diff --git a/.github/actions/setup-node/action.yaml b/.github/actions/setup-node/action.yaml index 0728e6361..690ece6a3 100644 --- a/.github/actions/setup-node/action.yaml +++ b/.github/actions/setup-node/action.yaml @@ -6,9 +6,7 @@ runs: - uses: ./.github/actions/cache-monorepo - name: Install pnpm - uses: pnpm/action-setup@v2 - with: - version: 10 + uses: pnpm/action-setup@v4 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b36685d5f..c10721cc8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,17 +18,24 @@ on: merge_group: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + contents: read + env: - PNPM_CACHE_FOLDER: .pnpm-store HUSKY: 0 # Bypass husky commit hook for CI NX_REJECT_UNKNOWN_LOCAL_CACHE: 0 jobs: ci: runs-on: ubuntu-latest + timeout-minutes: 15 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - uses: ./.github/actions/setup-node - name: Check run: pnpm nx run-many --target=build,lint,test:ci --parallel=3 -p="tag:npm:public" diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml new file mode 100644 index 000000000..97873e93a --- /dev/null +++ b/.github/workflows/claude.yml @@ -0,0 +1,29 @@ +name: Claude Code + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + issues: + types: [opened, assigned] + +permissions: + contents: write + pull-requests: write + issues: write + +jobs: + claude: + if: | + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'issues' && contains(github.event.issue.body, '@claude')) + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@v5 + - uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + claude_args: "--max-turns 10" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index cc69f2cb8..38953d55b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,6 +17,7 @@ permissions: jobs: dependency-review: runs-on: ubuntu-latest + timeout-minutes: 5 steps: - name: 'Checkout Repository' uses: actions/checkout@v5 diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml index 4298282b9..88932e49e 100644 --- a/.github/workflows/lint-pr.yml +++ b/.github/workflows/lint-pr.yml @@ -7,10 +7,14 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: name: Validate PR title runs-on: ubuntu-latest + timeout-minutes: 5 steps: - uses: amannn/action-semantic-pull-request@v5 env: diff --git a/.github/workflows/pkg.pr.new.yml b/.github/workflows/pkg.pr.new.yml index 9ee58d316..f75588aa5 100644 --- a/.github/workflows/pkg.pr.new.yml +++ b/.github/workflows/pkg.pr.new.yml @@ -1,36 +1,33 @@ name: Publish Any Commit on: - push: - tags: - - '!**' + pull_request: branches: - - '**' + - main + - next env: - PNPM_CACHE_FOLDER: .pnpm-store HUSKY: 0 # Bypass husky commit hook for CI -permissions: {} +permissions: + contents: read + pull-requests: write + statuses: write concurrency: - group: ${{ github.workflow }}-${{ github.event.number }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: build: runs-on: ubuntu-latest - strategy: - matrix: - node-version: [20] + timeout-minutes: 15 steps: - - uses: actions/checkout@v4 - + - uses: actions/checkout@v5 - uses: ./.github/actions/setup-node - - name: Install dependencies - run: pnpm install - name: Build run: pnpm nx run-many --target=build --parallel=5 -p="tag:npm:public" - - run: | + - name: Publish preview packages + run: | PATHS=$(pnpm list --recursive --depth=0 --json | jq -r '.[] | select(.private == false) | .path' | tr '\n' ' ') pnpx pkg-pr-new publish $PATHS --compact --pnpm diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 06cd7769a..3071a6601 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -10,10 +10,10 @@ jobs: permissions: contents: read id-token: write # Required for OIDC trusted publishing - timeout-minutes: 10 + timeout-minutes: 15 steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 filter: tree:0 diff --git a/.github/workflows/sponsorkit.yml b/.github/workflows/sponsorkit.yml index 75421f718..9249481ad 100644 --- a/.github/workflows/sponsorkit.yml +++ b/.github/workflows/sponsorkit.yml @@ -5,22 +5,15 @@ on: schedule: - cron: '0 0 * * *' push: - branches: [master] + branches: [main] jobs: update-sponsors: runs-on: ubuntu-latest + timeout-minutes: 10 steps: - - uses: actions/checkout@v4 - - - uses: pnpm/action-setup@v4 - - - name: Set node - uses: actions/setup-node@v4 - with: - node-version: lts/* - - - run: corepack enable && pnpm i + - uses: actions/checkout@v5 + - uses: ./.github/actions/setup-node - name: Update sponsors run: pnpm run sponsorkit