fix(deps): update dependency next to v14 [security] #18724
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
# Ensure GitHub actions are not run twice for same commits | |
push: | |
branches: [main] | |
pull_request: | |
types: [opened, synchronize, reopened] | |
merge_group: | |
jobs: | |
e2e: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
# Sets an output parameter if this is a release PR | |
- name: Check for release | |
id: release-check | |
# For windows we have to use $env: | |
run: |- | |
echo "IS_RELEASE=true" >> $GITHUB_OUTPUT | |
echo "IS_RELEASE=true" >> $env:GITHUB_OUTPUT | |
if: ${{ startsWith(github.head_ref, 'release-') }} | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- uses: nrwl/nx-set-shas@v3 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Install dependencies | |
run: npm ci | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Install Playwright Browsers | |
run: npx playwright install --with-deps | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: test | |
run: npx nx affected --target=e2e | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: playwright-report | |
path: playwright-report/ | |
retention-days: 30 | |
test: | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macOS-latest, windows-latest] | |
node-version: ['*'] | |
# Must include the minimum deno version from the `DENO_VERSION_RANGE` constant in `node/bridge.ts`. | |
deno-version: ['v1.37.0', 'v1.44.4'] | |
include: | |
- os: ubuntu-latest | |
node-version: '14.16.0' | |
deno-version: 'v1.44.4' | |
fail-fast: false | |
steps: | |
# Increasing the maximum number of open files. See: | |
# https://github.com/actions/virtual-environments/issues/268 | |
- name: Increase open file limit | |
run: sudo ulimit -Sn 65536 | |
if: "${{ matrix.os == 'macOS-latest' }}" | |
- run: git config --global core.symlinks true | |
# Sets an output parameter if this is a release PR | |
- name: Check for release | |
id: release-check | |
# For windows we have to use $env: | |
run: |- | |
echo "IS_RELEASE=true" >> $GITHUB_OUTPUT | |
echo "IS_RELEASE=true" >> $env:GITHUB_OUTPUT | |
if: ${{ startsWith(github.head_ref, 'release-') }} | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- uses: nrwl/nx-set-shas@v3 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Install npm@7 | |
run: npm install -g npm@7 | |
if: ${{ matrix.node-version == '14.16.0' && !steps.release-check.outputs.IS_RELEASE }} | |
- name: Setup Deno | |
uses: denoland/setup-deno@v1 | |
with: | |
deno-version: ${{ matrix.deno-version }} | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Setup Deno dependencies | |
run: deno cache https://deno.land/x/[email protected]/eszip.ts | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.18' | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Install dependencies | |
run: npm ci | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Build | |
run: npx nx affected --target=build | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Tests | |
uses: nick-fields/retry@v3 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
with: | |
timeout_minutes: 30 | |
max_attempts: 3 | |
retry_on: error | |
command: npx nx affected --target=test:ci --exclude=@netlify/build --parallel=3 | |
test-build: | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macOS-latest, windows-latest] | |
node-version: ['*'] | |
install-command: ['npm ci'] | |
machine: ['0', '1', '2', '3', '4'] | |
include: | |
# We test on the oldest supported Node.js version, but only with a | |
# single combination (Ubuntu) | |
- os: ubuntu-latest | |
node-version: '14.16.0' | |
install-command: npm ci | |
machine: '0' | |
- os: ubuntu-latest | |
node-version: '14.16.0' | |
install-command: npm ci | |
machine: '1' | |
- os: ubuntu-latest | |
node-version: '14.16.0' | |
install-command: npm ci | |
machine: '2' | |
- os: ubuntu-latest | |
node-version: '14.16.0' | |
install-command: npm ci | |
machine: '3' | |
- os: ubuntu-latest | |
node-version: '14.16.0' | |
install-command: npm ci | |
machine: '4' | |
# The buildbot pins Netlify Build's dependencies, like `npm ci`. | |
# But other consumers do not, like `npm install`. | |
# So we test both. | |
- os: ubuntu-latest | |
node-version: '*' | |
install-command: npm install --no-package-lock | |
machine: '0' | |
- os: ubuntu-latest | |
node-version: '*' | |
install-command: npm install --no-package-lock | |
machine: '1' | |
- os: ubuntu-latest | |
node-version: '*' | |
install-command: npm install --no-package-lock | |
machine: '2' | |
- os: ubuntu-latest | |
node-version: '*' | |
install-command: npm install --no-package-lock | |
machine: '3' | |
- os: ubuntu-latest | |
node-version: '*' | |
install-command: npm install --no-package-lock | |
machine: '4' | |
fail-fast: false | |
steps: | |
# Sets an output parameter if this is a release PR | |
- name: Check for release | |
id: release-check | |
# For windows we have to use $env: | |
run: |- | |
echo "IS_RELEASE=true" >> $GITHUB_OUTPUT | |
echo "IS_RELEASE=true" >> $env:GITHUB_OUTPUT | |
if: ${{ startsWith(github.head_ref, 'release-') }} | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: setup pnpm/yarn | |
run: corepack enable | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Setup Deno | |
uses: denoland/setup-deno@v1 | |
with: | |
deno-version: v1.44.4 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Install npm@7 | |
run: npm install -g npm@7 | |
if: ${{ matrix.node-version == '14.16.0' && !steps.release-check.outputs.IS_RELEASE }} | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.18' | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Install dependencies | |
run: ${{ matrix.install-command }} | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Build workspaces | |
run: npm run build | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
- name: Tests | |
uses: nick-fields/retry@v3 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
env: | |
# split tests across multiple machines | |
CI_NODE_INDEX: ${{ matrix.machine }} | |
CI_NODE_TOTAL: 4 | |
with: | |
timeout_minutes: 30 | |
max_attempts: 3 | |
retry_on: error | |
command: npx lerna run test:ci --scope @netlify/build | |
- name: Get test coverage flags | |
id: test-coverage-flags | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
# For windows we have to use $env: | |
run: |- | |
os=${{ matrix.os }} | |
node=$(node --version) | |
echo "os=${os/-latest/}" >> $GITHUB_OUTPUT | |
echo "os=${os/-latest/}" >> $env:GITHUB_OUTPUT | |
echo "node=node_${node/.*.*/}" >> $GITHUB_OUTPUT | |
echo "node=node_${node/.*.*/}" >> $env:GITHUB_OUTPUT | |
shell: bash | |
- uses: codecov/codecov-action@v4 | |
if: ${{ !steps.release-check.outputs.IS_RELEASE }} | |
with: | |
files: | |
packages/build/coverage/coverage-final.json, packages/config/coverage/coverage-final.json, | |
packages/cache-utils/coverage/coverage-final.json, packages/function-utils/coverage/coverage-final.json, | |
packages/git-utils/coverage/coverage-final.json, packages/run-utils/coverage/coverage-final.json | |
flags: ${{ steps.test-coverage-flags.outputs.os }},${{ steps.test-coverage-flags.outputs.node }} | |
continue-on-error: true |