Skip to content
CI

Defense-in-depth against release.yml running at the wrong time #1615

Sign in to view logs

Defense-in-depth against release.yml running at the wrong time

Defense-in-depth against release.yml running at the wrong time #1615

Workflow file for this run

.github/workflows/ci.yml at 8ba9b2e
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
changeset:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.0
with:
fetch-depth: 0
- name: Install pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.0
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
with:
node-version-file: .nvmrc
cache: "pnpm"
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Check if packages changed
id: packages-changed
env:
BASE_REF: ${{ github.base_ref }}
run: |
git fetch origin "$BASE_REF" --depth=1
if git diff --name-only "origin/$BASE_REF"...HEAD | grep '^packages/' | grep -qv '\.md$'; then
echo "changed=true" >> "$GITHUB_OUTPUT"
else
echo "changed=false" >> "$GITHUB_OUTPUT"
echo "No package code changes detected — skipping changeset check."
fi
- name: Verify changeset present
if: steps.packages-changed.outputs.changed == 'true'
env:
BASE_REF: ${{ github.base_ref }}
run: pnpm changeset status --since="origin/$BASE_REF"
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.0
- name: Install pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.0
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
with:
node-version-file: .nvmrc
cache: "pnpm"
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Check
run: pnpm check
- name: Knip
run: pnpm knip
konsistent:
name: 'Code Consistency'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.0
- name: Install pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.0
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
with:
node-version: 20
cache: "pnpm"
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run konsistent
run: pnpm konsistent
typecheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.0
- name: Install pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.0
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
with:
node-version-file: .nvmrc
cache: "pnpm"
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Typecheck
run: pnpm typecheck
build-and-test-matrix:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
node-version: [20, 24]
name: build-and-test (Node ${{ matrix.node-version }})
env:
SLACK_BOT_TOKEN: xoxb-mock
SLACK_SIGNING_SECRET: mock
TEAMS_APP_ID: mock
TEAMS_APP_PASSWORD: mock
TEAMS_APP_TENANT_ID: mock
GOOGLE_CHAT_CREDENTIALS: '{"type":"service_account","project_id":"mock","private_key":"-----BEGIN RSA PRIVATE KEY-----\nMOCK\n-----END RSA PRIVATE KEY-----","client_email":"mock@mock.iam.gserviceaccount.com"}'
REDIS_URL: redis://localhost:6379
RECORDING_ENABLED: "false"
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.0
- name: Install pnpm
uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.0
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.0.0
with:
node-version: ${{ matrix.node-version }}
cache: "pnpm"
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build
run: pnpm turbo build --filter='!example-nextjs-chat'
- name: Test
run: pnpm test
# Separate "build-and-test" job to set as required in branch protections,
# as the matrix build names above change each time Node versions change.
build-and-test:
runs-on: ubuntu-latest
needs: build-and-test-matrix
if: ${{ !cancelled() }}
name: build-and-test (Summary)
steps:
- name: All matrix versions passed
if: ${{ !(contains(needs.*.result, 'failure')) }}
run: exit 0
- name: Some matrix version failed
if: ${{ contains(needs.*.result, 'failure') }}
run: exit 1