Merge pull request #10 from JairajJangle/snyk-fix-ddfb04833d5b61b8c8f… #35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| merge_group: | |
| types: | |
| - checks_requested | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Lint files | |
| run: yarn lint | |
| - name: Typecheck files | |
| run: yarn typecheck | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Run unit tests | |
| run: yarn test --maxWorkers=2 --coverage | |
| build-library: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Build package | |
| run: yarn prepare | |
| build-android: | |
| runs-on: ubuntu-latest | |
| env: | |
| TURBO_CACHE_DIR: .turbo/android | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Cache turborepo for Android | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ env.TURBO_CACHE_DIR }} | |
| key: ${{ runner.os }}-turborepo-android-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-turborepo-android- | |
| - name: Check turborepo cache for Android | |
| run: | | |
| TURBO_CACHE_STATUS=$(node -p "($(yarn turbo run build:android --cache-dir="${{ env.TURBO_CACHE_DIR }}" --dry=json)).tasks.find(t => t.task === 'build:android').cache.status") | |
| if [[ $TURBO_CACHE_STATUS == "HIT" ]]; then | |
| echo "turbo_cache_hit=1" >> $GITHUB_ENV | |
| fi | |
| - name: Install JDK | |
| if: env.turbo_cache_hit != 1 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'zulu' | |
| java-version: '17' | |
| - name: Finalize Android SDK | |
| if: env.turbo_cache_hit != 1 | |
| run: | | |
| /bin/bash -c "yes | $ANDROID_HOME/cmdline-tools/latest/bin/sdkmanager --licenses > /dev/null" | |
| - name: Cache Gradle | |
| if: env.turbo_cache_hit != 1 | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/wrapper | |
| ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('example/android/gradle/wrapper/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build example for Android | |
| env: | |
| JAVA_OPTS: "-XX:MaxHeapSize=6g" | |
| run: | | |
| yarn turbo run build:android --cache-dir="${{ env.TURBO_CACHE_DIR }}" | |
| build-ios: | |
| runs-on: macos-latest | |
| env: | |
| TURBO_CACHE_DIR: .turbo/ios | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Cache turborepo for iOS | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ env.TURBO_CACHE_DIR }} | |
| key: ${{ runner.os }}-turborepo-ios-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-turborepo-ios- | |
| - name: Check turborepo cache for iOS | |
| run: | | |
| TURBO_CACHE_STATUS=$(node -p "($(yarn turbo run build:ios --cache-dir="${{ env.TURBO_CACHE_DIR }}" --dry=json)).tasks.find(t => t.task === 'build:ios').cache.status") | |
| if [[ $TURBO_CACHE_STATUS == "HIT" ]]; then | |
| echo "turbo_cache_hit=1" >> $GITHUB_ENV | |
| fi | |
| - name: Cache cocoapods | |
| if: env.turbo_cache_hit != 1 | |
| id: cocoapods-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| **/ios/Pods | |
| key: ${{ runner.os }}-cocoapods-${{ hashFiles('example/ios/Podfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cocoapods- | |
| - name: Install cocoapods | |
| if: env.turbo_cache_hit != 1 && steps.cocoapods-cache.outputs.cache-hit != 'true' | |
| run: | | |
| cd example/ios | |
| pod install | |
| env: | |
| NO_FLIPPER: 1 | |
| - name: Build example for iOS | |
| run: | | |
| yarn turbo run build:ios --cache-dir="${{ env.TURBO_CACHE_DIR }}" 2>&1 | grep -i error > ios_errorlog.txt | |
| - name: Upload iOS error log | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ios-error-log | |
| path: ios_errorlog.txt | |
| publish-npm: | |
| needs: [lint, test, build-library, build-android, build-ios] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # To publish a GitHub release | |
| issues: write # To comment on released issues | |
| pull-requests: write # To comment on released pull requests | |
| id-token: write # To enable use of OIDC for npm provenance | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Ensures all tags are fetched | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "lts/*" # Use the latest LTS version of Node.js | |
| registry-url: 'https://registry.npmjs.org/' # Specify npm registry | |
| - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies | |
| run: npm audit signatures # Check the signatures to verify integrity | |
| - name: Release | |
| run: npx semantic-release # Run semantic-release to manage versioning and publishing | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub token for authentication | |
| # Why NODE_AUTH_TOKEN instead of NPM_TOKEN: https://github.com/semantic-release/semantic-release/issues/2313 | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # npm token for publishing package |