Files
pnpm/.github/workflows/ci.yml
dependabot[bot] d67385eac1 chore(deps): bump the github-actions group across 1 directory with 12 updates
Bumps the github-actions group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `4.0.1` | `4.0.2` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [github/codeql-action/autobuild](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.1.0` | `4.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.82.5` | `2.82.9` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.47.2` | `1.48.0` |
| [garnet-org/action](https://github.com/garnet-org/action) | `2.0.2` | `2.2.0` |
| [warpdotdev/oz-agent-action](https://github.com/warpdotdev/oz-agent-action) | `1.0.21` | `1.0.23` |



Updates `dorny/paths-filter` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](fbd0ab8f3e...7b450fff21)

Updates `github/codeql-action/init` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8aad20d150...54f647b7e1)

Updates `github/codeql-action/autobuild` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8aad20d150...54f647b7e1)

Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8aad20d150...54f647b7e1)

Updates `docker/setup-qemu-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](06116385d9...96fe6ef7f3)

Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](d7f5e7f509...bb05f3f551)

Updates `docker/login-action` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](650006c6eb...af1e73f918)

Updates `docker/build-push-action` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](f9f3042f7e...53b7df96c9)

Updates `taiki-e/install-action` from 2.82.5 to 2.82.9
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](bffeee26d4...4684b84056)

Updates `crate-ci/typos` from 1.47.2 to 1.48.0
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](37bb98842b...bee27e3a4f)

Updates `garnet-org/action` from 2.0.2 to 2.2.0
- [Release notes](https://github.com/garnet-org/action/releases)
- [Commits](2b7fc9d79b...3d47f4a900)

Updates `warpdotdev/oz-agent-action` from 1.0.21 to 1.0.23
- [Release notes](https://github.com/warpdotdev/oz-agent-action/releases)
- [Commits](1922f22c00...8ba4e14206)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-version: 1.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: garnet-org/action
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action/autobuild
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.82.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: warpdotdev/oz-agent-action
  dependency-version: 1.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-13 09:30:55 +00:00

