Skip to content

Version Packages

Version Packages #7

Workflow file for this run

name: CI
on:
pull_request:
push:
branches: [main]
# Cancel superseded runs on the same ref.
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
# Least privilege: CI only needs to read the repo.
permissions:
contents: read
env:
# Don't install git hooks in CI (the `prepare` script runs `lefthook install`).
LEFTHOOK: '0'
jobs:
check:
name: check (node ${{ matrix.node }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
node: [22, 24, 26]
steps:
- uses: actions/checkout@v7
# Dependabot sometimes writes a GitHub Packages tarball URL into the
# lockfile for a newly-added package; pnpm then 401s fetching it here (CI
# has no Packages auth). Fail fast with a pointer instead of a cryptic
# ERR_PNPM_FETCH_401. See docs/recipes/troubleshooting-dependency-updates.md.
- name: Guard against GitHub Packages tarball URLs in the lockfile
run: |
if grep -n 'npm.pkg.github.com' pnpm-lock.yaml; then
echo "::error file=pnpm-lock.yaml::Lockfile references npm.pkg.github.com, which breaks 'pnpm install --frozen-lockfile' (401). See docs/recipes/troubleshooting-dependency-updates.md"
exit 1
fi
- name: Install pnpm
uses: pnpm/action-setup@v6
- name: Set up Node ${{ matrix.node }}
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node }}
cache: pnpm
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Check (lint, build, typecheck, test, package exports)
run: pnpm check