Skip to content

New patch release (#1300) #2341

New patch release (#1300)

New patch release (#1300) #2341

Workflow file for this run

name: Check
on:
pull_request: ~
push:
branches:
- main
- main-v1
permissions: read-all
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-22.04
permissions:
security-events: write # To upload CodeQL results
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
ghcr.io:443
github.com:443
objects.githubusercontent.com:443
pkg-containers.githubusercontent.com:443
uploads.github.com:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Initialize CodeQL
uses: github/codeql-action/init@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6
with:
config-file: ./.github/codeql.yml
languages: javascript
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6
format:
name: Formatting
runs-on: ubuntu-22.04
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check formatting
run: npm run format:check
licenses:
name: Licenses
runs-on: ubuntu-22.04
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check licenses
run: npm run license-check
lint:
name: Lint
runs-on: ubuntu-22.04
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install tooling
uses: asdf-vm/actions/install@4f8f7939dd917fc656bb7c3575969a5988c28364 # v3.0.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Lint CI
if: ${{ failure() || success() }}
run: npm run lint:ci
- name: Lint JavaScript
if: ${{ failure() || success() }}
run: npm run lint:js
- name: Lint JSON
if: ${{ failure() || success() }}
run: npm run lint:json
- name: Lint MarkDown
if: ${{ failure() || success() }}
run: npm run lint:md
- name: Lint shell scripts
if: ${{ failure() || success() }}
run: npm run lint:sh
- name: Lint YAML
if: ${{ failure() || success() }}
run: npm run lint:yml
njsscan:
name: njsscan
runs-on: ubuntu-22.04
permissions:
security-events: write # To upload SARIF results
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
ghcr.io:443
github.com:443
objects.githubusercontent.com:443
pkg-containers.githubusercontent.com:443
uploads.github.com:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Perform njsscan analysis
id: njsscan
uses: ajinabraham/njsscan-action@d58d8b2f26322cd35a9efb8003baac517f226d81 # v7
with:
args: . --sarif --output njsscan-results.sarif || true
- name: Upload njsscan report to GitHub
uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6
if: ${{ failure() || success() }}
with:
sarif_file: njsscan-results.sarif
reproducible:
name: Reproducible build
runs-on: ubuntu-22.04
needs:
- transpile
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Transpile to CommonJS
run: npm run transpile
- name: Compute checksum
run: shasum index.cjs testing.cjs | tee checksums.txt
- name: Reset to a clean state
run: npm run clean
- name: Transpile to CommonJS again
run: npm run transpile
- name: Verify checksum
run: shasum --check checksums.txt --strict
test-breakage:
name: Breakage
runs-on: ubuntu-22.04
needs:
- test-integration
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Run breakage tests
run: npm run coverage:breakage
test-compatibility:
name: Compatibility
runs-on: ubuntu-22.04
needs:
- test-integration
- transpile
strategy:
fail-fast: false
matrix:
node-version:
- 14.18.0
- 16.13.0
- 18.0.0
- 19.0.0
- 20.0.0
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version: ${{ matrix.node-version }}
- name: Install compatible npm version
run: npm install --global [email protected]
- name: Install dependencies
run: npm clean-install --ignore-scripts
- name: Download index.cjs
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: index-common-js
- name: Run compatibility tests
run: npm run coverage:compat --ignore-scripts
test-e2e:
name: End-to-end (${{ matrix.name }})
runs-on: ${{ matrix.os }}
needs:
- test-integration
strategy:
fail-fast: false
matrix:
include:
- name: MacOS
os: macos-12
- name: Ubuntu
os: ubuntu-22.04
- name: Windows
os: windows-2022
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: false
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
azure.archive.ubuntu.com:80
codecov.io:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Install csh
if: ${{ matrix.name == 'Ubuntu' }}
run: sudo apt-get --assume-yes install csh
- name: Install Zsh
if: ${{ matrix.name == 'Ubuntu' }}
run: sudo apt-get --assume-yes install zsh
- name: Run end-to-end tests
run: npm run coverage:e2e
