diff --git a/.github/actions/setup-pnpm/action.yml b/.github/actions/setup-pnpm/action.yml new file mode 100644 index 00000000..6eae9bd1 --- /dev/null +++ b/.github/actions/setup-pnpm/action.yml @@ -0,0 +1,22 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-action.json + +name: 'Restore pnpm cache' +description: 'Sets up Node and pnpm, restores node_modules and ~/.cache/ from cache (no install)' +inputs: + node-version: + description: 'Version of Node' + required: false + default: '24' +runs: + using: 'composite' + steps: + - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d #v6.0.5 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0 + with: + node-version: ${{ inputs.node-version }} + - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 + with: + path: | + node_modules + ~/.cache/ + key: ${{ runner.os }}-node-${{ hashFiles('pnpm-lock.yaml') }} diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 6e14ab15..0bdd1193 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -27,22 +27,17 @@ concurrency: cancel-in-progress: true jobs: + setup: + uses: ./.github/workflows/setup.yml check-dist: + needs: setup runs-on: ubuntu-latest timeout-minutes: 5 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: Rebuild the dist/ directory run: pnpm run build diff --git a/.github/workflows/deploy-delete.yml b/.github/workflows/deploy-delete.yml index e38c0fd9..9aa6bac3 100644 --- a/.github/workflows/deploy-delete.yml +++ b/.github/workflows/deploy-delete.yml @@ -12,6 +12,8 @@ on: concurrency: group: deploy-delete-${{ github.head_ref || github.run_id }} +permissions: {} + jobs: deploy-delete: permissions: diff --git a/.github/workflows/deploy-main.yml b/.github/workflows/deploy-main.yml index dc8b3c06..9d57e2ee 100644 --- a/.github/workflows/deploy-main.yml +++ b/.github/workflows/deploy-main.yml @@ -8,6 +8,8 @@ on: concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} +permissions: {} + jobs: deploy-main: permissions: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4e7ccadd..868bbe5e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,6 +9,8 @@ on: concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} +permissions: {} + jobs: deploy: if: ${{ !github.event.pull_request.head.repo.fork }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cbf516a4..1d6d5bc2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,10 +13,12 @@ on: concurrency: ${{ github.workflow }}-${{ github.ref }} +permissions: {} + jobs: release: - name: Release if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' && github.event.workflow_run.conclusion == 'success' }} + name: Release runs-on: ubuntu-latest permissions: contents: write @@ -28,15 +30,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: Create Release Pull Request id: changesets uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf #v1.7.0 diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml new file mode 100644 index 00000000..387753b5 --- /dev/null +++ b/.github/workflows/setup.yml @@ -0,0 +1,35 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json + +name: setup + +on: + workflow_call: + +jobs: + setup: + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: read + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + with: + persist-credentials: false + - name: Cache + id: cache + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 + with: + path: | + node_modules + ~/.cache/ + key: ${{ runner.os }}-node-${{ hashFiles('pnpm-lock.yaml') }} + - if: steps.cache.outputs.cache-hit != 'true' + uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d #v6.0.5 + - if: steps.cache.outputs.cache-hit != 'true' + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0 + with: + node-version: 24 + cache: pnpm + - name: Install dependencies + if: steps.cache.outputs.cache-hit != 'true' + run: pnpm install diff --git a/.github/workflows/sync-readme-versions.yml b/.github/workflows/sync-readme-versions.yml index 77527fb3..0cd917a5 100644 --- a/.github/workflows/sync-readme-versions.yml +++ b/.github/workflows/sync-readme-versions.yml @@ -8,10 +8,21 @@ on: - 'v*' workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: {} + jobs: + setup: + if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' }} + permissions: + contents: read + uses: ./.github/workflows/setup.yml sync: + needs: setup name: Sync action version references - if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' }} runs-on: ubuntu-latest permissions: contents: write @@ -21,9 +32,8 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: ref: main - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 + persist-credentials: false + - uses: ./.github/actions/setup-pnpm - name: Sync action version references run: pnpm run sync:readme env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2e238bea..8ae763f6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,22 +17,17 @@ concurrency: cancel-in-progress: true jobs: + setup: + uses: ./.github/workflows/setup.yml test: + needs: setup runs-on: ubuntu-latest timeout-minutes: 5 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: Lint run: pnpm run lint --format=github - name: Typecheck diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index fad5ed99..5910c0e4 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -9,8 +9,15 @@ on: concurrency: group: ${{ github.workflow }}-${{ github.ref }} +permissions: {} + jobs: + setup: + permissions: + contents: read + uses: ./.github/workflows/setup.yml download: + needs: setup permissions: contents: write pull-requests: write @@ -20,15 +27,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: cli download payloads run: pnpm run download env: @@ -46,6 +45,7 @@ jobs: body: | This is an automated PR to update payloads. types: + needs: setup permissions: contents: write pull-requests: write @@ -55,15 +55,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: cli all run: pnpm run tsc:types - name: Create Pull Request