Bump the typescript-eslint group with 2 updates #1261

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	- release
	tags:
	- "beta-v*"
	pull_request:
	branches:
	- main

	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:
	# Schedule
	schedule:
	- cron: "0 8 * * MON,THU" # Run every Monday and Thursday at 08:00 UTC

	jobs:
	ci:
	runs-on: ubuntu-latest
	outputs:
	NPM_VERSION: ${{ steps.version.outputs.NPM_VERSION }}
	PUBLISH_TAG: ${{ steps.version.outputs.PUBLISH_TAG }}
	IMAGE_SUFFIX: ${{ steps.version.outputs.IMAGE_SUFFIX }}
	strategy:
	matrix:
	node-version: [20]

	steps:
	- uses: actions/checkout@v4
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	cache: "npm"
	check-latest: true
	- run: npm install
	- run: npm run check-format
	- run: npm run prepublish
	- run: npm run test
	- id: version
	run: \|
	npm install -g json
	RETRACED_VERSION=$(echo $(cat ./package.json) \| json version)

	publishTag="latest"
	imageSuffix=""

	if [[ "$GITHUB_REF" == *\/release ]]
	then
	echo "Release branch"
	else
	echo "Dev branch"
	publishTag="beta"
	imageSuffix="-beta"
	RETRACED_VERSION="${RETRACED_VERSION}-beta.${GITHUB_RUN_NUMBER}"
	fi

	echo "NPM_VERSION=${RETRACED_VERSION}" >> $GITHUB_OUTPUT
	echo "PUBLISH_TAG=${publishTag}" >> $GITHUB_OUTPUT
	echo "IMAGE_SUFFIX=${imageSuffix}" >> $GITHUB_OUTPUT

	build:
	needs: ci
	runs-on: ubuntu-latest
	steps:
	- name: Check Out Repo
	uses: actions/checkout@v4

	- run: echo ${{ needs.ci.outputs.NPM_VERSION }}
	- run: echo ${{ needs.ci.outputs.IMAGE_SUFFIX }}

	- name: Get short SHA
	id: slug
	run: echo "SHA7=$(echo ${GITHUB_SHA} \| cut -c1-7)" >> $GITHUB_OUTPUT

	- name: Login to GitHub Container Registry
	if: github.ref == 'refs/heads/release'
	run: \|
	echo "${{secrets.GITHUB_TOKEN}}" \| docker login ghcr.io -u ${{github.repository_owner}} --password-stdin

	- name: Install Cosign
	if: github.ref == 'refs/heads/release'
	uses: sigstore/cosign-installer@main

	- name: Check install!
	if: github.ref == 'refs/heads/release'
	run: cosign version

	- name: place the cosign private key in a file
	if: github.ref == 'refs/heads/release'
	run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
	shell: bash
	env:
	COSIGN_KEY: ${{secrets.COSIGN_KEY}}

	- name: Create NPM Package SBOM Report [SPDX]
	uses: anchore/sbom-action@v0
	with:
	format: spdx
	artifact-name: sbom.spdx
	upload-artifact-retention: 1
	- name: Publish report [SPDX]
	uses: anchore/sbom-action/publish-sbom@v0
	with:
	sbom-artifact-match: ".*\\.spdx$"
	- name: Create NPM Pacakge SBOM Report [CycloneDx]
	uses: anchore/sbom-action@v0
	with:
	format: cyclonedx
	artifact-name: sbom.cyclonedx
	upload-artifact-retention: 1
	- name: Publish report [CycloneDx]
	uses: anchore/sbom-action/publish-sbom@v0
	with:
	sbom-artifact-match: ".*\\.cyclonedx$"

	- name: Remove older SBOMs
	if: github.ref == 'refs/heads/release'
	run: rm -rf sbom. \|\| true

	- name: Download artifact for SPDX Report
	if: github.ref == 'refs/heads/release'
	uses: actions/download-artifact@v4
	with:
	name: sbom.spdx

	- name: Download artifact for CycloneDx Report
	if: github.ref == 'refs/heads/release'
	uses: actions/download-artifact@v4
	with:
	name: sbom.cyclonedx

	- name: ORAS Setup
	if: github.ref == 'refs/heads/release'
	run: \|
	ORAS_VERSION="v0.8.1"
	ORAS_FILENAME="oras_0.8.1_linux_amd64.tar.gz"
	curl -LO "https://github.com/oras-project/oras/releases/download/${ORAS_VERSION}/${ORAS_FILENAME}"
	mkdir oras_install
	tar -xvf "${ORAS_FILENAME}" -C oras_install
	./oras_install/oras push ghcr.io/${{github.repository}}/sbom${{ needs.ci.outputs.IMAGE_SUFFIX }}:npm-${{ needs.ci.outputs.NPM_VERSION }} ./sbom.
	cd ..

	- name: Push SBOM reports to GitHub Container Registry & Sign the sbom images
	if: github.ref == 'refs/heads/release'
	run: \|
	result=$(./oras_install/oras push ghcr.io/${{github.repository}}/sbom${{ needs.ci.outputs.IMAGE_SUFFIX }}:npm-${{ needs.ci.outputs.NPM_VERSION }} ./sbom.)
	ORAS_DIGEST=$(echo $result \| grep -oE 'sha256:[a-f0-9]{64}')
	if [ -z "$ORAS_DIGEST" ]; then
	echo "Error: ORAS_DIGEST is empty"
	exit 1
	fi
	cd ..
	cosign sign -y --key /tmp/cosign.key ghcr.io/${{github.repository}}/sbom${{ needs.ci.outputs.IMAGE_SUFFIX }}@${ORAS_DIGEST}
	env:
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

	publish:
	needs: [ci, build]
	runs-on: ubuntu-latest

	strategy:
	matrix:
	node-version: [20]

	steps:
	- uses: actions/checkout@v4
	- run: echo ${{ needs.ci.outputs.NPM_VERSION }}
	- run: echo ${{ needs.ci.outputs.PUBLISH_TAG }}

	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v4
	with:
	always-auth: true
	node-version: ${{ matrix.node-version }}
	registry-url: https://registry.npmjs.org
	scope: "@retracedhq"
	cache: "npm"
	- run: npm install
	working-directory: ./

	- name: Publish NPM
	if: github.ref == 'refs/heads/release' \|\| contains(github.ref, 'refs/tags/beta-v')
	run: \|
	npm install -g json
	RETRACED_VERSION=${{ needs.ci.outputs.NPM_VERSION }}
	json -I -f package.json -e "this.main=\"lib/index.js\""
	json -I -f package.json -e "this.types=\"lib/index.d.ts\""
	json -I -f package.json -e "this.version=\"${RETRACED_VERSION}\""

	npm publish --tag ${{ needs.ci.outputs.PUBLISH_TAG }} --access public
	working-directory: ./
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the typescript-eslint group with 2 updates #1261

Workflow file

Bump the typescript-eslint group with 2 updates #1261

Jobs

Run details

Workflow file for this run