⬆️ Update github/codeql-action action to v3.27.3 #11374
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Status | |
on: | |
push: | |
branches: | |
- main | |
- 'next-*_*_*' | |
- 'fix-v*' | |
pull_request: | |
branches: | |
- main | |
- 'next-*_*_*' | |
- 'fix-v*' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
# Root jobs | |
warmup_yarn_cache: | |
name: 'Warm up Yarn cache' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
id: yarn-cache | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Update Yarn cache | |
if: steps.yarn-cache.outputs.cache-hit != 'true' | |
env: | |
YARN_ENABLE_HARDENED_MODE: 1 # enforcing it even if it's the default today on GH CI | |
run: yarn install --immutable --mode=skip-build --check-cache | |
warmup_yarn_cache_others: | |
name: 'Warm up Yarn cache (others)' | |
runs-on: ${{matrix.os}} | |
strategy: | |
matrix: | |
os: ['macos-latest', 'windows-latest'] | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
id: yarn-cache | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Update Yarn cache | |
if: steps.yarn-cache.outputs.cache-hit != 'true' | |
env: | |
YARN_ENABLE_HARDENED_MODE: 1 # enforcing it even if it's the default today on GH CI | |
run: yarn install --immutable --mode=skip-build --check-cache | |
# Jobs without any strong requirement on warmup_yarn_cache | |
# except that they have to wait for it to avoid setting an empty cache that would replace the one pushed by warmup_yarn_cache | |
no_dedupe_required: | |
name: 'No dedupe required' | |
needs: warmup_yarn_cache | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Ensure no dedupe required | |
run: yarn dedupe --check | |
package_quality: | |
name: 'Package quality' | |
needs: warmup_yarn_cache | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Check package score using skypack | |
run: cd packages/fast-check && yarn dlx @skypack/package-check | |
# Jobs requesting warmup_yarn_cache | |
format_lint: | |
name: 'Format & Lint' | |
needs: warmup_yarn_cache | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
run: yarn workspace @fast-check/monorepo install --immutable | |
- name: Check format | |
run: yarn format:check | |
- name: Check lint | |
run: yarn lint:check | |
production_packages: | |
name: 'Build production packages' | |
needs: warmup_yarn_cache | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
run: yarn install --immutable --immutable-cache --mode=skip-build | |
- name: Build production packages | |
run: yarn build-ci:all | |
- name: Create bundles | |
run: yarn pack:all | |
- name: Upload production packages | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: bundles | |
path: packages/**/package.tgz | |
if-no-files-found: error | |
retention-days: 1 | |
# Jobs requesting warmup_yarn_cache AND production_packages | |
typecheck: | |
name: 'Typecheck' | |
needs: | |
- warmup_yarn_cache | |
- production_packages | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
run: yarn install --immutable --immutable-cache --mode=skip-build | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Unpack production packages | |
run: yarn unpack:all | |
- name: Typecheck | |
run: yarn workspaces foreach --all -pvi run typecheck | |
preview: | |
name: 'Preview' | |
needs: | |
- warmup_yarn_cache | |
- production_packages | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
run: yarn install --immutable --immutable-cache --mode=skip-build | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Unpack production packages | |
run: yarn unpack:all | |
- name: Preview | |
run: yarn dlx pkg-pr-new publish --compact './packages/*' --template './examples' | |
test: | |
name: 'Test' | |
needs: | |
- warmup_yarn_cache | |
- warmup_yarn_cache_others | |
- production_packages | |
runs-on: ${{matrix.os}} | |
strategy: | |
matrix: | |
package-name: | |
- 'fast-check' | |
- '@fast-check/ava' | |
- '@fast-check/jest' | |
- '@fast-check/packaged' | |
- '@fast-check/poisoning' | |
- '@fast-check/vitest' | |
- '@fast-check/worker' | |
script-name: ['test'] | |
node-version: [18.x, 20.x, 22.x, latest] | |
os: ['ubuntu-latest'] | |
include: | |
# More platforms and scripts... | |
- package-name: 'fast-check' | |
script-name: 'e2e' | |
node-version: 20.x | |
os: 'ubuntu-latest' | |
- package-name: 'fast-check' | |
script-name: 'e2e' | |
node-version: 20.x | |
os: 'macos-latest' | |
- package-name: 'fast-check' | |
script-name: 'e2e' | |
node-version: 20.x | |
os: 'windows-latest' | |
- package-name: '@fast-check/packaged' | |
script-name: 'test' | |
node-version: 20.x | |
os: 'macos-latest' | |
- package-name: '@fast-check/packaged' | |
script-name: 'test' | |
node-version: 20.x | |
os: 'windows-latest' | |
# Limited matrix for test only packages | |
- package-name: '@fast-check/examples' | |
script-name: 'test' | |
node-version: 20.x | |
os: 'ubuntu-latest' | |
- package-name: 'website' | |
script-name: 'test' | |
node-version: 20.x | |
os: 'ubuntu-latest' | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v${{matrix.node-version}} | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{matrix.node-version}} | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
run: yarn install --immutable --immutable-cache --mode=skip-build | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Unpack production packages | |
if: matrix.os != 'windows-latest' | |
run: yarn unpack:all | |
- name: Unpack production packages (Windows only) | |
if: matrix.os == 'windows-latest' | |
# untar seems to fail on Windows when untaring already existing files | |
run: yarn unpack:all || true | |
- name: Alter internals to behave as if published | |
run: yarn workspaces foreach --recursive -pvi --from '${{matrix.package-name}}' --no-private --exclude '${{matrix.package-name}}' exec yarn node $(yarn bin packaged) --keep-node-modules | |
- name: Unit tests | |
shell: bash -l {0} | |
# The DEFAULT_SEED might be used by some of the packages and might be ignored by others | |
# It's aim is to help to diagnose infinite loop that may occur during tests and cannot be stopped by fast-check itself | |
run: | | |
export EXPECT_DEFAULT_SEED="true" | |
export DEFAULT_SEED=$(node -p "Date.now() ^ (Math.random() * 0x100000000)") | |
echo "DEFAULT_SEED is: ${DEFAULT_SEED}" | |
yarn workspace '${{matrix.package-name}}' '${{matrix.script-name}}' | |
- name: Codecov | |
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 | |
if: matrix.package-name == 'fast-check' && matrix.script-name == 'test' | |
with: | |
name: unit-tests-${{matrix.node-version}}-${{runner.os}} | |
flags: unit-tests, unit-tests-${{matrix.node-version}}-${{runner.os}} | |
token: ${{secrets.CODECOV_TOKEN}} | |
fail_ci_if_error: true # default: false | |
verbose: false # default: false | |
documentation: | |
name: 'Build documentation' | |
needs: | |
- warmup_yarn_cache | |
- production_packages | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 # all history in order to be able to show last-edited-at dates | |
lfs: true | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
run: yarn install --immutable --immutable-cache --mode=skip-build | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Unpack production packages | |
run: yarn unpack:all | |
- name: Get Date cache buster | |
id: get-date | |
run: | | |
echo "date=$(/bin/date -u "+%Y%m")" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Cache for Optimized assets | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: website/static/img/_ | |
key: optimized-assets-${{steps.get-date.outputs.date}}-${{hashFiles('.all-contributorsrc')}}-${{hashFiles('website/prebuild/optimize-images.mjs')}} | |
- name: Generate documentation | |
run: yarn workspace website build | |
- name: Generate API reference | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
YARN_NODE_LINKER: 'node-modules' | |
run: | | |
yarn install --immutable --immutable-cache --mode=skip-build | |
yarn workspace fast-check docs-ci | |
- name: Copy API reference within documentation | |
run: mv packages/fast-check/docs website/build/api-reference | |
- name: Upload documentation artifacts | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: website | |
path: website/build/ | |
if-no-files-found: error | |
retention-days: 1 | |
test_bundle: | |
name: 'Test bundle' | |
needs: | |
- warmup_yarn_cache | |
- production_packages | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
run: yarn install --immutable --immutable-cache --mode=skip-build | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Unpack production packages | |
run: yarn unpack:all | |
- name: Alter internals to behave as if published | |
run: yarn workspaces foreach --all -pvi --no-private exec yarn node $(yarn bin packaged) --keep-node-modules | |
- name: Retrieve potentially dropped test-bundle | |
run: yarn workspaces foreach --all -vi --no-private exec "git restore -s@ -SW -- test-bundle || true" | |
- name: Check publication lint | |
run: yarn publint:all | |
- name: Check bundles | |
run: yarn workspaces foreach --all -pvi --no-private run test-bundle | |
- name: Check legacy bundles | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
YARN_NODE_LINKER: 'node-modules' | |
run: | | |
yarn install --immutable --immutable-cache --mode=skip-build | |
export NODE_VERSION="$(node --version)" | |
export NVS_HOME="$HOME/.nvs" | |
git clone --branch v1.7.1 --depth 1 https://github.com/jasongin/nvs "$NVS_HOME" | |
if [ "$(git -C "$NVS_HOME" rev-parse HEAD)" != "b87ae9593cd20e7b667e9099240c9befeb50659f" ]; then | |
echo "ERROR: HEAD is not the expected commit hash" | |
exit 1 | |
fi | |
chmod +x "$NVS_HOME/nvs" | |
export PATH="$PATH:$NVS_HOME" | |
if [ "$(node --version)" != "$NODE_VERSION" ]; then | |
echo "ERROR: Node version got updated from $NODE_VERSION to $(node --version)" | |
exit 2 | |
fi | |
yarn workspaces foreach --all -pvi --no-private run test-legacy-bundle | |
if [ "$(node --version)" != "$NODE_VERSION" ]; then | |
echo "ERROR: Node version got updated from $NODE_VERSION to $(node --version)" | |
exit 3 | |
fi | |
test_types: | |
name: 'Test types' | |
needs: | |
- warmup_yarn_cache | |
- production_packages | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
ts-version: | |
# Latest version of TypeScript | |
- 'latest' | |
# Various intermediate versions of Typescript | |
- '4.4' | |
# Minimal requirement for TypeScript (should be 4.1) | |
- '4.2' | |
# Other release channels for TypeScript | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: yarn.lock | |
check-latest: true | |
- name: Install dependencies | |
env: | |
YARN_ENABLE_OFFLINE_MODE: 1 | |
YARN_ENABLE_HARDENED_MODE: 0 | |
run: yarn install --immutable --immutable-cache --mode=skip-build | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Unpack production packages | |
run: yarn unpack:all | |
- name: Alter internals to behave as if published | |
run: yarn workspaces foreach --recursive -pvi --from '@fast-check/test-types' --no-private exec yarn node $(yarn bin packaged) --keep-node-modules | |
- name: Retrieve dropped test-types | |
run: yarn workspaces foreach --all -vi --no-private exec "git restore -s@ -SW -- test-types" | |
- name: Check (legacy TS) | |
if: matrix.ts-version == '4.2' || matrix.ts-version == '4.4' | |
run: yarn workspaces foreach --all --exclude '{@fast-check/ava,@fast-check/packaged,@fast-check/vitest}' -pvi --no-private exec "cd test-types && yarn dlx -p typescript@${{ matrix.ts-version }} tsc --noEmit --skipLibCheck --strict --lib ES2020 *.ts" | |
- name: Check with ESNext (legacy TS) | |
if: matrix.ts-version == '4.2' || matrix.ts-version == '4.4' | |
run: yarn workspaces foreach --all --exclude '{@fast-check/ava,@fast-check/packaged,@fast-check/vitest}' -pvi --no-private exec "cd test-types && yarn dlx -p typescript@${{ matrix.ts-version }} tsc --noEmit --skipLibCheck --strict --lib ES2020 --module ESNext --moduleResolution Node *.ts" | |
- name: Switch folder to CommonJS | |
if: matrix.ts-version != '4.2' && matrix.ts-version != '4.4' | |
run: yarn workspaces foreach --all -pvi --no-private exec "cd test-types && ../../../.github/scripts/rename.sh ts cts" | |
- name: Check in CommonJS mode | |
if: matrix.ts-version != '4.2' && matrix.ts-version != '4.4' | |
run: yarn workspaces foreach --all -pvi --no-private exec "cd test-types && yarn dlx -p typescript@${{ matrix.ts-version }} tsc --noEmit --skipLibCheck --strict *.cts" | |
- name: Check in CommonJS mode with NodeNext | |
if: matrix.ts-version != '4.2' && matrix.ts-version != '4.4' | |
run: yarn workspaces foreach --all -pvi --no-private exec "cd test-types && yarn dlx -p typescript@${{ matrix.ts-version }} tsc --noEmit --skipLibCheck --strict --module NodeNext --moduleResolution NodeNext *.cts" | |
- name: Switch folder to ES Modules | |
if: matrix.ts-version != '4.2' && matrix.ts-version != '4.4' | |
run: yarn workspaces foreach --all -pvi --no-private exec "cd test-types && ../../../.github/scripts/rename.sh cts mts" | |
- name: Check in ES Modules mode | |
if: matrix.ts-version != '4.2' && matrix.ts-version != '4.4' | |
