Skip to content
🔍 Continuous Integration

chore(deps)(deps): bump the all-dependencies group across 1 directory with 18 updates #549

Sign in to view logs

chore(deps)(deps): bump the all-dependencies group across 1 directory with 18 updates

chore(deps)(deps): bump the all-dependencies group across 1 directory with 18 updates #549

Workflow file for this run

.github/workflows/ci.yml at d2ea77e
name: 🔍 Continuous Integration
on:
push:
branches: [main, master, develop]
pull_request:
branches: [main, master, develop]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# 🧪 Quality Gates
quality:
name: 🛡️ Quality Gates
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: 📥 Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: 🏗️ Setup project
uses: ./.github/actions/setup
- name: 🔍 Lint
run: pnpm lint
- name: 🔷 TypeScript
run: pnpm type-check
- name: 🧪 Tests
run: pnpm test:coverage
- name: 📊 Coverage Report
uses: codecov/codecov-action@v5
if: github.event_name == 'pull_request'
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./packages/pushduck/coverage/lcov.info
# 🏗️ Build & Bundle Analysis
build:
name: 🏗️ Build & Bundle Analysis
runs-on: ubuntu-latest
timeout-minutes: 10
needs: quality
steps:
- name: 📥 Checkout
uses: actions/checkout@v6
- name: 🏗️ Setup project
uses: ./.github/actions/setup
- name: 🏗️ Build packages
run: pnpm build:packages
- name: 📦 Upload build artifacts
uses: actions/upload-artifact@v5
with:
name: build-artifacts
path: |
packages/*/dist
packages/*/build
retention-days: 1
- name: 📊 Bundle size analysis
run: |
cd packages/pushduck
pnpm build:analyze
- name: 📈 Bundle size report
if: github.event_name == 'pull_request'
run: |
echo "## 📦 Bundle Size Analysis" >> $GITHUB_STEP_SUMMARY
cd packages/pushduck
pnpm size-check
# 🔐 Security Audit
security:
name: 🔐 Security Audit
runs-on: ubuntu-latest
timeout-minutes: 5
needs: quality
steps:
- name: 📥 Checkout
uses: actions/checkout@v6
- name: 🏗️ Setup project
uses: ./.github/actions/setup
- name: 🔐 Audit dependencies (pushduck package only)
run: |
# Run full audit (monorepo uses single lockfile) but only fail if pushduck's tree has high/critical vulns
AUDIT_JSON=$(pnpm audit --audit-level high --prod --json 2>/dev/null || true)
PUSHDUCK_VULNS=$(echo "$AUDIT_JSON" | jq -r '[.advisories // {} | to_entries[] | .value.findings[]?.paths[]? | select(startswith("pushduck>"))] | .[]' 2>/dev/null || true)
if [ -n "$PUSHDUCK_VULNS" ]; then
echo "::error::Security: pushduck package has high/critical production vulnerabilities"
echo "$PUSHDUCK_VULNS"
exit 1
fi
echo "Pushduck package: no high/critical production vulnerabilities."
# 🎯 Matrix Testing (multiple Node versions) - Optimized
compatibility:
name: 🎯 Node.js ${{ matrix.node }} Compatibility
runs-on: ubuntu-latest
timeout-minutes: 10
needs: build
strategy:
matrix:
node: ["18", "20", "22"]
steps:
- name: 📥 Checkout
uses: actions/checkout@v6
- name: 🏗️ Setup project
uses: ./.github/actions/setup
with:
node-version: ${{ matrix.node }}
- name: 📦 Download build artifacts
uses: actions/download-artifact@v6
with:
name: build-artifacts
- name: 🧪 Test with Node.js ${{ matrix.node }}
run: pnpm test
# ✅ All checks passed
all-checks:
name: ✅ All Checks Passed
runs-on: ubuntu-latest
needs: [quality, build, security, compatibility]
if: always()
steps:
- name: ✅ Success
if: ${{ !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
run: echo "All checks passed! 🎉"
- name: ❌ Failure
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: |
echo "Some checks failed. Please review the logs above."
exit 1