build(deps-dev): bump typescript from 5.5.4 to 5.7.2 #7305
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Workflow | |
on: | |
push: | |
# trigger on all branches except for dependabot-triggered push events | |
branches-ignore: [dependabot/**] | |
tags: | |
- 'v*' # trigger on all tags | |
paths-ignore: | |
- '**.md' # ignore changes in markdown files | |
pull_request: | |
branches: [develop] | |
types: [opened, synchronize, reopened] | |
permissions: | |
contents: read | |
# globals | |
env: | |
# general settings | |
MAIN_REPO_OWNER: webern-unibas-ch # Main repo owner (default: webern-unibas-ch; should not be changed) | |
# dev settings | |
DEV_GH_PAGES_BRANCH: gh-pages | |
DEV_GH_PAGES_DIR: gh-pages-dir | |
DIST_DIR: dist | |
jobs: | |
test: | |
name: Run tests (Node v${{ matrix.node-version }}, ${{ matrix.os }}) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
node-version: [20.13, 22.11, 23.x] | |
outputs: | |
sha: ${{ steps.get-sha.outputs.SHA }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Checkout repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 # Get all history and branches | |
- name: Get git sha | |
id: get-sha | |
run: echo "SHA=$(git describe)" >> $GITHUB_OUTPUT | |
- name: Verify git sha | |
run: | | |
echo "SHA: ${{ steps.get-sha.outputs.SHA }}" | |
- name: Set up node ${{ matrix.node-version}} | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Set up corepack (for getting yarn) | |
run: corepack enable | |
- name: Get yarn cache ${{ matrix.node-version}} | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
cache: 'yarn' | |
- name: yarn install dependencies | |
run: | | |
yarn install --immutable | |
- name: Run CI tests with coverage | |
run: | | |
yarn run test:ci | |
- name: Upload code coverage | |
if: matrix.node-version == 22.11 # upload coverage report for current node version only | |
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
with: | |
flags: unittests | |
env_vars: ${{ matrix.os }},${{ matrix.node-version }} | |
- name: Perform SonarQube scan | |
if: matrix.node-version == 22.11 && github.event_name != 'pull_request' && github.repository_owner == env.MAIN_REPO_OWNER # perform SonarQube scan only for current node version and not with pull requests or forks(token issue) | |
uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
- name: Test build for GH Pages (all but develop) | |
if: github.ref != 'refs/heads/develop' | |
run: | | |
yarn run build:gh | |
- name: Test build for GH Pages (develop) | |
if: github.ref == 'refs/heads/develop' | |
run: | | |
echo "Updating dev-version" | |
yarn run pre-release --release-as ${{ steps.get-sha.outputs.SHA }} --skip.changelog --skip.commit --skip.tag | |
echo "Building dev-version" | |
yarn run build:dev | |
- name: Upload build artifacts (main && develop) | |
# upload build artifacts for current node version and main or develop branch only | |
if: matrix.node-version == 22.11 && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
with: | |
name: dist | |
path: ${{ github.workspace }}/${{ env.DIST_DIR }} | |
retention-days: 1 | |
deploy_dev: | |
# run only on develop | |
if: github.ref == 'refs/heads/develop' | |
name: Deploy app from develop (Node v${{ matrix.node-version }}, ${{ matrix.os }}) | |
runs-on: ${{ matrix.os }} | |
needs: test | |
permissions: | |
contents: write | |
env: | |
SHA: ${{ needs.test.outputs.sha }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
node-version: [22.11] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Checkout repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
# ref (branch, tag or SHA) to check out | |
ref: ${{ env.DEV_GH_PAGES_BRANCH }} | |
# relative path under $GITHUB_WORKSPACE to place the repository | |
path: ${{ env.DEV_GH_PAGES_DIR }} | |
- name: Download build artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/[email protected] | |
with: | |
name: dist | |
path: ${{ github.workspace }}/${{ env.DIST_DIR }} | |
- name: Configure git | |
working-directory: ${{ env.DEV_GH_PAGES_DIR }} | |
run: | | |
echo "Configuring git" | |
git config user.name "github-actions" | |
git config user.email "[email protected]" | |
- name: Remove existing files from dev | |
working-directory: ${{ env.DEV_GH_PAGES_DIR }} | |
run: | | |
echo "Removing existing files from dev" | |
git rm -r dev/* || true | |
- name: Copy artifacts to gh-pages | |
run: | | |
cp -r ${{ env.DIST_DIR }}/awg-app/. ${{ env.DEV_GH_PAGES_DIR }}/dev/ | |
- name: Commit files | |
working-directory: ${{ env.DEV_GH_PAGES_DIR }} | |
run: | | |
echo "Running git commit" | |
git add . | |
git commit -m "Staging dev (${{ env.SHA }}) on gh-pages" | |
- name: Push changes to gh-pages (dry-run mode) | |
working-directory: ${{ env.DEV_GH_PAGES_DIR }} | |
run: git push -v --dry-run origin HEAD:$DEV_GH_PAGES_BRANCH | |
- name: Push changes to gh-pages | |
working-directory: ${{ env.DEV_GH_PAGES_DIR }} | |
run: git push -v origin HEAD:$DEV_GH_PAGES_BRANCH | |
- name: Congratulations | |
if: ${{ success() }} | |
run: echo "🎉 New develop build deployed 🎊" | |
deploy: | |
# run only on main | |
if: github.ref == 'refs/heads/main' | |
name: Deploy app from main (Node v${{ matrix.node-version }}, ${{ matrix.os }}) | |
runs-on: ${{ matrix.os }} | |
needs: test | |
permissions: | |
contents: write | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
node-version: [22.11] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Checkout repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up node ${{ matrix.node-version}} | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'yarn' | |
- name: yarn install dependencies | |
run: | | |
yarn install | |
- name: Build app for GH Pages | |
run: | | |
yarn run build:gh | |
- name: Deploy to GH Pages | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
yarn run deploy:ci | |
release: | |
# run only on tags | |
if: startsWith(github.ref, 'refs/tags/') | |
name: Create Release from tag | |
runs-on: ${{ matrix.os }} | |
needs: test | |
permissions: | |
contents: write | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
node-version: [22.11] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Get tag version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/} | |
- name: Create Release | |
id: create_release | |
if: ${{ success() && startsWith(github.ref, 'refs/tags/') }} | |
uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAG_VERSION: ${{ steps.get_version.outputs.VERSION }} | |
with: | |
name: Release ${{ env.TAG_VERSION }} | |
body: "A web application for the online edition of the [Anton Webern Gesamtausgabe](https://www.anton-webern.ch), located at the Department of Musicology of the University of Basel. It is written in [Angular](https://angular.io/) and runs on [edition.anton-webern.ch](https://edition.anton-webern.ch).\n\n Changes since last release: https://github.com/${{ github.repository }}/blob/${{ env.TAG_VERSION }}/CHANGELOG.md" | |
draft: false | |
prerelease: false |