From c96d4a2d6e3705b10d4099122d257b3fcc6848dc Mon Sep 17 00:00:00 2001 From: Andy Kenward <4893048+andykenward@users.noreply.github.com> Date: Sun, 17 May 2026 17:05:35 +0000 Subject: [PATCH 1/3] ci: step do install --- .github/actions/setup-pnpm/action.yml | 22 +++++++++++++++ .github/workflows/check-dist.yml | 13 +++------ .github/workflows/deploy-delete.yml | 2 ++ .github/workflows/deploy-main.yml | 2 ++ .github/workflows/deploy.yml | 2 ++ .github/workflows/release.yml | 19 ++++++------- .github/workflows/setup.yml | 33 ++++++++++++++++++++++ .github/workflows/sync-readme-versions.yml | 18 +++++++++--- .github/workflows/test.yml | 13 +++------ .github/workflows/update.yml | 28 +++++++----------- 10 files changed, 102 insertions(+), 50 deletions(-) create mode 100644 .github/actions/setup-pnpm/action.yml create mode 100644 .github/workflows/setup.yml diff --git a/.github/actions/setup-pnpm/action.yml b/.github/actions/setup-pnpm/action.yml new file mode 100644 index 00000000..6eae9bd1 --- /dev/null +++ b/.github/actions/setup-pnpm/action.yml @@ -0,0 +1,22 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-action.json + +name: 'Restore pnpm cache' +description: 'Sets up Node and pnpm, restores node_modules and ~/.cache/ from cache (no install)' +inputs: + node-version: + description: 'Version of Node' + required: false + default: '24' +runs: + using: 'composite' + steps: + - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d #v6.0.5 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0 + with: + node-version: ${{ inputs.node-version }} + - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 + with: + path: | + node_modules + ~/.cache/ + key: ${{ runner.os }}-node-${{ hashFiles('pnpm-lock.yaml') }} diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 6e14ab15..0bdd1193 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -27,22 +27,17 @@ concurrency: cancel-in-progress: true jobs: + setup: + uses: ./.github/workflows/setup.yml check-dist: + needs: setup runs-on: ubuntu-latest timeout-minutes: 5 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: Rebuild the dist/ directory run: pnpm run build diff --git a/.github/workflows/deploy-delete.yml b/.github/workflows/deploy-delete.yml index e38c0fd9..9aa6bac3 100644 --- a/.github/workflows/deploy-delete.yml +++ b/.github/workflows/deploy-delete.yml @@ -12,6 +12,8 @@ on: concurrency: group: deploy-delete-${{ github.head_ref || github.run_id }} +permissions: {} + jobs: deploy-delete: permissions: diff --git a/.github/workflows/deploy-main.yml b/.github/workflows/deploy-main.yml index dc8b3c06..9d57e2ee 100644 --- a/.github/workflows/deploy-main.yml +++ b/.github/workflows/deploy-main.yml @@ -8,6 +8,8 @@ on: concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} +permissions: {} + jobs: deploy-main: permissions: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4e7ccadd..868bbe5e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,6 +9,8 @@ on: concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} +permissions: {} + jobs: deploy: if: ${{ !github.event.pull_request.head.repo.fork }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cbf516a4..1859a54d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,10 +13,17 @@ on: concurrency: ${{ github.workflow }}-${{ github.ref }} +permissions: {} + jobs: + setup: + if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' && github.event.workflow_run.conclusion == 'success' }} + permissions: + contents: read + uses: ./.github/workflows/setup.yml release: + needs: setup name: Release - if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' && github.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-latest permissions: contents: write @@ -28,15 +35,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: Create Release Pull Request id: changesets uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf #v1.7.0 diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml new file mode 100644 index 00000000..fe22cca7 --- /dev/null +++ b/.github/workflows/setup.yml @@ -0,0 +1,33 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json + +name: setup + +on: + workflow_call: + +jobs: + setup: + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: read + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + with: + persist-credentials: false + - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d #v6.0.5 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0 + with: + node-version: 24 + cache: pnpm + - name: Cache + id: cache + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 + with: + path: | + node_modules + ~/.cache/ + key: ${{ runner.os }}-node-${{ hashFiles('pnpm-lock.yaml') }} + - name: Install dependencies + if: steps.cache.outputs.cache-hit != 'true' + run: pnpm install diff --git a/.github/workflows/sync-readme-versions.yml b/.github/workflows/sync-readme-versions.yml index 77527fb3..0cd917a5 100644 --- a/.github/workflows/sync-readme-versions.yml +++ b/.github/workflows/sync-readme-versions.yml @@ -8,10 +8,21 @@ on: - 'v*' workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: {} + jobs: + setup: + if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' }} + permissions: + contents: read + uses: ./.github/workflows/setup.yml sync: + needs: setup name: Sync action version references - if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' }} runs-on: ubuntu-latest permissions: contents: write @@ -21,9 +32,8 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: ref: main - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 + persist-credentials: false + - uses: ./.github/actions/setup-pnpm - name: Sync action version references run: pnpm run sync:readme env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2e238bea..8ae763f6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,22 +17,17 @@ concurrency: cancel-in-progress: true jobs: + setup: + uses: ./.github/workflows/setup.yml test: + needs: setup runs-on: ubuntu-latest timeout-minutes: 5 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: Lint run: pnpm run lint --format=github - name: Typecheck diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index fad5ed99..5910c0e4 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -9,8 +9,15 @@ on: concurrency: group: ${{ github.workflow }}-${{ github.ref }} +permissions: {} + jobs: + setup: + permissions: + contents: read + uses: ./.github/workflows/setup.yml download: + needs: setup permissions: contents: write pull-requests: write @@ -20,15 +27,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: cli download payloads run: pnpm run download env: @@ -46,6 +45,7 @@ jobs: body: | This is an automated PR to update payloads. types: + needs: setup permissions: contents: write pull-requests: write @@ -55,15 +55,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: andykenward/github-actions/setup-pnpm@4975fa85f6e689743962bbb5dbac847aaa843edb #v3.0.1 - with: - node-version: 24 - - name: Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 - with: - path: | - ~/.cache/ - key: ${{ runner.os }}-node-${{ hashFiles('**/pnpm-lock.yaml', '**/.oxlintrc.json', '**/.oxfmtrc.json', '**/tsconfig.json', '**/knip.json', '**/vitest.config.ts', '**/vitest.setup.ts') }} + - uses: ./.github/actions/setup-pnpm - name: cli all run: pnpm run tsc:types - name: Create Pull Request From c66187d4caf9596b8a097d6344ee405d90066c5e Mon Sep 17 00:00:00 2001 From: Andy Kenward <4893048+andykenward@users.noreply.github.com> Date: Sun, 17 May 2026 17:46:14 +0000 Subject: [PATCH 2/3] ci: release the test does the setup --- .github/workflows/release.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1859a54d..1d6d5bc2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,13 +16,8 @@ concurrency: ${{ github.workflow }}-${{ github.ref }} permissions: {} jobs: - setup: - if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' && github.event.workflow_run.conclusion == 'success' }} - permissions: - contents: read - uses: ./.github/workflows/setup.yml release: - needs: setup + if: ${{ github.repository == 'andykenward/github-actions-cloudflare-pages' && github.event.workflow_run.conclusion == 'success' }} name: Release runs-on: ubuntu-latest permissions: From a6662a1920b0dd793cf997a4092f4844bb3a14fa Mon Sep 17 00:00:00 2001 From: Andy Kenward <4893048+andykenward@users.noreply.github.com> Date: Sun, 17 May 2026 17:55:55 +0000 Subject: [PATCH 3/3] ci: exit early on cache hit --- .github/workflows/setup.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml index fe22cca7..387753b5 100644 --- a/.github/workflows/setup.yml +++ b/.github/workflows/setup.yml @@ -15,11 +15,6 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: persist-credentials: false - - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d #v6.0.5 - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0 - with: - node-version: 24 - cache: pnpm - name: Cache id: cache uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae #v5.0.5 @@ -28,6 +23,13 @@ jobs: node_modules ~/.cache/ key: ${{ runner.os }}-node-${{ hashFiles('pnpm-lock.yaml') }} + - if: steps.cache.outputs.cache-hit != 'true' + uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d #v6.0.5 + - if: steps.cache.outputs.cache-hit != 'true' + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0 + with: + node-version: 24 + cache: pnpm - name: Install dependencies if: steps.cache.outputs.cache-hit != 'true' run: pnpm install