Bump react-dom and @types/react-dom #487
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI — Validates linting and runs CodeQL analysis on PRs and pushes to develop. | |
| # | |
| # This workflow does not publish artifacts. For snapshot and release publishing, | |
| # see Deploy Snapshot and Deploy Release. | |
| name: CI | |
| on: | |
| push: | |
| branches: [ "develop" ] | |
| pull_request: | |
| branches: [ "develop" ] | |
| schedule: | |
| - cron: '23 10 * * 4' | |
| jobs: | |
| lint: | |
| # No need / benefit to run lint on a schedule. | |
| if: github.event_name != 'schedule' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'yarn' | |
| - name: Configure Font Awesome registry auth | |
| env: | |
| FONTAWESOME_PACKAGE_TOKEN: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }} | |
| run: echo "//npm.fontawesome.com/:_authToken=$FONTAWESOME_PACKAGE_TOKEN" >> .npmrc | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Lint | |
| run: yarn lint | |
| # Gates merges on a clean production-dependency audit for high and | |
| # critical advisories. Low / moderate findings still appear in the | |
| # step log but do not fail the build - they accumulate as a known | |
| # noise floor rather than blocking unrelated PRs the moment a new | |
| # advisory drops. | |
| - name: Audit production dependencies | |
| run: | | |
| set +e | |
| yarn audit --groups dependencies | |
| EXIT_CODE=$? | |
| # yarn audit exit code is a severity bitmask: | |
| # 1=info, 2=low, 4=moderate, 8=high, 16=critical | |
| if [ $((EXIT_CODE & 24)) -ne 0 ]; then | |
| echo "::error::High or critical vulnerabilities found in production dependencies" | |
| exit 1 | |
| fi | |
| echo "::notice::No high or critical vulnerabilities (raw exit code: $EXIT_CODE)" | |
| codeql: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: javascript | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@v4 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 |