mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-18 17:05:48 +00:00
Bumps the github-actions-minor group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.17.0` | `2.19.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` | | [KSXGitHub/github-actions-deploy-aur](https://github.com/ksxgithub/github-actions-deploy-aur) | `4.1.2` | `4.1.3` | | [signpath/github-action-submit-signing-request](https://github.com/signpath/github-action-submit-signing-request) | `2.1` | `2.2` | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.93` | `1.0.101` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.2` | | [cloudflare/wrangler-action](https://github.com/cloudflare/wrangler-action) | `3.14.1` | `3.15.0` | Updates `step-security/harden-runner` from 2.17.0 to 2.19.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](f808768d15...8d3c67de8e) Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](53b83947a5...48b55a011b) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](668228422a...27d5ce7f10) Updates `KSXGitHub/github-actions-deploy-aur` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/ksxgithub/github-actions-deploy-aur/releases) - [Commits](abe8ac26b5...da03e16036) Updates `signpath/github-action-submit-signing-request` from 2.1 to 2.2 - [Release notes](https://github.com/signpath/github-action-submit-signing-request/releases) - [Commits](bc66d86b01...b9d91eadd3) Updates `anthropics/claude-code-action` from 1.0.93 to 1.0.101 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](b47fd721da...38ec876110) Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](c10b8064de...95e58e9a2c) Updates `cloudflare/wrangler-action` from 3.14.1 to 3.15.0 - [Release notes](https://github.com/cloudflare/wrangler-action/releases) - [Changelog](https://github.com/cloudflare/wrangler-action/blob/main/CHANGELOG.md) - [Commits](da0e0dfe58...9acf94ace1) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-minor - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-minor - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-minor - dependency-name: KSXGitHub/github-actions-deploy-aur dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-minor - dependency-name: signpath/github-action-submit-signing-request dependency-version: '2.2' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-minor - dependency-name: anthropics/claude-code-action dependency-version: 1.0.101 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-minor - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-minor - dependency-name: cloudflare/wrangler-action dependency-version: 3.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
177 lines
6.7 KiB
YAML
177 lines
6.7 KiB
YAML
name: CI
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
- main
|
|
paths-ignore:
|
|
- 'docs/wiki/**'
|
|
workflow_dispatch:
|
|
inputs: {}
|
|
release:
|
|
types: [published]
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
# Verify package-lock.json only uses the official npm registry.
|
|
# Prevents contributors using mirror registries from rewriting all resolved URLs.
|
|
check-lockfile-registry:
|
|
name: Check package-lock.json registry
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'pull_request'
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: Reject non-standard registry URLs
|
|
run: |
|
|
BAD_COUNT=$(grep '"resolved": "https\?://' package-lock.json | grep -cv 'registry.npmjs.org' || true)
|
|
if [ "$BAD_COUNT" -gt 0 ]; then
|
|
echo "::error::package-lock.json contains $BAD_COUNT resolved URLs pointing to a non-standard registry."
|
|
echo "Examples:"
|
|
grep '"resolved": "https\?://' package-lock.json | grep -v 'registry.npmjs.org' | head -5
|
|
echo ""
|
|
echo "Please delete node_modules and package-lock.json, then run 'npm install' with the default registry (https://registry.npmjs.org/)."
