refactor(testing): centralize test secrets into shared module #380
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Shared configuration | |
| env: | |
| NODE_VERSION_TARGET: "24" | |
| TURBO_TELEMETRY_DISABLED: 1 | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read # Required for actions/checkout | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ env.NODE_VERSION_TARGET }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run linter | |
| run: pnpm run lint | |
| - name: Check formatting | |
| run: pnpm run format:check | |
| typecheck: | |
| name: Type Check | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read # Required for actions/checkout | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ env.NODE_VERSION_TARGET }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Type check | |
| run: pnpm run typecheck | |
| build-and-test: | |
| name: Build & Test | |
| needs: [lint, typecheck] | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ env.NODE_VERSION_TARGET }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run tests with coverage | |
| run: pnpm run test:ci | |
| - name: Build packages | |
| run: pnpm run build | |
| - name: Check bundle size | |
| run: | | |
| pnpm run --silent size:check > /tmp/size-results.json; SIZE_EXIT=$? | |
| { | |
| echo '### Bundle Size Report' | |
| echo '' | |
| echo '| Package | Size | Limit | Status |' | |
| echo '|---------|------|-------|--------|' | |
| jq -r '.[] | "| \(.name | gsub("[|<>\\[\\]\\\\]"; "")) | \((.size / 1000 * 100 | round) / 100) KB | \((.sizeLimit / 1000 * 100 | round) / 100) KB | \(if .passed then "Pass" else "FAIL" end) |"' /tmp/size-results.json | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| exit $SIZE_EXIT | |
| - name: Upload coverage artifacts | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: coverage-artifacts | |
| path: | | |
| coverage | |
| reports/junit.xml | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: dist-artifacts | |
| path: packages/*/dist | |
| retention-days: 1 | |
| test-node: | |
| name: Distribution Test (Node.js ${{ matrix.node-version }}) | |
| needs: build-and-test | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node-version: [20, 22, 24] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: dist-artifacts | |
| path: packages | |
| - name: Run distribution tests | |
| run: pnpm run test:dist-node | |
| test-deno: | |
| name: Distribution Test (Deno ${{ matrix.deno-version }}) | |
| needs: build-and-test | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read # Required for actions/checkout and actions/download-artifact | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| deno-version: ["1.x", "2.x"] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ env.NODE_VERSION_TARGET }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: dist-artifacts | |
| path: packages | |
| - name: Setup Deno | |
| uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3 | |
| with: | |
| deno-version: ${{ matrix.deno-version }} | |
| - name: Make deno.json compatible with Deno 1.x | |
| if: matrix.deno-version == '1.x' | |
| run: | | |
| sed -i 's/"nodeModulesDir": "auto"/"nodeModulesDir": true/' deno.json | |
| sed -i 's/"version": "5"/"version": "3"/' deno.lock | |
| sed -i 's/deno test --allow-read --no-check/deno test --allow-read --no-check --unstable-sloppy-imports/g' deno.json | |
| - name: Run Deno distribution tests | |
| run: deno task test | |
| test-bun: | |
| name: Distribution Test (Bun ${{ matrix.bun-version }}) | |
| needs: build-and-test | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read # Required for actions/checkout and actions/download-artifact | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| bun-version: ["1.3.5"] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ env.NODE_VERSION_TARGET }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: dist-artifacts | |
| path: packages | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2 | |
| with: | |
| bun-version: ${{ matrix.bun-version }} | |
| - name: Run Bun distribution tests | |
| run: bun test internal/distribution-tests/src/bun.test.ts | |
| security-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read # Required for actions/checkout | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ env.NODE_VERSION_TARGET }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run security audit | |
| run: pnpm audit --audit-level=moderate | |
| reporting: | |
| name: Reporting (Coverage and Bundle Analysis) | |
| needs: build-and-test | |
| if: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push' }} | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: ${{ env.NODE_VERSION_TARGET }} | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Download coverage artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: coverage-artifacts | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: dist-artifacts | |
| path: packages | |
| - name: Create bundle analyzer config | |
| run: | | |
| cat > /tmp/codecov-bundle-config.json << 'EOF' | |
| { | |
| "gitService": "github", | |
| "oidc": { | |
| "useGitHubOIDC": true | |
| } | |
| } | |
| EOF | |
| - name: Upload bundle analysis to Codecov | |
| env: | |
| CODECOV_SLUG: yeojz/otplib | |
| run: | | |
| for pkg in packages/*/dist; do | |
| pkg_dir=$(dirname $pkg) | |
| name=$(jq -r '.name' "$pkg_dir/package.json") | |
| pnpm exec bundle-analyzer "$pkg" \ | |
| --bundle-name="$name" \ | |
| --config-file=/tmp/codecov-bundle-config.json | |
| done | |
| - name: Report Coverage | |
| if: github.event_name == 'pull_request' | |
| uses: davelosert/vitest-coverage-report-action@2500dafcee7dd64f85ab689c0b83798a8359770e # v2 | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| use_oidc: true | |
| slug: yeojz/otplib | |
| report_type: coverage | |
| - name: Upload test results to Codecov | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| use_oidc: true | |
| slug: yeojz/otplib | |
| report_type: test_results | |
| files: reports/junit.xml | |
| all-checks: | |
| name: All Checks Passed | |
| if: always() | |
| needs: [lint, typecheck, build-and-test, test-node, test-deno, test-bun, security-audit, reporting] | |
| runs-on: ubuntu-latest | |
| environment: test | |
| permissions: | |
| contents: read # Required for checking job results | |
| steps: | |
| - name: Check all jobs | |
| run: | | |
| if [[ "${{ needs.lint.result }}" != "success" ]] || \ | |
| [[ "${{ needs.typecheck.result }}" != "success" ]] || \ | |
| [[ "${{ needs.build-and-test.result }}" != "success" ]] || \ | |
| [[ "${{ needs.test-node.result }}" != "success" ]] || \ | |
| [[ "${{ needs.test-deno.result }}" != "success" ]] || \ | |
| [[ "${{ needs.test-bun.result }}" != "success" ]] || \ | |
| [[ "${{ needs.security-audit.result }}" != "success" ]] || \ | |
| [[ "${{ needs.reporting.result }}" != "success" && "${{ needs.reporting.result }}" != "skipped" ]]; then | |
| echo "One or more checks failed" | |
| exit 1 | |
| fi |