Skip to content

Harden publish

Harden publish #3550

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
# we call `pnpm playwright install` instead
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1'
# cancel in-progress runs on new commits to same PR (gitub.event.number)
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.sha }}
cancel-in-progress: true
# use min permissions
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
# "checks" job runs on linux + node lts only and checks that install, build, lint and audit work
# it also primes the pnpm store cache for linux, important for downstream tests
checks:
timeout-minutes: 5
runs-on: ${{ matrix.os }}
strategy:
matrix:
# pseudo-matrix for convenience, NEVER use more than a single combination
node: [24]
os: [ubuntu-latest]
steps:
- name: Harden the runner
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
release-assets.githubusercontent.com:443
registry.npmjs.org:443
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: 'false'
- uses: ./.github/actions/setup-node
with:
node-version: ${{ matrix.node }}
- name: sync
run: pnpm -r sync # required to ensure sveltekit test project have tsconfig.json which may be required by the checks below
- name: format
run: pnpm check:format
- name: lint
if: (${{ success() }} || ${{ failure() }})
run: pnpm check:lint
- name: types
if: (${{ success() }} || ${{ failure() }})
run: pnpm check:types
- name: audit
if: (${{ success() }} || ${{ failure() }})
run: pnpm check:audit
- name: publint
if: (${{ success() }} || ${{ failure() }})
run: pnpm check:publint
- name: generated types are up to date
if: (${{ success() }} || ${{ failure() }})
run: pnpm generate:types && [ "`git status --porcelain=v1`" == "" ]
# "test" job runs on linux, windows, mac with node active lts and linux with node maintenance lts
test:
timeout-minutes: 10
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
node: [22]
os: [ubuntu-latest, macos-latest, windows-latest]
vite: ['current']
svelte: ['current']
include:
- node: 20
os: ubuntu-latest
vite: 'current'
svelte: 'current'
- node: 24
os: ubuntu-latest
vite: 'current'
svelte: 'current'
# baseline test lowest svelte, vite and node version
- node: 20.19
os: ubuntu-latest
vite: 'baseline'
svelte: 'baseline'
# future test with rolldown-vite
- node: 24
os: ubuntu-latest
vite: 'rolldown-vite'
svelte: 'current'
steps:
- name: Harden the runner
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
release-assets.githubusercontent.com:443
registry.npmjs.org:443
cdn.playwright.dev:443
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: 'false'
- uses: ./.github/actions/setup-node
with:
node-version: ${{ matrix.node }}
- name: downgrade vite to baseline
if: matrix.vite == 'baseline'
run: |
pnpm update -r --no-save [email protected]
pnpm ls vite
- name: downgrade svelte to baseline
if: matrix.svelte == 'baseline'
run: |
pnpm update -r --no-save [email protected]
pnpm ls svelte
- name: update vite to rolldown-vite
if: matrix.vite == 'rolldown-vite'
run: |
pnpm update -r --no-save vite@npm:rolldown-vite@latest
pnpm ls rolldown-vite
- name: install playwright chromium
run: pnpm playwright install chromium
- name: run tests
run: pnpm test
- name: check-types with rolldown-vite
if: matrix.vite == 'rolldown-vite'
run: pnpm check:types
- name: archive tests temp directory
if: failure()
shell: bash
run: tar -cvf test-temp.tar --exclude="node_modules" temp/
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: failure()
with:
name: test-failure-${{github.run_id}}-os_${{ matrix.os }}-node_${{ matrix.node }}-vite_${{ matrix.vite }}-svelte_${{matrix.svelte}}
path: |
test-temp.tar
pnpm-debug.log