Skip to content

feat!: emit defaults to CycloneDX1.6 #2887

feat!: emit defaults to CycloneDX1.6

feat!: emit defaults to CycloneDX1.6 #2887

Workflow file for this run

# For details of what checks are run for PRs please refer below
# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
name: Node CI
on:
push:
branches: [ "master", "next" ]
tags: [ "v*" ]
pull_request:
workflow_dispatch:
schedule:
# schedule daily tests, since dependencies are not intended to be locked
# this means: at 23:42 every day
- cron: '42 23 * * *'
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}'
cancel-in-progress: true
env:
REPORTS_DIR: CI_reports
NODE_ACTIVE_LTS: "20" # https://nodejs.org/en/about/releases/
TESTS_REPORTS_ARTIFACT: tests-reports
jobs:
build:
name: build ${{ matrix.target }}
runs-on: "ubuntu-latest"
timeout-minutes: 30
steps:
- name: Checkout
# see https://github.com/actions/checkout
uses: actions/checkout@v4
- name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
# see https://github.com/actions/setup-node
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_ACTIVE_LTS }}
# cache: "npm"
# cache-dependency-path: "**/package-lock.json"
- name: setup project
run: npm i --ignore-scripts
- name: build ${{ matrix.target }}
run: npm run build
- name: artifact build result
# see https://github.com/actions/upload-artifact
uses: actions/upload-artifact@v4
with:
name: dist
path: dist
if-no-files-found: error
test-standard:
name: test standard
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout
# see https://github.com/actions/checkout
uses: actions/checkout@v4
- name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
# see https://github.com/actions/setup-node
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_ACTIVE_LTS }}
# cache: "npm"
# cache-dependency-path: "**/package-lock.json"
- name: setup project
run: npm i --ignore-scripts
- name: test
run: npm run test:standard
test-jest:
needs: [ 'build' ]
name: test:Jest (node${{ matrix.node-version }}, ${{ matrix.os }})
timeout-minutes: 30
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ "ubuntu-latest" ]
node-version:
# action based on https://github.com/actions/node-versions/releases
# see also: https://nodejs.org/en/about/previous-releases
- "22.4" # current -- pinned for https://github.com/npm/cli/issues/7666
- "20" # active LTS
- "18"
- '16'
- "14"
- "14.0.0" # lowest supported
steps:
- name: Checkout
# see https://github.com/actions/checkout
uses: actions/checkout@v4
- name: Setup Node.js ${{ matrix.node-version }}
# see https://github.com/actions/setup-node
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
# cache: "npm"
# cache-dependency-path: "**/package-lock.json"
- # some integration tests require a certain npm version to be installable
name: update npm
run: |-
npm i -g npm@^8
npm --version
- name: enable yarn
if: "matrix.node-version != '14.0.0'" # yarn14 has broken corepack
run: |-
corepack enable yarn
yarn --version
- name: install project
shell: bash
run: |
set -ex
dep_constraints=''
dev_requirements='c8 jest jest-junit imurmurhash fast-glob'
# as long as npm cannot auto-resolve engine-constraints, we need to help here
case '${{ matrix.node-version }}' in
'14')
dep_constraints='normalize-package-data@^5'
;;
'14.0.0')
dep_constraints='normalize-package-data@^3'
dev_requirements='c8@^8 jest@^26 jest-junit imurmurhash fast-glob'
# cannot run snapshot-compare with old versions ...
rm -rf tests/integration/__snapshots__/
;;
esac
## !! dont install all the dev-packages, especially since some are not runnable on node 14.0.0
if [[ -n "$dep_constraints" ]]
then
npm add --ignore-scripts --omit=peer --omit=dev --only=prod --production --loglevel=silly --save $dep_constraints
fi
npm i --ignore-scripts --omit=peer --omit=dev --only=prod --production --loglevel=silly
## rebuild deps for which scripts were ignored, or partially installed - since "ignore-scripts" was used
npm rebuild --loglevel=silly libxmljs2 || npm uninstall --no-save libxmljs2 || true
## install the needed dev-deps
npm i --ignore-scripts --loglevel=silly --no-save $dev_requirements
- name: fetch build artifact
# see https://github.com/actions/download-artifact
uses: actions/download-artifact@v4
with:
name: dist
path: dist
- name: setup test beds
run: npm run setup-tests
- name: artifact npm errors
if: ${{ failure() }}
# see https://github.com/actions/upload-artifact
uses: actions/upload-artifact@v4
with:
name: 'npm-errors_${{ matrix.os }}_node${{ matrix.node-version }}'
path: '/home/runner/.npm/_logs/*.log'
if-no-files-found: ignore
retention-days: 7
- name: test
run: npm run test:jest
env:
JEST_JUNIT_OUTPUT_DIR: ${{ env.REPORTS_DIR }}/${{ matrix.os }}_node${{ matrix.node-version }}
- name: collect coverage
if: ${{ failure() || success() }}
run: >
node -- node_modules/c8/bin/c8.js
report
--reporter clover
--reports-dir '${{ env.REPORTS_DIR }}/coverage/${{ matrix.os }}_node${{ matrix.node-version }}'
- name: artifact test reports
if: ${{ ! cancelled() }}
# see https://github.com/actions/upload-artifact
uses: actions/upload-artifact@v4
with:
name: '${{ env.TESTS_REPORTS_ARTIFACT }}_${{ matrix.os }}_node${{ matrix.node-version }}'
path: ${{ env.REPORTS_DIR }}
test-examples:
needs: [ 'build' ]
name: Example ${{ matrix.scope }}
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
scope:
- simple
env:
EXAMPLE_DIR: examples/${{ matrix.scope }}
steps:
- name: Checkout
# see https://github.com/actions/checkout
uses: actions/checkout@v4
- name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
# see https://github.com/actions/setup-node
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_ACTIVE_LTS }}
# cache: "npm"
# cache-dependency-path: "**/package-lock.json"
- name: fetch build artifact
# see https://github.com/actions/download-artifact
uses: actions/download-artifact@v4
with:
name: dist
path: dist
- name: setup example
working-directory: ${{ env.EXAMPLE_DIR }}
run: npm i --install-links --loglevel=silly
- name: build example
working-directory: ${{ env.EXAMPLE_DIR }}
run: npm run build
report-coverage:
name: Publish test coverage
needs:
- test-jest
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: fetch test artifacts
# see https://github.com/actions/download-artifact
uses: actions/download-artifact@v4
with:
pattern: '${{ env.TESTS_REPORTS_ARTIFACT }}_*'
merge-multiple: true
path: ${{ env.REPORTS_DIR }}
- name: Run codacy-coverage-reporter
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
if: ${{ env.CODACY_PROJECT_TOKEN != '' }}
# see https://github.com/codacy/codacy-coverage-reporter-action
uses: codacy/codacy-coverage-reporter-action@v1
with:
project-token: ${{ env.CODACY_PROJECT_TOKEN }}
coverage-reports: ${{ env.REPORTS_DIR }}/coverage/*/*