Skip to content

Commit

Permalink
Use matrix for npm run check:* commands in CI
Browse files Browse the repository at this point in the history 
Reduce duplication and the overall size of the CI configuration by using
the fact that all `check:*` commands are more or less identical and can
thus perfectly be used in a matricized CI job.

This also folds the lockfile and manifest checks (`package.json` and
`package-lock.json` in CI) into the main `checks.yml` workflow to
further simplify things (the previous setup was chosen to reduce wasting
CI cycles on checking these when the files didn't change, but the
simplicity of the approach here seems better to me atm).

Fingers crossed this isn't going to be a nightmare with
`step-security/harden-runner`.
  • Loading branch information
@ericcornelissen
ericcornelissen committed Nov 29, 2024
1 parent 1ba6991 commit 727551e
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 339 deletions.
280 changes: 22 additions & 258 deletions .github/workflows/checks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,24 @@ on:
permissions: read-all

jobs:
ci:
name: CI
check:
name: ${{ matrix.what }}
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
what:
- ci
- dependencies
- formatting
- js
- json
- licenses
- lockfile
- manifest
- md
- sh
- yml
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
Expand All @@ -29,9 +44,10 @@ jobs:
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
persist-credentials:
- name: Install tooling
uses: asdf-vm/actions/install@4f8f7939dd917fc656bb7c3575969a5988c28364 # v3.0.0
if: ${{ matrix.what == "ci" || matrix.what == "sh" }}
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
Expand All @@ -40,7 +56,9 @@ jobs:
- name: Install dependencies
run: npm clean-install
- name: Check
run: npm run check:ci
run: npm run "check:${WHAT}"
env:
WHAT: ${{ matrix.what }}
codeql:
name: CodeQL
runs-on: ubuntu-24.04
Expand Down Expand Up @@ -71,196 +89,6 @@ jobs:
languages: javascript
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
deps:
name: Dependencies
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check dependencies
if: ${{ failure() || success() }}
run: npm run check:dependencies
- name: Check runtime dependency versions
if: ${{ failure() || success() }}
run: node script/check-runtime-deps.js
format:
name: Formatting
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check formatting
run: npm run check:formatting
js:
name: JavaScript
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check
run: npm run check:js
json:
name: JSON
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check
run: npm run check:json
licenses:
name: Licenses
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check licenses
run: npm run check:licenses
md:
name: MarkDown
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check
run: npm run check:md
odgen:
name: ODGen
runs-on: ubuntu-24.04
Expand Down Expand Up @@ -325,39 +153,6 @@ jobs:
npm pack
- name: Verify checksum
run: shasum --check checksums.txt --strict
shell:
name: Shell scripts
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install tooling
uses: asdf-vm/actions/install@4f8f7939dd917fc656bb7c3575969a5988c28364 # v3.0.0
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check
run: npm run check:sh
test-breakage:
name: Breakage
runs-on: ubuntu-24.04
Expand Down Expand Up @@ -700,34 +495,3 @@ jobs:
run: npm clean-install
- name: Transpile to CommonJS
run: npm run transpile
yaml:
name: YAML
runs-on: ubuntu-24.04
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
artifactcache.actions.githubusercontent.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check
run: npm run check:yml
Loading

0 comments on commit 727551e

Please sign in to comment.