chore: update dependency audit level in CI workflow #394
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 🔍 Continuous Integration | |
| on: | |
| push: | |
| branches: [main, master, develop] | |
| pull_request: | |
| branches: [main, master, develop] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # 🧪 Quality Gates | |
| quality: | |
| name: 🛡️ Quality Gates | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: 📥 Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: 🏗️ Setup project | |
| uses: ./.github/actions/setup | |
| - name: 🔍 Lint | |
| run: pnpm lint | |
| - name: 🔷 TypeScript | |
| run: pnpm type-check | |
| - name: 🧪 Tests | |
| run: pnpm test:coverage | |
| - name: 📊 Coverage Report | |
| uses: codecov/codecov-action@v5 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./packages/pushduck/coverage/lcov.info | |
| # 🏗️ Build & Bundle Analysis | |
| build: | |
| name: 🏗️ Build & Bundle Analysis | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: quality | |
| steps: | |
| - name: 📥 Checkout | |
| uses: actions/checkout@v4 | |
| - name: 🏗️ Setup project | |
| uses: ./.github/actions/setup | |
| - name: 🏗️ Build packages | |
| run: pnpm build:packages | |
| - name: 📦 Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| packages/*/dist | |
| packages/*/build | |
| retention-days: 1 | |
| - name: 📊 Bundle size analysis | |
| run: | | |
| cd packages/pushduck | |
| pnpm build:analyze | |
| - name: 📈 Bundle size report | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| echo "## 📦 Bundle Size Analysis" >> $GITHUB_STEP_SUMMARY | |
| cd packages/pushduck | |
| pnpm size-check | |
| # 🔐 Security Audit | |
| security: | |
| name: 🔐 Security Audit | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| needs: quality | |
| steps: | |
| - name: 📥 Checkout | |
| uses: actions/checkout@v4 | |
| - name: 🏗️ Setup project | |
| uses: ./.github/actions/setup | |
| - name: 🔐 Audit dependencies | |
| run: pnpm audit --audit-level high | |
| # 🎯 Matrix Testing (multiple Node versions) - Optimized | |
| compatibility: | |
| name: 🎯 Node.js ${{ matrix.node }} Compatibility | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: build | |
| strategy: | |
| matrix: | |
| node: ["18", "20", "22"] | |
| steps: | |
| - name: 📥 Checkout | |
| uses: actions/checkout@v4 | |
| - name: 🏗️ Setup project | |
| uses: ./.github/actions/setup | |
| with: | |
| node-version: ${{ matrix.node }} | |
| - name: 📦 Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| - name: 🧪 Test with Node.js ${{ matrix.node }} | |
| run: pnpm test | |
| # ✅ All checks passed | |
| all-checks: | |
| name: ✅ All Checks Passed | |
| runs-on: ubuntu-latest | |
| needs: [quality, build, security, compatibility] | |
| if: always() | |
| steps: | |
| - name: ✅ Success | |
| if: ${{ !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} | |
| run: echo "All checks passed! 🎉" | |
| - name: ❌ Failure | |
| if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
| run: | | |
| echo "Some checks failed. Please review the logs above." | |
| exit 1 |