run: yarn workspaces foreach --all -pvi --no-private exec "cd test-types && yarn dlx -p typescript@${{ matrix.ts-version }} tsc --noEmit --skipLibCheck --strict *.mts" | |
- name: Check in ES Modules mode with NodeNext | |
if: matrix.ts-version != '4.2' && matrix.ts-version != '4.4' | |
run: yarn workspaces foreach --all -pvi --no-private exec "cd test-types && yarn dlx -p typescript@${{ matrix.ts-version }} tsc --noEmit --skipLibCheck --strict --module NodeNext --moduleResolution NodeNext *.mts" | |
- name: Check in ES Modules mode with exactOptionalPropertyTypes | |
if: matrix.ts-version != '4.2' && matrix.ts-version != '4.4' | |
run: | | |
yarn workspaces foreach --all -pvi --no-private exec "sed -i 's/fc-expect-error-require-exactOptionalPropertyTypes/ts-expect-error/g' test-types/*.mts" | |
yarn workspaces foreach --all -pvi --no-private exec "cd test-types && yarn dlx -p typescript@${{ matrix.ts-version }} tsc --noEmit --skipLibCheck --strict --exactOptionalPropertyTypes *.mts" | |
# Job to confirm every required job passed | |
pre_all_checks_passed: | |
name: 'Pre All checks passed' | |
needs: | |
- production_packages | |
- documentation | |
- format_lint | |
- no_dedupe_required | |
- package_quality | |
- typecheck | |
- test | |
- test_bundle | |
- test_types | |
runs-on: ubuntu-latest | |
steps: | |
- name: Success | |
run: echo "Success" | |
all_checks_passed: | |
name: 'All checks passed' | |
needs: pre_all_checks_passed | |
if: always() | |
runs-on: ubuntu-latest | |
steps: | |
- if: needs.pre_all_checks_passed.result == 'success' | |
name: Success | |
run: echo "Success" | |
- if: needs.pre_all_checks_passed.result != 'success' | |
name: Failure | |
run: exit 1 | |
# Publication jobs | |
publish_documentation_netlify: | |
name: 'Publish documentation on Netlify' | |
needs: documentation | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
env: | |
DRAFT_BUILD: ${{github.event_name == 'push' && github.ref == 'refs/heads/main' && 'false' || 'true'}} | |
steps: | |
- name: Download documentation artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: website | |
path: artifacts/ | |
- name: Alter robots.txt for draft build | |
if: env.DRAFT_BUILD == 'true' | |
run: | | |
echo "User-agent: *" > artifacts/robots.txt | |
echo "Disallow: /" >> artifacts/robots.txt | |
- name: Configure custom headers | |
run: | | |
echo "/*" > artifacts/_headers | |
echo " Content-Security-Policy: default-src 'none'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com api.securityscorecards.dev bestpractices.coreinfrastructure.org www.bestpractices.dev;connect-src *.algolia.net *.algolianet.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src *.codesandbox.io www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers | |
echo "/api-reference/*" >> artifacts/_headers | |
echo " Content-Security-Policy: default-src 'none'; img-src 'self' data:; connect-src data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" >> artifacts/_headers | |
- name: Compress documentation artifacts as zip | |
run: zip -r artifacts.zip artifacts | |
- name: Deploy to Netlify | |
id: deployment_to_netlify | |
run: | | |
curl -H "Content-Type: application/zip" -H "Authorization: Bearer ${{secrets.NETLIFY_AUTH_TOKEN}}" --data-binary "@artifacts.zip" https://api.netlify.com/api/v1/sites/${{secrets.NETLIFY_SITE_ID}}/deploys?draft=${{env.DRAFT_BUILD}} > deploy.json | |
cat deploy.json | |
deploy_url=$(jq -r '.deploy_url' --exit-status deploy.json) | |
echo "deploy_url=$deploy_url" >> $GITHUB_OUTPUT | |
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
name: Notify the user of the preview | |
if: env.DRAFT_BUILD == 'true' | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: '👋 A preview of the new documentation is available at: ${{steps.deployment_to_netlify.outputs.deploy_url}}' | |
}) | |
check_any_package: | |
name: 'Check publish any package' | |
needs: all_checks_passed | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
outputs: | |
tag_count: ${{steps.tag_count.outputs.count}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: tag_count | |
name: Check if one tag matches the package | |
run: | | |
echo -n "count=" >> "$GITHUB_OUTPUT" | |
git tag --points-at HEAD | wc -l >> "$GITHUB_OUTPUT" | |
check_publish_fc: | |
name: Check publish fast-check | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_fc: | |
