name: CI on: pull_request: push: branches: - main - next concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true env: HUSKY: 0 # https://typicode.github.io/husky/how-to.html#ci-server-and-docker jobs: lint: runs-on: ubuntu-latest name: Lint steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Shared setup uses: ./.github/actions/setup - run: pnpm run lint test: runs-on: ubuntu-latest name: Test strategy: matrix: node: [20, 22, 24] steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Shared setup uses: ./.github/actions/setup - run: pnpm run build - run: pnpm run build-fixtures - run: pnpm run test publish: needs: [lint, test] if: contains('refs/heads/main OR refs/heads/next', github.ref) runs-on: ubuntu-latest name: Publish permissions: contents: write # to be able to publish a GitHub release issues: write # to be able to comment on released issues pull-requests: write # to be able to comment on released pull requests id-token: write # to enable use of OIDC for npm provenance attestations: write # for attest build provenance strategy: matrix: node: [24] steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: egress-policy: audit - name: Shared setup uses: ./.github/actions/setup - run: pnpm run build - uses: actions/attest-build-provenance@v3 with: subject-path: 'dist/**' - run: pnpm run release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}