chore(deps): bump lodash-es from 4.17.21 to 4.17.23 #92
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR CI (Templates) | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| branches: [ main ] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| concurrency: | |
| group: pr-ci-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| changes: | |
| name: Detect Template Changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| node: ${{ steps.filter.outputs.node }} | |
| python: ${{ steps.filter.outputs.python }} | |
| go: ${{ steps.filter.outputs.go }} | |
| java: ${{ steps.filter.outputs.java }} | |
| frontend: ${{ steps.filter.outputs.frontend }} | |
| any: ${{ steps.filter.outputs.any }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - name: Filter | |
| id: filter | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| with: | |
| filters: | | |
| node: | |
| - 'templates/node/**' | |
| python: | |
| - 'templates/python/**' | |
| go: | |
| - 'templates/go/**' | |
| java: | |
| - 'templates/spring-boot/**' | |
| frontend: | |
| - 'templates/frontend/**' | |
| any: | |
| - 'templates/**' | |
| node: | |
| name: Node Template | |
| needs: changes | |
| if: needs.changes.outputs.node == 'true' || needs.changes.outputs.any == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: '22' | |
| cache: npm | |
| cache-dependency-path: templates/node/package.json | |
| - name: Install deps | |
| working-directory: templates/node | |
| run: npm install --no-audit --no-fund | |
| - name: Lint (placeholder) | |
| run: echo 'No lint config yet'; | |
| - name: Smoke run | |
| working-directory: templates/node | |
| run: node src/index.js & sleep 2 && curl -f http://localhost:3001/ || echo 'Sample run complete' | |
| frontend: | |
| name: Next.js Template | |
| needs: changes | |
| if: needs.changes.outputs.frontend == 'true' || needs.changes.outputs.any == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: '20' | |
| cache: npm | |
| cache-dependency-path: templates/frontend/package.json | |
| - name: Install deps | |
| working-directory: templates/frontend | |
| run: npm install --no-audit --no-fund | |
| - name: Build | |
| working-directory: templates/frontend | |
| run: npm run build | |
| python: | |
| name: Python FastAPI Template | |
| needs: changes | |
| if: needs.changes.outputs.python == 'true' || needs.changes.outputs.any == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: '3.12' | |
| cache: 'pip' | |
| cache-dependency-path: templates/python/requirements.txt | |
| - name: Install deps | |
| working-directory: templates/python | |
| run: pip install -r requirements.txt | |
| - name: Import check | |
| working-directory: templates/python | |
| run: python -c "import fastapi, uvicorn" | |
| - name: FastAPI startup (smoke) | |
| working-directory: templates/python | |
| run: | | |
| uvicorn app.main:app --port 3004 & | |
| PID=$! | |
| sleep 2 | |
| curl -f http://127.0.0.1:3004/health || (echo 'health check failed'; kill $PID; exit 1) | |
| kill $PID || true | |
| go: | |
| name: Go Template | |
| needs: changes | |
| if: needs.changes.outputs.go == 'true' || needs.changes.outputs.any == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - name: Build | |
| working-directory: templates/go | |
| run: go build -o service main.go | |
| - name: Run & health | |
| working-directory: templates/go | |
| run: | | |
| ./service & | |
| PID=$! | |
| sleep 2 | |
| curl -f http://127.0.0.1:3002/health || (echo 'no health'; kill $PID; exit 1) | |
| kill $PID || true | |
| java: | |
| name: Spring Boot Template | |
| needs: changes | |
| if: needs.changes.outputs.java == 'true' || needs.changes.outputs.any == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| - name: Set up Temurin JDK | |
| uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| cache: 'maven' | |
| - name: Build (skip tests) | |
| working-directory: templates/spring-boot | |
| run: mvn -B -ntp package -DskipTests | |
| summary: | |
| name: Summary | |
| needs: [node, frontend, python, go, java] | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - name: Report matrix | |
| run: | | |
| echo "Node: ${{ needs.node.result }}" | |
| echo "Frontend: ${{ needs.frontend.result }}" | |
| echo "Python: ${{ needs.python.result }}" | |
| echo "Go: ${{ needs.go.result }}" | |
| echo "Java: ${{ needs.java.result }}" | |
| if [[ '${{ needs.node.result }}' == 'failure' || '${{ needs.frontend.result }}' == 'failure' || '${{ needs.python.result }}' == 'failure' || '${{ needs.go.result }}' == 'failure' || '${{ needs.java.result }}' == 'failure' ]]; then | |
| echo 'One or more template jobs failed.' | |
| exit 1 | |
| fi | |
| echo 'All selected template jobs passed.' |