ci: update npm publish workflow to Node.js 24, newer actions, and OIDC permissions #86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| security: | |
| runs-on: ubuntu-latest | |
| name: Security & Dependency Review | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@v4 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| fail-on-severity: moderate | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Run npm audit | |
| run: npm audit --audit-level=moderate | |
| continue-on-error: true | |
| install-dep: | |
| runs-on: macos-latest | |
| env: | |
| NO_FLIPPER: '1' | |
| name: Install dependencies | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Verify Dev Changed files | |
| uses: tj-actions/changed-files@v46 | |
| id: verify-dev-changed-files | |
| with: | |
| files: | | |
| !*.md | |
| !*.MD | |
| !*.yml | |
| - uses: actions/cache@v4 | |
| name: Cache node_modules | |
| id: cache-node-modules | |
| if: steps.verify-dev-changed-files.outputs.any_changed == 'true' | |
| with: | |
| path: | | |
| node_modules | |
| example/node_modules | |
| key: ${{ runner.os }}-nodeModules-${{ hashFiles('package.json') }}-${{ hashFiles('example/package.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nodeModules- | |
| - name: Set up Ruby | |
| if: steps.verify-dev-changed-files.outputs.any_changed == 'true' | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: '3.2' | |
| bundler-cache: true | |
| - name: Setup node | |
| if: steps.verify-dev-changed-files.outputs.any_changed == 'true' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install npm dependencies | |
| if: steps.cache-node-modules.outputs.cache-hit != 'true' && steps.verify-dev-changed-files.outputs.any_changed == 'true' | |
| run: | | |
| ls | |
| pwd | |
| npm install | |
| cd example | |
| ls | |
| pwd | |
| npm install | |
| android-build: | |
| runs-on: macos-latest | |
| name: Android Build | |
| needs: install-dep | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Verify Android Changed files | |
| uses: tj-actions/changed-files@v46 | |
| id: verify-android-changed-files | |
| with: | |
| files: | | |
| android/** | |
| src/** | |
| assets/** | |
| package.json | |
| !example/ios/** | |
| example/e2e/** | |
| - uses: actions/cache@v4 | |
| name: Cache node_modules | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| id: cache-node-modules | |
| with: | |
| path: | | |
| node_modules | |
| example/node_modules | |
| key: ${{ runner.os }}-nodeModules-${{ hashFiles('package.json') }}-${{ hashFiles('example/package.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nodeModules- | |
| - uses: actions/cache@v4 | |
| id: cache-gradle | |
| name: Cache Gradle dependencies | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('example/android/gradle/wrapper/gradle-wrapper.properties') }}-${{ hashFiles('android/src/**/*.kt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| with: | |
| node-version: '20' | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| with: | |
| distribution: 'zulu' | |
| java-version: 17 | |
| - name: Install Gradle dependencies | |
| if: steps.cache-gradle.outputs.cache-hit != 'true' && steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| run: | | |
| cd example/android | |
| ./gradlew build --stacktrace | |
| - name: Run unit tests | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| run: | | |
| cd example/android | |
| ./gradlew test --stacktrace | |
| - name: Build APK | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| run: | | |
| npm run prepack | |
| cd example/android | |
| ./gradlew assembleRelease | |
| mv app/build/outputs/apk/release/app-release.apk app-release-${{ github.sha }}.apk | |
| - name: Upload APK | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-release-${{ github.sha }}.apk | |
| path: ${{ github.workspace }}/example/android/app-release-${{ github.sha }}.apk | |
| android-api-level-test: | |
| runs-on: macos-13 | |
| needs: android-build | |
| name: Android Test | |
| strategy: | |
| matrix: | |
| api-level: [24, 31] | |
| target: [default] | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Verify Android Changed files | |
| uses: tj-actions/changed-files@v46 | |
| id: verify-android-changed-files | |
| with: | |
| files: | | |
| android/** | |
| src/** | |
| assets/** | |
