-
-
Notifications
You must be signed in to change notification settings - Fork 58
141 lines (123 loc) · 4.11 KB
/
check-npm-dependencies-task.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-npm-dependencies-task.md
name: Check npm Dependencies
env:
# See: https://github.com/actions/setup-node/#readme
NODE_VERSION: 20.x
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
on:
create:
push:
paths:
- ".github/workflows/check-npm-dependencies-task.ya?ml"
- ".licenses/**"
- ".licensed.json"
- ".licensed.ya?ml"
- "Taskfile.ya?ml"
- "**/.gitmodules"
- "**/package.json"
- "**/package-lock.json"
pull_request:
paths:
- ".github/workflows/check-npm-dependencies-task.ya?ml"
- ".licenses/**"
- ".licensed.json"
- ".licensed.ya?ml"
- "Taskfile.ya?ml"
- "**/.gitmodules"
- "**/package.json"
- "**/package-lock.json"
schedule:
# Run periodically to catch breakage caused by external changes.
- cron: "0 8 * * WED"
workflow_dispatch:
repository_dispatch:
jobs:
run-determination:
runs-on: ubuntu-latest
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
- name: Determine if the rest of the workflow should run
id: determination
run: |
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
if [[
"${{ github.event_name }}" != "create" ||
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
]]; then
# Run the other jobs.
RESULT="true"
else
# There is no need to run the other jobs.
RESULT="false"
fi
echo "result=$RESULT" >> $GITHUB_OUTPUT
check-cache:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install licensed
uses: jonabc/setup-licensed@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Install Task
uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Update dependencies license metadata cache
run: task --silent general:cache-dep-licenses
- name: Check for outdated cache
id: diff
run: |
git add .
if ! git diff --cached --color --exit-code; then
echo
echo "::error::Dependency license metadata out of sync. See: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-dependencies-task.md#metadata-cache"
exit 1
fi
# Some might find it convenient to have CI generate the cache rather than setting up for it locally
- name: Upload cache to workflow artifact
if: failure() && steps.diff.outcome == 'failure'
uses: actions/upload-artifact@v3
with:
if-no-files-found: error
include-hidden-files: true
name: dep-licenses-cache
path: .licenses/
check-deps:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install licensed
uses: jonabc/setup-licensed@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Install Task
uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Check for dependencies with unapproved licenses
run: task --silent general:check-dep-licenses