From 2df9ed29a4ac697630174a9a5fc9d14f359407d4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Nov 2023 08:00:40 +0000 Subject: [PATCH] ci: align CI configuration see: https://github.com/loopbackio/cicd/issues/89 see: https://github.com/loopbackio/cicd/issues/83 see: https://github.com/loopbackio/security/issues/87 see: https://github.com/loopbackio/security/issues/26 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/continuous-integration.yml | 52 ++++++++++++++------ 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 73cacfc3..55148034 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -9,8 +9,7 @@ on: schedule: - cron: '0 2 * * 1' # At 02:00 on Monday -env: - NODE_OPTIONS: --max-old-space-size=4096 +permissions: {} jobs: test: @@ -19,24 +18,30 @@ jobs: strategy: matrix: os: [ubuntu-latest] - node-version: [16, 18] + node-version: [16, 18, 20] include: - os: macos-latest - node-version: 16 # LTS + node-version: 20 # LTS + - os: window-latest + node-version: 20 # LTS fail-fast: false runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + if: ${{ strategy.os == 'ubuntu-latest' }} + with: + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: node-version: ${{ matrix.node-version }} - name: Bootstrap project run: | npm ci --ignore-scripts - - uses: Yuri6037/Action-FakeTTY@v1.1 + - uses: Yuri6037/Action-FakeTTY@1abc69c7d530815855caedcd73842bae5687c1a6 # v1.1 - name: Run tests run: faketty npm test --ignore-scripts @@ -44,11 +49,15 @@ jobs: name: Code Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 - - name: Use Node.js 16 - uses: actions/setup-node@v3 + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + if: ${{ strategy.os == 'ubuntu-latest' }} + with: + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Use Node.js 20 + uses: actions/setup-node@v4 with: - node-version: 16 + node-version: 20 - name: Bootstrap project run: | npm ci --ignore-scripts @@ -60,15 +69,26 @@ jobs: runs-on: ubuntu-latest if: ${{ github.event.pull_request }} steps: - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + if: ${{ strategy.os == 'ubuntu-latest' }} + with: + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - name: Use Node.js 16 - uses: actions/setup-node@v3 + - name: Use Node.js 20 + uses: actions/setup-node@v4 with: - node-version: 16 + node-version: 20 - name: Bootstrap project run: | npm ci --ignore-scripts - name: Verify commit linting - run: npx commitlint --from origin/master --to HEAD --verbose + run: | + npm run \ + --no-install \ + commitlint \ + --from origin/master \ + --to HEAD \ + --verbose +