chore(deps-dev): bump the patch-dependencies group across 1 directory with 4 updates #429
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Default CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| # We'd like to run the pipeline for dependabot PRs sequentially, and all other PRs in parallel, but still only one action run for each PR. | |
| concurrency: | |
| group: >- | |
| ${{ | |
| github.actor == 'dependabot[bot]' && | |
| 'dependabot' || | |
| format('{0}-{1}', github.workflow, github.ref) | |
| }} | |
| cancel-in-progress: >- | |
| ${{ | |
| github.actor != 'dependabot[bot]' && | |
| github.ref != 'refs/heads/main' | |
| }} | |
| jobs: | |
| # Stage 1: Parallel analysis jobs (no build required) | |
| lint: | |
| name: Lint & Code Style | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| run_install: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Lint code (xo), markdown (markdownlint), and package (publint) | |
| run: pnpm run lint | |
| - name: Check code style | |
| run: pnpm exec prettier . --check | |
| - name: Check spelling | |
| uses: codespell-project/actions-codespell@v2 | |
| with: | |
| skip: "pnpm-lock.yaml,coverage,node_modules,dist,_site,.git" | |
| ignore_words_list: "moz,webkit" | |
| check_filenames: true | |
| quality: | |
| name: Code Quality Analysis | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| actions: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 # Needed for quality analysis | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| run_install: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Run tests with coverage | |
| run: pnpm run --recursive test:vitest --coverage --coverage.reporter lcov --coverage.reporter json | |
| - name: Upload coverage reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-reports | |
| path: | | |
| packages/css-if-polyfill/coverage/ | |
| packages/postcss-if-function/coverage/ | |
| packages/lightningcss-plugin-if-function/coverage/ | |
| packages/stylelint-config-if-function/coverage/ | |
| retention-days: 30 | |
| security: | |
| name: Security Analysis | |
| uses: ./.github/workflows/codeql.yml | |
| secrets: inherit | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| packages: read | |
| audit-fix: | |
| name: Suggest pnpm audit --fix for Dependabot PRs | |
| uses: ./.github/workflows/audit-fix-pr.yml | |
| secrets: inherit | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| # Stage 2: Build and comprehensive testing (requires all analysis to pass) | |
| ci: | |
| name: CI Tests & Build | |
| needs: [lint, quality, security] | |
| if: always() && (needs.lint.result == 'success') && (needs.quality.result == 'success') && (needs.security.result == 'success') | |
| uses: ./.github/workflows/ci.yml | |
| secrets: inherit | |
| permissions: | |
| contents: read | |
| # Stage 3: Performance testing (runs for all workflows, but performance.yml has its own path filtering) | |
| performance: | |
| name: Performance Tests | |
| needs: ci | |
| uses: ./.github/workflows/performance.yml | |
| secrets: inherit | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| # Aggregate status check for branch protection rules | |
| checks-done: | |
| name: All Checks Complete | |
| needs: [lint, quality, security, audit-fix, ci, performance] | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: All required checks passed | |
| run: | | |
| echo "✅ All required checks completed successfully" | |
| echo "status=success" >> $GITHUB_OUTPUT | |
| # Stage 4: Deploy to GitHub Pages (main branch only, requires all previous stages) | |
| deploy: | |
| name: Deploy to GitHub Pages from main | |
| needs: [checks-done] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| uses: ./.github/workflows/deploy-pages.yml | |
| secrets: inherit | |
| permissions: | |
| pages: write | |
| id-token: write | |
| contents: read | |
| # Stage 5: Release (main branch only, requires all checks to pass) | |
| release: | |
| name: Release Management | |
| needs: [checks-done] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| uses: ./.github/workflows/release.yml | |
| secrets: inherit | |
| permissions: | |
| contents: write # to create release (changesets/action) | |
| issues: write # to post issue comments (changesets/action) | |
| pull-requests: write # to create pull request (changesets/action) | |
| id-token: write # to use OpenID Connect token for provenance (changesets/action) |