Skip to content

meta: bump the lint group with 2 updates #527

meta: bump the lint group with 2 updates

meta: bump the lint group with 2 updates #527

Workflow file for this run

# Security Notes
# Only selected Actions are allowed within this repository. Please refer to (https://github.com/nodejs/nodejs.org/settings/actions)
# for the full list of available actions. If you want to add a new one, please reach out a maintainer with Admin permissions.
# REVIEWERS, please always double-check security practices before merging a PR that contains Workflow changes!!
# AUTHORS, please only use actions with explicit SHA references, and avoid using `@master` or `@main` references or `@version` tags.
name: Build Checks
on:
push:
branches:
- main
pull_request_target:
branches:
- main
types:
- labeled
merge_group:
defaults:
run:
# This ensures that the working directory is the root of the repository
working-directory: ./
permissions:
contents: read
actions: read
jobs:
base:
# This Job ensures that these jobs run either on regular Pull Request Updates
# Or if the PR gets labeled with `github_actions:pull-request`
if: |
github.event.action != 'labeled' ||
(github.event.action == 'labeled' && github.event.label.name == 'github_actions:pull-request')
name: Base Tasks
runs-on: ubuntu-latest
outputs:
turbo_args: ${{ steps.turborepo_arguments.outputs.turbo_args }}
steps:
- name: Provide Turborepo Arguments
id: turborepo_arguments
# We also set the Turborepo Cache to the `.turbo` folder
# See https://turbo.build/repo/docs/reference/command-line-reference/run#--cache-dir
# See https://turbo.build/repo/docs/reference/command-line-reference/run#--force
run: echo "turbo_args=--force=true --cache-dir=.turbo/cache" >> "$GITHUB_OUTPUT"
build:
# This Job ensures that these jobs run either on regular Pull Request Updates
# Or if the PR gets labeled with `github_actions:pull-request`
if: |
github.event.action != 'labeled' ||
(github.event.action == 'labeled' && github.event.label.name == 'github_actions:pull-request')
name: Build on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
needs: [base]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
steps:
- name: Use GNU tar instead BSD tar
# This ensures that we use GNU `tar` which is more efficient for extracting caches's
if: matrix.os == 'windows-latest'
shell: cmd
run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
- name: Git Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
# We only need to fetch the last commit from the head_ref
# since we're not using the `--filter` operation from turborepo
# We don't use the `--filter` as we always want to force builds regardless of having changes or not
# this ensures that our bundle analysis script always runs and that we always ensure next.js is building
# regardless of having code changes or not
fetch-depth: 1
- name: Restore Build Cache
uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: |
.turbo/cache
.next/cache
node_modules/.cache
# We want to restore cache from local .npm caches, .next/cache and node_modules/.cache
# As this should reduce build times, and the overall time for installing packages or running operations
key: cache-build-${{ hashFiles('package-lock.json') }}-
restore-keys: |
cache-build-${{ hashFiles('package-lock.json') }}-
cache-build-
- name: Set up Node.js
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
with:
# We want to ensure that the Node.js version running here respects our supported versions
node-version-file: '.nvmrc'
cache: 'npm'
- name: Install NPM packages
# We want to avoid NPM from running the Audit Step and Funding messages on a CI environment
# We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted
# We also use `--omit=dev` to avoid installing devDependencies as we don't need them during the build step
run: npm i --no-audit --no-fund --userconfig=/dev/null --omit=dev
- name: Build Next.js (ISR)
# We want a ISR build on CI to ensure that regular Next.js builds work as expected.
# We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
# the `${{ needs.base.outputs.turbo_args }}` is a string substitution happening from the base job
run: npx --package=turbo@latest -- turbo build ${{ needs.base.outputs.turbo_args }}
env:
# We want to ensure we have enough RAM allocated to the Node.js process
# this should be a last resort in case by any chances the build memory gets too high
# but in general this should never happen
NODE_OPTIONS: '--max_old_space_size=4096'
- name: Build Next.js (Static)
# Assigns an ID to be reused on other steps
id: build_nextjs_static
# We want a Static Buid on CI to ensure that the Static Exports are working as expected
# This build will use the existing cache created on the previous build above (ISR)
# We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
# the `${{ needs.base.outputs.turbo_args }}` is a string substitution happening from the base job
if: |
github.event_name == 'pull_request_target' &&
startsWith(github.event.pull_request.head.ref, 'dependabot/') == false
run: npx --package=turbo@latest -- turbo deploy ${{ needs.base.outputs.turbo_args }}
env:
# We want to ensure we have enough RAM allocated to the Node.js process
# this should be a last resort in case by any chances the build memory gets too high
# but in general this should never happen
NODE_OPTIONS: '--max_old_space_size=4096'
- name: Save Build Cache
# This prevents this step from running if "Next.js Build (Static)" got cancelled; Which gets cancelled if
# the curruent branch comes from Dependabot or the Event is not a Pull Request (i.e. Merge Queue Event)
if: steps.build_nextjs_static.outcome == 'success'
uses: actions/cache/save@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: |
.turbo/cache
.next/cache
node_modules/.cache
# Most of sibling Pull Requests will use the cache key based on the package-lock.json
# We do also add a hashFiles for `.next/cache` as GitHub Actions only allows
# One cache with same key to exist, so to ensure we always have a cache from the latest build
# We add the hashFiles of `.next/cache` to the cache key of the Cache Entry
key: cache-build-${{ hashFiles('package-lock.json') }}-${{ hashFiles('.next/cache/**') }}