fix(deps): bump the production-dependencies group with 2 updates #198
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: verify | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| verify: | |
| name: Lint & Test Node.js ${{ matrix.node-version }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [ '18.x', '20.x', '21.x', '22.x' ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: versions | |
| run: | | |
| node --version | |
| npm --version | |
| - run: npm ci | |
| - name: lint | |
| run: | | |
| npm run lint | |
| - name: test | |
| run: | | |
| npm test | |
| verify-minimum-version-check: | |
| name: Verify Minimum Version Check (Node.js ${{ matrix.node-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [ '16.x' ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: versions | |
| run: | | |
| node --version | |
| npm --version | |
| - run: npm ci | |
| - name: integration test | |
| run: | | |
| npm run test:integration | |
| publish-release: | |
| name: Publish Release | |
| runs-on: ubuntu-latest | |
| # only release from the main branch | |
| # actually, semantic-release does this check on its own anyway, but by adding a github ref check the job does not | |
| # even get triggered, saving some GH action minutes. | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| contents: write # for publishing GitHub releases | |
| issues: write # to be able to comment on released issues | |
| pull-requests: write # to be able to comment on released pull requests | |
| id-token: write # to enable use of OIDC for npm provenance | |
| needs: | |
| - verify | |
| - verify-minimum-version-check | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "lts/*" | |
| cache: 'npm' | |
| - run: npm ci | |
| - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies | |
| run: npm audit signatures | |
| - name: Release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: npx semantic-release | |