update dependency #258
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will: | |
| # - on pull_request into master: auto-deploy & install to Forge environment "development" | |
| # - on push to master branch: auto-deploy & install to Forge environment "staging" | |
| # - on pushing a tag (v*): auto-deploy & install to Forge environment "production" | |
| # All environments deploy/install automatically (no manual approval step). | |
| name: Node.js CI/CD | |
| on: | |
| pull_request: | |
| branches: [ "master" ] | |
| push: | |
| branches: [ "master" ] | |
| tags: | |
| - "v*" | |
| release: | |
| types: [published] | |
| jobs: | |
| build-dev: | |
| environment: "secure notes" | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [24.x] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Backend install | |
| run: npm ci --ignore-scripts | |
| - name: Install oxc binding (Linux) | |
| if: runner.os == 'Linux' | |
| run: npm i -D @oxc-resolver/binding-linux-x64-gnu@latest | |
| - name: Install oxc binding (macOS arm64) | |
| if: runner.os == 'macOS' && startsWith(runner.arch, 'ARM64') | |
| run: npm i -D @oxc-resolver/binding-darwin-arm64@latest | |
| - name: Install oxc binding (macOS x64) | |
| if: runner.os == 'macOS' && startsWith(runner.arch, 'X64') | |
| run: npm i -D @oxc-resolver/binding-darwin-x64@latest | |
| - name: Install oxc binding (Windows x64) | |
| if: runner.os == 'Windows' | |
| run: npm i -D @oxc-resolver/binding-win32-x64-msvc@latest | |
| - name: Backend build | |
| run: | | |
| npm run knip | |
| npm run lint | |
| npm run format:check | |
| npm run build:ci | |
| - run: npm run test:coverage | |
| if: github.actor != 'dependabot[bot]' | |
| - name: SonarQube Scan | |
| if: github.actor != 'dependabot[bot]' | |
| uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} | |
| - name: Site install & build | |
| run: | | |
| cd web-site | |
| npm ci --ignore-scripts | |
| npm run knip | |
| npm run lint | |
| npm run build | |
| - name: Frontend install & build | |
| run: | | |
| cd static | |
| npm ci --ignore-scripts | |
| npm run knip | |
| npm run lint | |
| npm run build | |
| - name: Forge CLI setup | |
| run: npm install -g @forge/cli && forge settings set usage-analytics true | |
| - name: Forge Deploy (development) | |
| env: | |
| FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| ANALYTICS_API_KEY: ${{ secrets.ANALYTICS_API_KEY }} | |
| run: | | |
| forge variables set ANALYTICS_API_KEY "$ANALYTICS_API_KEY" -e development | |
| forge deploy --non-interactive -e development | |
| - name: Check Forge eligibility (development) | |
| env: | |
| FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| run: ./check-forge-eligibility.sh -e development | |
| - name: Forge Install (development) | |
| env: | |
| FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| FORGE_HOSTNAME: ${{ secrets.FORGE_HOSTNAME }} | |
| run: forge install -e development -s "$FORGE_HOSTNAME" -p Jira --confirm-scopes --non-interactive --upgrade | |
| build-staging: | |
| environment: "secure notes" | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/master') | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [24.x] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Backend install | |
| run: npm ci --ignore-scripts | |
| - name: Install oxc binding (Linux) | |
| if: runner.os == 'Linux' | |
| run: npm i -D @oxc-resolver/binding-linux-x64-gnu@latest | |
| - name: Install oxc binding (macOS arm64) | |
| if: runner.os == 'macOS' && startsWith(runner.arch, 'ARM64') | |
| run: npm i -D @oxc-resolver/binding-darwin-arm64@latest | |
| - name: Install oxc binding (macOS x64) | |
| if: runner.os == 'macOS' && startsWith(runner.arch, 'X64') | |
| run: npm i -D @oxc-resolver/binding-darwin-x64@latest | |
