'
6985 # Setup .npmrc file to publish to npm
7086 registry-url : ' https://registry.npmjs.org'
71- - uses : actions/cache@v4
72- with :
73- path : ~/.npm # this is cache where npm installs from before going out to the network
74- key : ${{ runner.os }}-node-${{ hashFiles('**/package.json') }}
7587 - run : npm install --prefer-offline
7688 - run : make publish
7789 env :
0 commit comments