resolve library updates for security issues #596
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Full publish pipeline | |
on: [push] | |
jobs: | |
unicode-atoms: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Check full unicode over atoms | |
run: | | |
npm install && npm run make && npm run jest-unicode-atom | |
unicode-strings: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Check full unicode over strings | |
run: | | |
npm install && npm run make && npm run jest-unicode-string | |
unicode-atom-labels: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Check full unicode over atom labels | |
run: | | |
npm install && npm run make && npm run jest-unicode-atom-label | |
unicode-string-labels: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Check full unicode over string labels | |
run: | | |
npm install && npm run make && npm run jest-unicode-string-label | |
unicode-actions: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Check full unicode over action statements | |
run: | | |
npm install && npm run make && npm run jest-unicode-action | |
build: | |
strategy: | |
matrix: | |
include: | |
- node-version: 22.x # fastest, so run first, to error fast | |
os: ubuntu-latest | |
- node-version: 22.x # slowest, so run next. sort by slowest from here to get earliest end through parallelism | |
os: macos-latest | |
# bug in gh action for new version: https://github.com/nodejs/node/issues/52682 | |
# - node-version: 22.x # finish check big-3 on latest current | |
# os: windows-latest | |
# testing under 20 instead until fixed | |
- node-version: 20.x # finish check big-3 on latest current | |
os: windows-latest | |
- node-version: 21.x # check newest non-lts too | |
os: ubuntu-latest | |
- node-version: 21.x # check newest non-lts too | |
os: macos-latest | |
- node-version: 21.x # check newest non-lts too | |
os: windows-latest | |
- node-version: 16.x # lastly check just ubuntu on historic node versions because speed, oldest (slowest) first | |
os: ubuntu-latest | |
- node-version: 17.x | |
os: ubuntu-latest | |
- node-version: 18.x | |
os: ubuntu-latest | |
- node-version: 19.x | |
os: ubuntu-latest | |
- node-version: 20.x | |
os: ubuntu-latest | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: npm install, build, and test | |
run: | | |
npm install && npm run ci_build | |
env: | |
CI: true | |
- name: Coveralls GitHub Action | |
uses: coverallsapp/github-action@v1.0.1 | |
with: | |
github-token: ${{ secrets.github_token }} | |
path-to-lcov: ./coverage/spec/lcov.info | |
benchmark: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Run the benchmarks | |
run: | | |
npm install && npm run benny | |
verify-version-bump: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Verify the version was bumped | |
run: | | |
npm install | |
git config --global user.email "stonecypher@users.noreply.github.com" | |
git config --global user.name "John Haugeland through Github Actions" | |
node ./src/buildjs/verify_version_bump.cjs | |
release: | |
if: (github.event.pusher.name == github.event.repository.owner.name) && (github.ref == 'refs/heads/main') | |
needs: [build, verify-version-bump, unicode-strings, unicode-atoms, unicode-actions, unicode-atom-labels, unicode-string-labels] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Export tag to envvars | |
run: | | |
export TAG=$(awk -F'"' '/"version": ".+"/{ print $4; exit; }' package.json) | |
echo "TAG=$TAG" >> $GITHUB_ENV | |
echo $TAG | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
registry-url: https://registry.npmjs.org/ | |
- name: Push tags | |
run: git push origin --tags | |
- name: Create the release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ env.TAG }} | |
release_name: ${{ env.TAG }} | |
body_path: CHANGELOG.md | |
- name: Publish to npm | |
run: | | |
npm publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.JSSM_PUBLISH_TOKEN_FOR_GH_CI_CD }} | |
# - name: Tweet notice | |
# run: | | |
# npm install && node ./src/buildjs/tweet.cjs | |
# env: | |
# JSSM_TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.JSSM_TWITTER_ACCESS_TOKEN_SECRET }} | |
# JSSM_TWITTER_API_ACCESS_TOKEN: ${{ secrets.JSSM_TWITTER_API_ACCESS_TOKEN }} | |
# JSSM_TWITTER_API_KEY: ${{ secrets.JSSM_TWITTER_API_KEY }} | |
# JSSM_TWITTER_API_SECRET: ${{ secrets.JSSM_TWITTER_API_SECRET }} | |
# TW_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} | |
bump-jssm-viz: | |
needs: [release] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Export tag to envvars | |
run: | | |
export TAG=$(awk -F'"' '/"version": ".+"/{ print $4; exit; }' package.json) | |
echo "TAG=$TAG" >> $GITHUB_ENV | |
- name: CURL RPC to jssm-viz action | |
run: | | |
curl -X POST "https://api.github.com/repos/StoneCypher/jssm-viz/dispatches" -H 'Accept: application/vnd.github.everest-preview+json' -u ${{ secrets.JSSM_UPGRADE_PERSONAL_ACCESS_TOKEN }} --data '{"event_type": "upgrade_jssm", "client_payload": { "lib_version": "${{ env.TAG }}" }}' | |
finish: | |
needs: [bump-jssm-viz] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Results page | |
run: | | |
export TAG=$(awk -F'"' '/"version": ".+"/{ print $4; exit; }' package.json) | |
echo '### Results!' >> $GITHUB_STEP_SUMMARY | |
echo "* Published $TAG to NPM" >> $GITHUB_STEP_SUMMARY | |
echo '* Bumping `jssm-viz`' >> $GITHUB_STEP_SUMMARY | |
echo ' * which will bump `jssm-viz-cli`' >> $GITHUB_STEP_SUMMARY | |
echo ' * which will bump `jssm-viz-demo`' >> $GITHUB_STEP_SUMMARY |