feat: created a shared renovate config #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://help.github.com/en/categories/automating-your-workflow-with-github-actions | |
| name: "Semantic Release" | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| branches: | |
| - "([0-9])?(.{+([0-9]),x}).x" | |
| - "main" | |
| - "next" | |
| - "next-major" | |
| - "alpha" | |
| - "beta" | |
| permissions: | |
| contents: "read" # for checkout | |
| jobs: | |
| semantic-release: | |
| name: "Semantic Release" | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| contents: "write" # to be able to publish a GitHub release | |
| issues: "write" # to be able to comment on released issues | |
| pull-requests: "write" # to be able to comment on released pull requests | |
| id-token: "write" # to enable use of OIDC for npm provenance | |
| steps: | |
| - name: "Harden Runner" | |
| uses: "step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423" # v2.6.0 | |
| with: | |
| egress-policy: "audit" | |
| - name: "Wait for tests to succeed" | |
| uses: "lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812" # v1.3.1 | |
| timeout-minutes: 20 | |
| with: | |
| ref: "${{ github.event.pull_request.head.sha || github.sha }}" | |
| repo-token: "${{ secrets.GITHUB_TOKEN }}" | |
| wait-interval: 60 # seconds | |
| running-workflow-name: "Semantic Release" # wait for all other checks to complete | |
| allowed-conclusions: "success,skipped" # all other checks must pass, being skipped or cancelled is not sufficient | |
| - name: "Git checkout" | |
| uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| env: | |
| GIT_COMMITTER_NAME: "GitHub Actions Shell" | |
| GIT_AUTHOR_NAME: "GitHub Actions Shell" | |
| EMAIL: "github-actions[bot]@users.noreply.github.com" | |
| - uses: "pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598" # v2.4.0 | |
| with: | |
| version: 8 | |
| run_install: false | |
| - name: "Use Node.js 20.x" | |
| uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 | |
| with: | |
| node-version: "20.6.1" | |
| cache: "pnpm" | |
| # @see: npm install -g npm@latest is necessary to make provenance available. More info: https://docs.npmjs.com/generating-provenance-statements | |
| - name: "Upgrade npm to latest version" | |
| run: "npm install --global [email protected]" | |
| env: | |
| SKIP_CHECK: "true" | |
| - name: "Check npm version" | |
| run: "npm -v" | |
| env: | |
| SKIP_CHECK: "true" | |
| - name: "Install packages" | |
| run: "pnpm install --frozen-lockfile" | |
| env: | |
| SKIP_BUILD: "true" | |
| - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies" | |
| run: "npm audit signatures" | |
| - name: "npm v8.5+ requires workspaces-update to be set to false" | |
| run: "echo 'workspaces-update=false' >> .npmrc" | |
| - name: "Semantic Release" | |
| if: "success()" | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }}" | |
| NPM_TOKEN: "${{ secrets.NPM_AUTH_TOKEN }}" | |
| GIT_AUTHOR_NAME: "github-actions-shell" | |
| GIT_AUTHOR_EMAIL: "github-actions[bot]@users.noreply.github.com" | |
| GIT_COMMITTER_NAME: "github-actions-shell" | |
| GIT_COMMITTER_EMAIL: "github-actions[bot]@users.noreply.github.com" | |
| run: "pnpm exec semantic-release" |