summaryrefslogtreecommitdiff
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/autobot.yaml10
-rw-r--r--.github/workflows/ci.yaml65
-rw-r--r--.github/workflows/codeql.yaml9
-rw-r--r--.github/workflows/eslint.yaml30
-rw-r--r--.github/workflows/update-flake.yaml3
5 files changed, 60 insertions, 57 deletions
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml
index 450e5d2..4e74d0a 100644
--- a/.github/workflows/autobot.yaml
+++ b/.github/workflows/autobot.yaml
@@ -4,23 +4,25 @@ on: pull_request
jobs:
automerge:
+ name: Check and merge PR
+ if: github.actor == 'dependabot[bot]'
+
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
- if: github.actor == 'dependabot[bot]'
-
steps:
- - uses: dependabot/fetch-metadata@v2
+ - name: Fetch metadata
+ uses: dependabot/fetch-metadata@v2
id: metadata
with:
github-token: ${{ github.token }}
- name: Enable auto-merge
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
- run: gh pr merge --auto --rebase "$PR"
+ run: gh pr merge --auto --squash "$PR"
env:
GH_TOKEN: ${{ github.token }}
PR: ${{ github.event.pull_request.html_url }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ef649d9..b77ed84 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -6,49 +6,48 @@ on:
jobs:
build:
- runs-on: "ubuntu-latest"
+ name: Build
- steps:
- - uses: actions/checkout@v4
- with:
- submodules: recursive
+ runs-on: ubuntu-latest
- - name: Setup pnpm
- uses: pnpm/action-setup@v4
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
- - name: Setup Node
- uses: actions/setup-node@v4
- with:
- node-version: 20
- cache: pnpm
- cache-dependency-path: pnpm-lock.yaml
+ - name: Install Nix
+ uses: DeterminateSystems/nix-installer-action@v13
- - name: Install dependencies
- run: pnpm install --frozen-lockfile
+ - name: Install Dependencies
+ run: nix develop .#ci --command pnpm install --frozen-lockfile
- name: Run build
- run: pnpm build
+ run: nix develop .#ci --command nrr build
+
+ treefmt:
+ name: Treefmt
- format:
- runs-on: "ubuntu-latest"
+ runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
- with:
- submodules: recursive
+ - name: Checkout repository
+ uses: actions/checkout@v4
- - name: Setup pnpm
- uses: pnpm/action-setup@v4
+ - name: Install Nix
+ uses: DeterminateSystems/nix-installer-action@v13
- - name: Setup Node
- uses: actions/setup-node@v4
- with:
- node-version: 20
- cache: pnpm
- cache-dependency-path: pnpm-lock.yaml
+ - name: Run checks
+ run: |
+ nix develop .#ci --command treefmt --fail-on-change
- - name: Install dependencies
- run: pnpm install --frozen-lockfile
+ release-gate:
+ name: CI Release gate
+ needs: [build, treefmt]
- - name: Run Prettier
- run: pnpm exec prettier --check .
+ if: always()
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Exit with error
+ if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
+ run: exit 1
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index c8dfaf4..9d82771 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -1,14 +1,14 @@
name: CodeQL
on:
- push:
- branches: ["main"]
pull_request:
+ workflow_dispatch:
jobs:
codeql:
name: Run CodeQL scan
- runs-on: "ubuntu-latest"
+
+ runs-on: ubuntu-latest
permissions:
security-events: write
@@ -17,7 +17,8 @@ jobs:
LANGUAGE: "javascript-typescript"
steps:
- - uses: actions/checkout@v4
+ - name: Checkout repository
+ uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
diff --git a/.github/workflows/eslint.yaml b/.github/workflows/eslint.yaml
index 4cecab1..0a6f7ce 100644
--- a/.github/workflows/eslint.yaml
+++ b/.github/workflows/eslint.yaml
@@ -3,37 +3,37 @@ name: ESLint
on:
push:
branches: [main]
+ paths:
+ - "**.ts"
+ - "package.json"
+ - "pnpm-lock.yaml"
+ - "tsconfig.json"
pull_request:
jobs:
eslint:
- name: Run ESLint scan
+ name: Run scan
+
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- - uses: actions/checkout@v4
- with:
- submodules: recursive
+ - name: Checkout repository
+ uses: actions/checkout@v4
- - name: Setup pnpm
- uses: pnpm/action-setup@v4
-
- - name: Setup Node
- uses: actions/setup-node@v4
- with:
- node-version: 20
- cache: pnpm
- cache-dependency-path: pnpm-lock.yaml
+ - name: Install Nix
+ uses: DeterminateSystems/nix-installer-action@v13
- name: Install Dependencies
- run: pnpm install --frozen-lockfile
+ run: nix develop .#ci --command pnpm install --frozen-lockfile
- name: Run ESLint
continue-on-error: true
- run: pnpm run lint --format @microsoft/eslint-formatter-sarif --output-file /tmp/results.sarif
+ run: |
+ nix develop .#ci --command \
+ nrr lint --format @microsoft/eslint-formatter-sarif --output-file /tmp/results.sarif
- name: Upload Results
uses: github/codeql-action/upload-sarif@v3
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml
index 33fc043..bfebbc7 100644
--- a/.github/workflows/update-flake.yaml
+++ b/.github/workflows/update-flake.yaml
@@ -9,6 +9,7 @@ on:
jobs:
update:
name: Run update
+
runs-on: ubuntu-latest
permissions:
@@ -20,7 +21,7 @@ jobs:
uses: actions/checkout@v4
- name: Install Nix
- uses: DeterminateSystems/nix-installer-action@v12
+ uses: DeterminateSystems/nix-installer-action@v13
- name: Update flake.lock & make PR
uses: DeterminateSystems/update-flake-lock@v23
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 23:11:31 +0000