- name: Upload coverage to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
if: ${{ always() }}
with:
file: ./_reports/coverage/e2e/lcov.info
flags: e2e-${{ matrix.name }}
test-integration:
name: Integration (${{ matrix.name }})
runs-on: ${{ matrix.os }}
needs:
- test-unit
- transpile
strategy:
fail-fast: false
matrix:
include:
- name: MacOS
os: macos-12
- name: Ubuntu
os: ubuntu-22.04
- name: Windows
os: windows-2022
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: false
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
azure.archive.ubuntu.com:80
codecov.io:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Install Zsh
if: ${{ matrix.name == 'Ubuntu' }}
run: sudo apt-get --assume-yes install zsh
- name: Install csh
if: ${{ matrix.name == 'Ubuntu' }}
run: sudo apt-get --assume-yes install csh
- name: Run integration tests
run: npm run coverage:integration
- name: Upload coverage to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
if: ${{ always() }}
with:
file: ./_reports/coverage/integration/lcov.info
flags: integration-${{ matrix.name }}
test-mutation-unit:
name: Mutation (Unit)
runs-on: ubuntu-22.04
needs:
- test-unit
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Cache Stryker incremental report
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: .cache/stryker-incremental-unit.json
key: mutation-unit-${{ github.run_number }}
restore-keys: |
mutation-unit-
- name: Install dependencies
run: npm clean-install
- name: Run mutation tests
run: npm run mutation:unit
- name: Upload mutation report
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
if: ${{ failure() || success() }}
with:
name: mutation-unit-report
path: |
_reports/mutation/unit.html
.cache/stryker-incremental-unit.json
test-mutation-integration:
name: Mutation (integration)
runs-on: ubuntu-22.04
needs:
- test-integration
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: false
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
azure.archive.ubuntu.com:80
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Cache Stryker incremental report
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: .cache/stryker-incremental-integration.json
key: mutation-integration-${{ github.run_number }}
restore-keys: |
mutation-integration-
- name: Install dependencies
run: npm clean-install
- name: Install Zsh
run: sudo apt-get --assume-yes install zsh
- name: Install csh
run: sudo apt-get --assume-yes install csh
- name: Run mutation tests
run: npm run mutation:integration
- name: Upload mutation report
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
if: ${{ failure() || success() }}
with:
name: mutation-integration-report
path: |
_reports/mutation/integration.html
.cache/stryker-incremental-integration.json
test-unit:
name: Unit
runs-on: ubuntu-22.04
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
codecov.io:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Run unit tests
run: npm run coverage:unit
- name: Upload coverage to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
if: ${{ always() }}
with:
file: ./_reports/coverage/unit/lcov.info
flags: unit
transpile:
name: Transpile
runs-on: ubuntu-22.04
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Transpile to CommonJS
run: npm run transpile
- name: Upload transpiled file for re-use
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: index-common-js
path: index.cjs
retention-days: 1
trivy:
name: Trivy
runs-on: ubuntu-22.04
permissions:
security-events: write # To upload SARIF results
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
ghcr.io:443
github.com:443
objects.githubusercontent.com:443
pkg-containers.githubusercontent.com:443
uploads.github.com:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Perform Trivy analysis
uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # 0.14.0
with:
exit-code: 1
format: sarif
output: trivy-results.sarif
scanners: vuln,secret
scan-type: fs
scan-ref: .
template: "@/contrib/sarif.tpl"
- name: Upload Trivy report to GitHub
uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6
if: ${{ failure() || success() }}
with:
sarif_file: trivy-results.sarif
vet:
name: Vet
runs-on: ubuntu-22.04
steps:
- name: Harden runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Vet dependencies
if: ${{ failure() || success() }}
run: npm run vet:deps
- name: Check runtime dependency versions
if: ${{ failure() || success() }}
run: node script/check-runtime-deps.js