name: Publish fast-check | |
needs: check_publish_fc | |
if: needs.check_publish_fc.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish fast-check | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/fast-check/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
check_publish_ava: | |
name: Check publish @fast-check/ava | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^ava/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_ava: | |
name: Publish @fast-check/ava | |
needs: check_publish_ava | |
if: needs.check_publish_ava.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish @fast-check/ava | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/ava/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
check_publish_jest: | |
name: Check publish @fast-check/jest | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^jest/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_jest: | |
name: Publish @fast-check/jest | |
needs: check_publish_jest | |
if: needs.check_publish_jest.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish @fast-check/jest | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/jest/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
check_publish_packaged: | |
name: Check publish @fast-check/packaged | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^packaged/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_packaged: | |
name: Publish @fast-check/packaged | |
needs: check_publish_packaged | |
if: needs.check_publish_packaged.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish @fast-check/packaged | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/packaged/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
check_publish_poisoning: | |
name: Check publish @fast-check/poisoning | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^poisoning/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_poisoning: | |
name: Publish @fast-check/poisoning | |
needs: check_publish_poisoning | |
if: needs.check_publish_poisoning.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish @fast-check/poisoning | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/poisoning/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
check_publish_vitest: | |
name: Check publish @fast-check/vitest | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^vitest/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_vitest: | |
name: Publish @fast-check/vitest | |
needs: check_publish_vitest | |
if: needs.check_publish_vitest.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish @fast-check/vitest | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/vitest/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
check_publish_worker: | |
name: Check publish @fast-check/worker | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^worker/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_worker: | |
name: Publish @fast-check/worker | |
needs: check_publish_worker | |
if: needs.check_publish_worker.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish @fast-check/worker | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/worker/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
check_publish_expect_type: | |
name: Check publish @fast-check/expect-type | |
needs: check_any_package | |
if: needs.check_any_package.outputs.tag_count != '0' | |
runs-on: ubuntu-latest | |
outputs: | |
status: ${{steps.check_has_tag.outcome}} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- id: check_has_tag | |
name: Check if one tag matches the package | |
run: git tag --points-at HEAD | grep '^expect-type/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' | |
continue-on-error: true | |
publish_package_expect_type: | |
name: Publish @fast-check/expect-type | |
needs: check_publish_expect_type | |
if: needs.check_publish_expect_type.outputs.status == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Using Node v20.x | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://registry.npmjs.org' | |
check-latest: true | |
- name: Download production packages | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bundles | |
path: packages/ | |
- name: Publish @fast-check/expect-type | |
run: npm publish --provenance --access public --tag ${{env.PUBLISH_TAG}} packages/expect-type/package.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} |