222 lines
7.9 KiB
YAML

name: TS CI
on:
# Run push CI only on the default branch. A branch that lives in this repo
# fires both a `push` and a `pull_request` event for the same commit, and
# both runs report the `TS CI / Success` context to that commit. Branch
# protection then sees two results for the required check, so a cancellation
# or flake on the push side (e.g. two pushes racing on the test.yml
# concurrency group) blocks the PR even when the pull_request run passed.
# Restricting push to `main` means PRs carry `TS CI / Success` only via
# their `pull_request` run (and the merge queue via `merge_group`); `main`
# is validated pre-merge by `merge_group` and re-checked post-merge here.
push:
branches:
- main
pull_request:
merge_group:
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
changes:
name: TS CI / Detect Changes
runs-on: blacksmith-4vcpu-ubuntu-2404
permissions:
contents: read
pull-requests: read
outputs:
ts: ${{ steps.force.outputs.ts || steps.filter.outputs.ts }}
steps:
# In the merge queue the full suite must run: `TS CI / Compile & Lint`
# is itself a required check, and a skipped job never reports its
# context, which would leave the queue waiting forever. Forcing
# detection true also tests the merged result, which is the point of
# the queue.
- name: Force TS CI for merge queue
if: github.event_name == 'merge_group'
id: force
run: echo "ts=true" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
if: github.event_name != 'merge_group'
with:
persist-credentials: false
- uses: dorny/paths-filter@7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2
if: github.event_name != 'merge_group'
id: filter
with:
# The TypeScript pnpm stack lives under pnpm11/, plus the
# workspace-root tooling that drives its build/lint/test.
filters: |
ts:
- 'pnpm11/**'
- '.meta-updater/**'
- '__patches__/**'
- 'package.json'
- 'pnpm-workspace.yaml'
- 'pnpm-lock.yaml'
- '.pnpmfile.cjs'
- 'eslint.config.mjs'
- 'tsconfig.lint.json'
- 'cspell.json'
- '.github/workflows/ci.yml'
- '.github/workflows/test.yml'
- '.github/workflows/build-pnpr.yml'
- '.github/scripts/**'
compile-and-lint:
needs: changes
# Run only when TypeScript-relevant files changed. Every PR (same-repo or
# fork) is covered by its pull_request run, and push only fires on main, so
# there are no duplicate build jobs to guard against here.
if: ${{ !cancelled() && needs.changes.outputs.ts == 'true' }}
name: TS CI / Compile & Lint
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Checkout Commit
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Install pnpm
uses: pnpm/setup@77cf06832101b3ac8c65caaf76a21643936d07a4
- name: Compile TypeScript
run: pn compile-only
- name: Lint
run: pn lint
- name: Package compiled artifacts
shell: bash
run: |
mapfile -d '' -t lib_dirs < <(find . -type d -name lib -not -path '*/node_modules/*' -print0)
mapfile -d '' -t tsbuildinfo_files < <(find . -name 'tsconfig.tsbuildinfo' -not -path '*/node_modules/*' -print0)
tar -czf compiled.tar.gz --exclude='node_modules' "${lib_dirs[@]}" "${tsbuildinfo_files[@]}" pnpm11/pnpm/dist
- name: Upload compiled artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: compiled-packages
path: compiled.tar.gz
retention-days: 1
# Build the pnpr binaries once per OS via a per-OS reusable workflow (not a
# single matrix job) so each platform's test jobs gate only on their own
# build. `needs` can only target a whole job, never an individual matrix
# leg, so a matrix build would make the ubuntu tests wait for the slower
# windows build and vice versa.
build-pnpr-linux:
needs: changes
if: ${{ !cancelled() && needs.changes.outputs.ts == 'true' }}
name: TS CI / Build pnpr
uses: ./.github/workflows/build-pnpr.yml
with:
os: ubuntu-latest
build-pnpr-windows:
needs: changes
if: ${{ !cancelled() && needs.changes.outputs.ts == 'true' }}
name: TS CI / Build pnpr
uses: ./.github/workflows/build-pnpr.yml
with:
os: windows-latest
test-smoke:
name: TS CI / Test / ubuntu
needs: [compile-and-lint, build-pnpr-linux]
uses: ./.github/workflows/test.yml
with:
node: '24.0.0'
node_major: '24'
platform: ubuntu-latest
garnet: true
secrets:
GARNET_API_TOKEN: ${{ secrets.GARNET_API_TOKEN }}
test:
name: TS CI / Test / ${{ matrix.platform_label }}
needs: test-smoke
strategy:
fail-fast: false
matrix:
include:
- node: '22.13.0'
node_major: '22'
platform: ubuntu-latest
platform_label: ubuntu
test_chunk: '1'
test_chunk_total: '1'
- node: '26.4.0'
node_major: '26'
platform: ubuntu-latest
platform_label: ubuntu
test_chunk: '1'
test_chunk_total: '1'
uses: ./.github/workflows/test.yml
with:
node: ${{ matrix.node }}
node_major: ${{ matrix.node_major }}
platform: ${{ matrix.platform }}
test_chunk: ${{ matrix.test_chunk }}
test_chunk_total: ${{ matrix.test_chunk_total }}
# Windows is the slowest platform. Gate it only on compile-and-lint so its
# shards run in parallel with the ubuntu smoke job, instead of waiting for
# the smoke job like the other Node.js versions do.
test-windows:
name: TS CI / Test / ${{ matrix.platform_label }}
needs: [compile-and-lint, build-pnpr-windows]
strategy:
fail-fast: false
matrix:
include:
- node: '22.13.0'
node_major: '22'
platform: windows-latest
platform_label: windows 1/3
test_chunk: '1'
test_chunk_total: '3'
- node: '22.13.0'
node_major: '22'
platform: windows-latest
platform_label: windows 2/3
test_chunk: '2'
test_chunk_total: '3'
- node: '22.13.0'
node_major: '22'
platform: windows-latest
platform_label: windows 3/3
test_chunk: '3'
test_chunk_total: '3'
uses: ./.github/workflows/test.yml
with:
node: ${{ matrix.node }}
node_major: ${{ matrix.node_major }}
platform: ${{ matrix.platform }}
test_chunk: ${{ matrix.test_chunk }}
test_chunk_total: ${{ matrix.test_chunk_total }}
# Single aggregate gate — the only TS CI context branch protection needs
# to require. Listing the individual jobs as required checks does not
# work: they skip on non-TypeScript PRs, and a matrix job skipped at the
# job level never expands its `${{ matrix.* }}` name, so the per-platform
# contexts it would report never appear and the PR blocks forever waiting
# for them. This job always runs (it reports under a static name in every
# state) and fails only if a dependency actually failed or was cancelled —
# skipped dependencies count as a pass.
success:
name: TS CI / Success
if: ${{ always() }}
needs:
- changes
- compile-and-lint
- build-pnpr-linux
- build-pnpr-windows
- test-smoke
- test
- test-windows
runs-on: blacksmith-4vcpu-ubuntu-2404
steps:
- name: Fail if any dependency failed or was cancelled
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1