Merge branch 'develop'

.github/dependabot.yml

@@ -0,0 +1,17 @@
+# Set update schedule for npm packages
+
+version: 2
+updates:
+ - package-ecosystem: 'npm'
+ directory: '/'
+ target-branch: 'develop'
+ schedule:
+ # interval: 'weelkly'
+ interval: 'daily'
+ time: '14:40'
+ timezone: 'Europe/Rome'
+ ignore:
+ - dependency-name: '*'
+ update-types: ['version-update:semver-major']
+ # Disable all pull requests for npm dependencies
+ # open-pull-requests-limit: 0

.github/workflows/approve-pr.yml

@@ -0,0 +1,21 @@
+name: Dependabot auto-approve
+on: pull_request
+
+permissions:
+ pull-requests: write
+
+jobs:
+ dependabot:
+ runs-on: ubuntu-latest
+ if: ${{ github.actor == 'dependabot[bot]' }}
+ steps:
+ - name: Dependabot metadata
+ id: metadata
+ uses: dependabot/fetch-metadata@v1
+ with:
+ github-token: '${{ secrets.GITHUB_TOKEN }}'
+ - name: Approve a PR
+ run: gh pr review --approve "$PR_URL"
+ env:
+ PR_URL: ${{github.event.pull_request.html_url}}
+ GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/build.yml

@@ -0,0 +1,31 @@
+name: Build library
+
+on:
+ workflow_call:
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - uses: pnpm/action-setup@v2.2.4
+ with:
+ version: 7
+ - name: Use Node.js ${{ matrix.node-version }}
+ uses: actions/setup-node@v3
+ with:
+ node-version: ${{ matrix.node-version }}
+ cache: 'pnpm'
+ - name: Install dependencies
+ run: pnpm install --no-frozen-lockfile
+ - name: Build release
+ run: pnpm build
+ - name: Bump version with release tag name
+ run: pnpm version --no-git-tag-version ${{ github.event.release.tag_name }}
+ - name: Pack package
+ run: pnpm pack
+ - name: Upload artifact
+ uses: actions/upload-artifact@v3
+ with:
+ name: package
+ path: '*.tgz'

.github/workflows/check.yml

@@ -0,0 +1,31 @@
+name: Check pipeline
+
+on:
+ # Run on pull request
+ pull_request:
+ branches: [main, develop]
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+ contents: read
+ pages: write
+ id-token: write
+ pull-requests: read
+
+# Allow one concurrent deployment
+concurrency:
+ group: 'pages'
+ cancel-in-progress: true
+
+jobs:
+ analysis:
+ uses: ./.github/workflows/sonarcloud.yml
+ secrets: inherit
+
+ build:
+ needs: analysis
+ uses: ./.github/workflows/build.yml
+
+ test:
+ needs: build
+ uses: ./.github/workflows/test.yml

.github/workflows/main.yml

@@ -0,0 +1,54 @@
+name: Main pipeline
+
+on:
+ # Runs on release publish
+ release:
+ types: [published]
+
+jobs:
+ analysis:
+ uses: ./.github/workflows/sonarcloud.yml
+ secrets: inherit
+
+ build:
+ needs: analysis
+ uses: ./.github/workflows/build.yml
+
+ test:
+ needs: build
+ uses: ./.github/workflows/test.yml
+
+ publish-npm:
+ needs: test
+ runs-on: ubuntu-latest
+ steps:
+ - name: Download artifact
+ uses: actions/download-artifact@v3
+ with:
+ name: package
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 16
+ registry-url: https://registry.npmjs.org/
+ - run: npm publish $(ls *.tgz) --access=public --tag ${{ github.event.release.prerelease && 'next' || 'latest'}}
+ env:
+ NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+
+ publish-gpr:
+ needs: test
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ steps:
+ - name: Download artifact
+ uses: actions/download-artifact@v3
+ with:
+ name: package
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 16
+ registry-url: https://npm.pkg.github.com/
+ - run: npm publish $(ls *.tgz) --access=public --tag ${{ github.event.release.prerelease && 'next' || 'latest'}}
+ env:
+ NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/sonarcloud.yml

@@ -0,0 +1,25 @@
+name: SonarCloud analysis
+
+on:
+ workflow_call:
+
+jobs:
+ sonarcloud:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Analyze with SonarCloud
+
+ # You can pin the exact commit or the version.
+ # uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
+ uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
+ with:
+ # Additional arguments for the sonarcloud scanner
+ args:
+ # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
+ # mandatory
+ -Dsonar.projectKey=volverjs_zod-vue-i18n
+ -Dsonar.organization=volverjs

.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: Run library test
+
+on:
+ workflow_call:
+
+jobs:
+ vitest:
+ timeout-minutes: 60
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 18
+ - uses: pnpm/action-setup@v2.2.4
+ with:
+ version: 7
+ - name: Use Node.js ${{ matrix.node-version }}
+ uses: actions/setup-node@v3
+ with:
+ node-version: ${{ matrix.node-version }}
+ cache: 'pnpm'
+ - name: Install dependencies
+ run: pnpm install --no-frozen-lockfile
+ - name: Build release
+ run: pnpm build
+ - name: Run test
+ run: pnpm test