Pin GitHub Actions to SHA references for supply chain security #169

	name: CI

	on:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main

	permissions:
	contents: read

	jobs:
	test-typescript:
	name: TypeScript Unit Tests
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
	with:
	node-version: '20'
	cache: 'npm'
	- run: npm ci
	- run: npm test

	check-dist:
	name: Check dist/
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

	- name: Setup Node.js
	uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
	with:
	node-version: 20
	cache: npm

	- name: Install Dependencies
	run: npm ci

	- name: Build dist/ Directory
	run: npm run all

	# This will fail the workflow if the `dist/` directory is different than
	# expected.
	- name: Compare Directories
	id: diff
	run: \|
	if [ ! -d dist/ ]; then
	echo "Expected dist/ directory does not exist. See status below:"
	ls -la ./
	exit 1
	fi
	if [ "$(git diff --ignore-space-at-eol --text dist/ \| wc -l)" -gt "0" ]; then
	echo "Detected uncommitted changes after build. See status below:"
	git diff --ignore-space-at-eol --text dist/
	exit 1
	fi

	# If `dist/` was different than expected, upload the expected version as a
	# workflow artifact.
	- if: ${{ failure() && steps.diff.outcome == 'failure' }}
	name: Upload Artifact
	id: upload
	uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
	with:
	name: dist
	path: dist/

Provide feedback