chore(deps): update all non-major dependencies #264
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| jobs: | |
| # Dependency review for supply chain security (PRs only) | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| permissions: | |
| contents: read | |
| steps: | |
| # Pin to SHA for supply chain security | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| node-version: [18, 20, 22, 24] | |
| steps: | |
| # Pin to SHA for supply chain security | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Verify dist is not committed | |
| run: | | |
| if [ -d dist ]; then | |
| echo "Error: dist/ directory should not be committed to git" | |
| exit 1 | |
| fi | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - run: npm ci | |
| - name: Biome CI check | |
| run: npx biome ci . | |
| - run: npm run build | |
| - name: Verify build artifacts | |
| run: | | |
| test -f dist/rouge.js || (echo "Missing dist/rouge.js" && exit 1) | |
| test -f dist/rouge.mjs || (echo "Missing dist/rouge.mjs" && exit 1) | |
| test -f dist/rouge.d.ts || (echo "Missing dist/rouge.d.ts" && exit 1) | |
| - run: npm test | |
| ci-success: | |
| name: CI Success | |
| runs-on: ubuntu-latest | |
| needs: [dependency-review, build] | |
| if: always() | |
| timeout-minutes: 5 | |
| permissions: | |
| checks: read | |
| statuses: read | |
| steps: | |
| - name: Wait for all PR checks to complete | |
| uses: promptfoo/.github/.github/actions/ci-success@10fb60ee3167be1ffffaff46b0ad23ea66ab0d33 # main | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| timeout-seconds: 300 |