Version Packages #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| # Cancel superseded runs on the same ref. | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Least privilege: CI only needs to read the repo. | |
| permissions: | |
| contents: read | |
| env: | |
| # Don't install git hooks in CI (the `prepare` script runs `lefthook install`). | |
| LEFTHOOK: '0' | |
| jobs: | |
| check: | |
| name: check (node ${{ matrix.node }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node: [22, 24, 26] | |
| steps: | |
| - uses: actions/checkout@v7 | |
| # Dependabot sometimes writes a GitHub Packages tarball URL into the | |
| # lockfile for a newly-added package; pnpm then 401s fetching it here (CI | |
| # has no Packages auth). Fail fast with a pointer instead of a cryptic | |
| # ERR_PNPM_FETCH_401. See docs/recipes/troubleshooting-dependency-updates.md. | |
| - name: Guard against GitHub Packages tarball URLs in the lockfile | |
| run: | | |
| if grep -n 'npm.pkg.github.com' pnpm-lock.yaml; then | |
| echo "::error file=pnpm-lock.yaml::Lockfile references npm.pkg.github.com, which breaks 'pnpm install --frozen-lockfile' (401). See docs/recipes/troubleshooting-dependency-updates.md" | |
| exit 1 | |
| fi | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v6 | |
| - name: Set up Node ${{ matrix.node }} | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ matrix.node }} | |
| cache: pnpm | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Check (lint, build, typecheck, test, package exports) | |
| run: pnpm check |