chore(deps-dev): bump the dev-dependencies group across 1 directory with 11 updates #169

Workflow file for this run

	name: CI

	on:
	push:
	branches: [master]
	pull_request:
	branches: [master]

	permissions:
	contents: read

	jobs:
	changes:
	runs-on: ubuntu-latest
	outputs:
	source: ${{ steps.filter.outputs.source }}
	tooling: ${{ steps.filter.outputs.tooling }}
	deps: ${{ steps.filter.outputs.deps }}
	release-please: ${{ steps.release.outputs.match }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Detect changed paths
	uses: dorny/paths-filter@v4
	id: filter
	with:
	filters: \|
	source:
	- 'src/**'
	- 'tests/**'
	tooling:
	- 'eslint.config.js'
	- 'tsconfig.json'
	- 'vitest.config.ts'
	- 'stryker.config.js'
	deps:
	- 'package.json'
	- 'pnpm-lock.yaml'

	- name: Check for release-please branch
	id: release
	run: \|
	if [[ "${{ github.head_ref }}" == release-please--* ]]; then
	echo "match=true" >> "$GITHUB_OUTPUT"
	else
	echo "match=false" >> "$GITHUB_OUTPUT"
	fi

	format:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Setup pnpm
	uses: pnpm/action-setup@v5
	with:
	version: 10

	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Check formatting
	run: pnpm run format:check

	quality:
	needs: changes
	if: >-
	needs.changes.outputs.release-please != 'true' &&
	(needs.changes.outputs.source == 'true' \|\|
	needs.changes.outputs.tooling == 'true' \|\|
	needs.changes.outputs.deps == 'true')
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Setup pnpm
	uses: pnpm/action-setup@v5
	with:
	version: 10

	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Run linter
	run: pnpm run lint

	- name: Run type check
	run: pnpm run typecheck

	- name: Run tests with coverage
	run: pnpm run test:coverage

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v6
	with:
	files: ./coverage/lcov.info
	fail_ci_if_error: false
	env:
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

	build:
	needs: [changes, quality]
	if: >-
	needs.changes.outputs.release-please != 'true' &&
	(needs.changes.outputs.source == 'true' \|\|
	needs.changes.outputs.tooling == 'true' \|\|
	needs.changes.outputs.deps == 'true')
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Setup pnpm
	uses: pnpm/action-setup@v5
	with:
	version: 10

	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build package
	run: pnpm run build

	- name: Verify build output
	run: \|
	test -d dist
	test -f dist/core/index.js
	test -f dist/storage/index.js
	test -f dist/cookie/index.js

	- name: Check bundle size
	run: pnpm run size

	security:
	needs: changes
	if: >-
	needs.changes.outputs.release-please != 'true' &&
	(needs.changes.outputs.source == 'true' \|\|
	needs.changes.outputs.deps == 'true')
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Setup pnpm
	uses: pnpm/action-setup@v5
	with:
	version: 10

	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Run security audit
	run: pnpm audit --prod --audit-level=moderate

	mutation:
	needs: [changes, quality]
	if: >-
	needs.changes.outputs.release-please != 'true' &&
	needs.changes.outputs.source == 'true'
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Setup pnpm
	uses: pnpm/action-setup@v5
	with:
	version: 10

	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Run Stryker mutation testing
	run: pnpm run mutation

	- name: Upload mutation report
	if: always()
	uses: actions/upload-artifact@v7
	with:
	name: mutation-report
	path: reports/mutation/

	sbom:
	needs: [changes, quality]
	if: >-
	needs.changes.outputs.release-please != 'true' &&
	(needs.changes.outputs.source == 'true' \|\|
	needs.changes.outputs.deps == 'true')
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Setup pnpm
	uses: pnpm/action-setup@v5
	with:
	version: 10

	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Generate SBOM
	run: pnpm run sbom

	- name: Upload SBOM artifact
	uses: actions/upload-artifact@v7
	with:
	name: sbom
	path: sbom.cdx.json

	# =============================================================================
	# CI GATE (single required check for branch protection)
	# =============================================================================
	ci-gate:
	name: CI Gate
	runs-on: ubuntu-latest
	if: always()
	needs: [format, quality, build, security, mutation, sbom]
	steps:
	- name: Check required job results
	run: \|
	results=(
	"${{ needs.format.result }}"
	"${{ needs.quality.result }}"
	"${{ needs.build.result }}"
	"${{ needs.security.result }}"
	"${{ needs.mutation.result }}"
	"${{ needs.sbom.result }}"
	)
	for r in "${results[@]}"; do
	if [ "$r" = "failure" ] \|\| [ "$r" = "cancelled" ]; then
	echo "::error::Required job failed or was cancelled: $r"
	exit 1
	fi
	done
	echo "All required jobs passed (or were skipped)."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump the dev-dependencies group across 1 directory with 11 updates #169

Workflow file

chore(deps-dev): bump the dev-dependencies group across 1 directory with 11 updates #169

Uh oh!

Workflow file for this run