| - name: Install oxc binding (Windows x64) | |
| if: runner.os == 'Windows' | |
| run: npm i -D @oxc-resolver/binding-win32-x64-msvc@latest | |
| - name: Backend build | |
| run: | | |
| npm run knip | |
| npm run lint | |
| npm run format:check | |
| npm run build:ci | |
| - run: npm run test:coverage | |
| if: github.actor != 'dependabot[bot]' | |
| - name: SonarQube Scan | |
| if: github.actor != 'dependabot[bot]' | |
| uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} | |
| - name: Frontend install & build | |
| run: | | |
| cd static | |
| npm ci --ignore-scripts | |
| npm run knip | |
| npm run lint | |
| npm run build | |
| - name: Forge CLI setup | |
| run: npm install -g @forge/cli && forge settings set usage-analytics true | |
| - name: Forge Deploy (staging) | |
| env: | |
| FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| ANALYTICS_API_KEY: ${{ secrets.ANALYTICS_API_KEY }} | |
| run: | | |
| forge variables set ANALYTICS_API_KEY "$ANALYTICS_API_KEY" -e development | |
| forge deploy --non-interactive -e staging | |
| - name: Check Forge eligibility (staging) | |
| env: | |
| FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| run: ./check-forge-eligibility.sh -e staging | |
| # - name: Forge Install (staging) | |
| # env: | |
| # FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| # FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| # FORGE_HOSTNAME: ${{ secrets.FORGE_HOSTNAME }} | |
| # run: forge install -e development -s "$FORGE_HOSTNAME" -p Jira --confirm-scopes --non-interactive --upgrade | |
| build-production: | |
| if: (github.event_name == 'release' && github.event.action == 'published') | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [24.x] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event_name == 'release' && github.event.release.tag_name || github.ref_name }} | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Backend install | |
| run: npm ci --ignore-scripts | |
| - name: Install oxc binding (Linux) | |
| if: runner.os == 'Linux' | |
| run: npm i -D @oxc-resolver/binding-linux-x64-gnu@latest | |
| - name: Install oxc binding (macOS arm64) | |
| if: runner.os == 'macOS' && startsWith(runner.arch, 'ARM64') | |
| run: npm i -D @oxc-resolver/binding-darwin-arm64@latest | |
| - name: Install oxc binding (macOS x64) | |
| if: runner.os == 'macOS' && startsWith(runner.arch, 'X64') | |
| run: npm i -D @oxc-resolver/binding-darwin-x64@latest | |
| - name: Install oxc binding (Windows x64) | |
| if: runner.os == 'Windows' | |
| run: npm i -D @oxc-resolver/binding-win32-x64-msvc@latest | |
| - name: Backend build | |
| run: | | |
| npm run knip | |
| npm run lint | |
| npm run format:check | |
| npm run build:ci | |
| npm run test | |
| - name: Frontend install & build | |
| run: | | |
| cd static | |
| npm ci --ignore-scripts | |
| npm run knip | |
| npm run lint | |
| npm run build | |
| - name: Forge CLI setup | |
| run: npm install -g @forge/cli && forge settings set usage-analytics true | |
| - name: Forge Deploy (production) | |
| env: | |
| FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| ANALYTICS_API_KEY: ${{ secrets.ANALYTICS_API_KEY }} | |
| run: | | |
| forge variables set ANALYTICS_API_KEY "$ANALYTICS_API_KEY" -e production | |
| forge deploy --non-interactive -e production | |
| - name: Check Forge eligibility (production) | |
| env: | |
| FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| run: ./check-forge-eligibility.sh -e production | |
| # - name: Forge Install (production) | |
| # env: | |
| # FORGE_EMAIL: ${{ secrets.FORGE_EMAIL }} | |
| # FORGE_API_TOKEN: ${{ secrets.FORGE_API_TOKEN }} | |
| # FORGE_HOSTNAME: ${{ secrets.FORGE_HOSTNAME }} | |
| # run: forge install -e production -s "$FORGE_HOSTNAME" -p Jira --confirm-scopes --non-interactive --upgrade |