chore(deps): bump croner from 9.0.0 to 10.0.1 #111
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| # Pinning action SHAs follows the same convention as tpsdev-ai/cli and | |
| # tpsdev-ai/flair: prevents a compromised tag from running arbitrary code. | |
| # The trailing `# v<X>` comment is the human-readable version reference. | |
| # | |
| # `sfw bun install` wraps install with Socket Firewall — an ephemeral | |
| # HTTP proxy that blocks known-malicious packages before they're fetched. | |
| # Complements bunfig.toml's minimumReleaseAge: age-gate catches the | |
| # "compromised, not yet detected" window, sfw catches confirmed malware | |
| # regardless of age. Belt + suspenders. | |
| jobs: | |
| build: | |
| name: Build (TypeScript strict) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 | |
| - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 | |
| with: | |
| bun-version: "1.3.10" | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: "22" | |
| - uses: socketdev/action@ba6de6cc0565af1f42295590380973573297e31f # v1.3.2 | |
| with: | |
| mode: firewall-free | |
| - name: Check workspace internal-dep lockstep | |
| # Catches the bug shape where a workspace package declares an | |
| # internal @tpsdev-ai/* dep at a version different from what it | |
| # ships. Local dev hides it (bun symlinks); consumers don't. | |
| run: node scripts/check-workspace-deps.mjs | |
| - run: sfw bun install --frozen-lockfile | |
| - run: bun run lint | |
| - run: bun run typecheck | |
| - run: bun run build | |
| test: | |
| name: Unit Tests | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 | |
| - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 | |
| with: | |
| bun-version: "1.3.10" | |
| - uses: socketdev/action@ba6de6cc0565af1f42295590380973573297e31f # v1.3.2 | |
| with: | |
| mode: firewall-free | |
| - run: sfw bun install --frozen-lockfile | |
| - run: bun run build | |
| - run: bun run test | |
| audit: | |
| name: Dependency Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 | |
| - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 | |
| with: | |
| bun-version: "1.3.10" | |
| - uses: socketdev/action@ba6de6cc0565af1f42295590380973573297e31f # v1.3.2 | |
| with: | |
| mode: firewall-free | |
| - run: sfw bun install --frozen-lockfile | |
| - name: Check for known vulnerabilities | |
| run: bun audit |