|
|
exit 1
|
|
fi
|
|
|
|
# This job will scan dependency manifest files
|
|
# surfacing known-vulnerable versions of the packages declared or updated.
|
|
# Only runs on pull_request events as the action requires base/head refs
|
|
dependency-vulnerability-review:
|
|
name: Dependency Vulnerability Review
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'pull_request'
|
|
steps:
|
|
- name: 'Checkout Repository'
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
# work around for npm installs from git+https://github.com/johannesjo/J2M.git
|
|
- name: Reconfigure git to use HTTP authentication
|
|
run: >
|
|
git config --global url."https://github.com/".insteadOf
|
|
ssh://git@github.com/
|
|
|
|
- name: 'Dependency Review'
|
|
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4
|
|
|
|
lint:
|
|
name: Lint
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
|
with:
|
|
node-version: 22
|
|
- name: Check out Git repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: Install npm Packages
|
|
run: npm i
|
|
- run: npm run lint
|
|
|
|
test-on-linux:
|
|
name: Tests
|
|
runs-on: ubuntu-latest
|
|
needs: [lint, dependency-vulnerability-review]
|
|
if: ${{ !cancelled() && !failure() }}
|
|
steps:
|
|
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
|
with:
|
|
node-version: 22
|
|
- name: Check out Git repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
# work around for npm installs from git+https://github.com/johannesjo/J2M.git
|
|
- name: Reconfigure git to use HTTP authentication
|
|
run: >
|
|
git config --global url."https://github.com/".insteadOf
|
|
ssh://git@github.com/
|
|
- name: Get npm cache directory
|
|
id: npm-cache-dir
|
|
run: |
|
|
echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
|
|
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
|
|
id: npm-cache # use this to check for `cache-hit` ==> if: steps.npm-cache.outputs.cache-hit != 'true'
|
|
with:
|
|
path: ${{ steps.npm-cache-dir.outputs.dir }}
|
|
key: ${{ runner.os }}-node22-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-node22-
|
|
- name: Install npm Packages
|
|
run: npm i
|
|
- name: Install Playwright Browsers
|
|
run: |
|
|
npx playwright install --with-deps chromium
|
|
npx playwright install-deps chromium
|
|
- run: npm run env # Generate env.generated.ts from environment variables
|
|
- run: npm run int:test # Validate i18n JSON files
|
|
- run: npm run test
|
|
- name: Build Frontend for E2E
|
|
run: npm run buildFrontend:e2e
|
|
- name: Verify Build Output
|
|
run: |
|
|
test -f .tmp/angular-dist/browser/index.html || (echo "Build output missing" && exit 1)
|
|
test -f .tmp/angular-dist/browser/assets/bundled-plugins/api-test-plugin/manifest.json || (echo "Plugin assets missing from build" && exit 1)
|
|
- name: Test E2E
|
|
run: npm run e2e:ci
|
|
- name: 'Upload E2E results on failure'
|
|
if: ${{ failure() }}
|
|
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
|
|
with:
|
|
name: e2eResults
|
|
path: .tmp/e2e-test-results/**/*.*
|
|
retention-days: 14
|
|
|
|
# Lighthouse is designed to audit the performance, accessibility, SEO, and other metrics of a web application.
|
|
lighthouse:
|
|
name: Lighthouse
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
UNSPLASH_KEY: ${{ secrets.UNSPLASH_KEY }}
|
|
UNSPLASH_CLIENT_ID: ${{ secrets.UNSPLASH_CLIENT_ID }}
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
|
|
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
|
with:
|
|
node-version: 22
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm i
|
|
|
|
- run: npm run env # Generate env.generated.ts
|
|
|
|
- name: Build production web app
|
|
run: npm run buildFrontend:prodWeb
|
|
|
|
- name: Add swap space for Lighthouse
|
|
run: |
|
|
# Ensure Lighthouse/Chrome have enough memory on GitHub-hosted runners
|
|
# Remove existing swapfile if present
|
|
sudo swapoff /swapfile 2>/dev/null || true
|
|
sudo rm -f /swapfile
|
|
sudo fallocate -l 4G /swapfile
|
|
sudo chmod 600 /swapfile
|
|
sudo mkswap /swapfile
|
|
sudo swapon /swapfile
|
|
|
|
- name: Strip service worker artifacts for Lighthouse
|
|
run: rm -f dist/browser/ngsw.json dist/browser/ngsw-worker.js dist/browser/safety-worker.js dist/browser/worker-basic.min.js
|
|
|
|
- name: Run Lighthouse CI
|
|
uses: treosh/lighthouse-ci-action@3e7e23fb74242897f95c0ba9cabad3d0227b9b18 # v12
|
|
with:
|
|
# Configure Lighthouse CI
|
|
configPath: './tools/lighthouse/.lighthouserc.json'
|
|
# Upload results to temporary storage
|
|
uploadArtifacts: true
|
|
temporaryPublicStorage: true
|
|
# Run once to avoid long Chrome sessions on CI
|
|
runs: 1
|
|
# Configure budgets
|
|
budgetPath: './tools/lighthouse/budget.json'
|