| package.json | |
| !example/ios/** | |
| example/e2e/** | |
| - uses: actions/cache@v4 | |
| name: Cache node_modules | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| id: cache-node-modules | |
| with: | |
| path: | | |
| node_modules | |
| example/node_modules | |
| key: ${{ runner.os }}-nodeModules-${{ hashFiles('package.json') }}-${{ hashFiles('example/package.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nodeModules- | |
| - uses: actions/cache@v4 | |
| name: Cache Gradle dependencies | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| id: cache-gradle | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('example/android/gradle/wrapper/gradle-wrapper.properties') }}-${{ hashFiles('android/src/**/*.kt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| with: | |
| node-version: '20' | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| with: | |
| distribution: 'zulu' | |
| java-version: 17 | |
| - name: Instrumentation Tests | |
| uses: reactivecircus/android-emulator-runner@v2 | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| with: | |
| api-level: ${{ matrix.api-level }} | |
| target: ${{ matrix.target }} | |
| arch: x86_64 | |
| profile: pixel_5 | |
| script: | | |
| cd example/android && ./gradlew connectedCheck --stacktrace | |
| - name: Upload Reports | |
| uses: actions/upload-artifact@v4 | |
| if: steps.verify-android-changed-files.outputs.any_changed == 'true' | |
| with: | |
| name: Test-Reports | |
| path: ${{ github.workspace }}/example/android/app/build/reports | |
| ios-build-test: | |
| runs-on: macos-latest | |
| env: | |
| NO_FLIPPER: '1' | |
| needs: install-dep | |
| name: iOS Build and Test | |
| strategy: | |
| matrix: | |
| cocoapods: ['1.14.3', '1.15.0'] | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| - name: Verify iOS Changed files | |
| uses: tj-actions/changed-files@v46 | |
| id: verify-iOS-changed-files | |
| with: | |
| files: | | |
| ios/** | |
| src/** | |
| assets/** | |
| package.json | |
| !example/android/** | |
| example/e2e/** | |
| - uses: actions/cache@v4 | |
| name: Cache node_modules | |
| id: cache-node-modules | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| with: | |
| path: | | |
| node_modules | |
| example/node_modules | |
| key: ${{ runner.os }}-nodeModules-${{ hashFiles('package.json') }}-${{ hashFiles('example/package.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nodeModules- | |
| - name: Cache Pods | |
| id: cache-pods | |
| uses: actions/cache@v4 | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| with: | |
| path: example/ios/Pods | |
| key: ${{ runner.os }}-pods-${{ matrix.cocoapods }}-${{ hashFiles('**/Podfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pods-${{ matrix.cocoapods }}- | |
| ${{ runner.os }}-pods- | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| with: | |
| ruby-version: '3.2' | |
| bundler-cache: true | |
| - name: Install Cocoapods | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| run: gem install cocoapods -v ${{ matrix.cocoapods }} | |
| - name: Setup node | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install Pods | |
| if: steps.cache-pods.outputs.cache-hit != 'true' && steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| run: | | |
| cd example/ios | |
| pod cache clean --all | |
| pod install | |
| - name: Install xcpretty | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| run: gem install xcpretty | |
| - name: Build | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| run: | | |
| cd example/ios | |
| xcodebuild -workspace ImageMarkerExample.xcworkspace -scheme ImageMarkerExample -configuration Release -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 16' | xcpretty | |
| - name: Test | |
| if: steps.verify-iOS-changed-files.outputs.any_changed == 'true' | |
| run: | | |
| cd example/ios | |
| xcodebuild -workspace ImageMarkerExample.xcworkspace -scheme ImageMarkerExample -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 16' test | xcpretty | |
| ci-complete: | |
| name: Complete CI | |
| needs: [security, android-build, android-api-level-test, ios-build-test] | |
| if: ${{ always() }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check all job status | |
| if: >- | |
| ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
| run: exit 1 |