Bump lodash from 4.17.20 to 4.17.21 #37
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Checks | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, edited, closed] | |
branches: | |
- master | |
paths-ignore: | |
- ".github/**" | |
- ".npmignore" | |
jobs: | |
Builds: | |
runs-on: ubuntu-latest | |
# Build for multiple node versions. | |
strategy: | |
matrix: | |
node-version: [12.x, 14.x] | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build on Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- run: npm ci --ignore-scripts | |
- run: npm run build --if-present | |
name: Build | |
Check-Versions: | |
needs: [Builds] | |
if: github.event.pull_request.merged == false && github.event.action != 'closed' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.base_ref }} | |
- name: Get Target Version | |
run: | | |
versionText=$(cat package.json | jq -r '.version') | |
echo "TARGET_VERSION=$(echo $versionText)" >> $GITHUB_ENV | |
versionText=$(cat package-lock.json | jq -r '.version') | |
echo "TARGET_LOCK_VERSION=$(echo $versionText)" >> $GITHUB_ENV | |
- uses: actions/checkout@v2 | |
- name: Get Source Version | |
run: | | |
versionText=$(cat package.json | jq -r '.version') | |
echo "SOURCE_VERSION=$(echo $versionText)" >> $GITHUB_ENV | |
versionText=$(cat package-lock.json | jq -r '.version') | |
echo "SOURCE_LOCK_VERSION=$(echo $versionText)" >> $GITHUB_ENV | |
- uses: actions/checkout@v2 | |
- name: Compare Versions | |
run: | | |
echo ${{ env.TARGET_VERSION }} | |
echo ${{ env.TARGET_LOCK_VERSION }} | |
echo ${{ env.SOURCE_VERSION }} | |
echo ${{ env.SOURCE_LOCK_VERSION }} | |
versionFunction() { | |
test "$(echo -e "$1\n$2" | sort -V | head -n 1)" != "$1"; | |
} | |
if versionFunction ${{ env.SOURCE_VERSION }} ${{ env.TARGET_VERSION }} | |
then | |
echo "${{ env.SOURCE_VERSION }} is greater than ${{ env.TARGET_VERSION }}" | |
else | |
echo ::warning file={package.json},line={1},title={Bump Version}::{You must bump the version before publishing this package} | |
echo "VERSION_FAILURE=1" >> $GITHUB_ENV | |
fi | |
if versionFunction ${{ env.SOURCE_LOCK_VERSION }} ${{ env.TARGET_LOCK_VERSION }} | |
then | |
echo "${{ env.SOURCE_LOCK_VERSION }} is greater than ${{ env.TARGET_LOCK_VERSION }}" | |
else | |
echo ::warning file={package-lock.json},line={1},title={Bump Version}::{You must bump the version before publishing this package} | |
echo "VERSION_FAILURE=1" >> $GITHUB_ENV | |
fi | |
- name: Comment On Pull Request | |
if: ${{ env.VERSION_FAILURE == 1}} | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: ":rotating_light: Don't forget to bump the versions in package.json and package-lock.json! :rotating_light:" | |
}) | |
- name: Fail | |
if: ${{ env.VERSION_FAILURE == 1}} | |
run: exit 1 | |
Publish-Package: | |
needs: [Builds] | |
if: github.event.pull_request.merged == true && github.event.action == 'closed' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v1 | |
with: | |
node-version: 14 | |
- name: Publish | |
# VERY IMPORTANT NOT TO RUN SCRIPTS TO PROTECT FROM MALICIOUS PACKAGES | |
run: | | |
npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN} | |
npm publish --ignore-scripts | |
env: | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |