chore(deps-dev): bump the development-dependencies group with 3 updates #352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: verify | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| verify: | |
| name: Lint & Test Node.js ${{ matrix.node-version }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: | |
| - '16.x' | |
| # 18.18.2 is the most recent version that is _not_ supported by OpenTelemetry JS SDK 2.x, hence we test it | |
| # individually. (Should run with OpenTelemetry JS SDK 1.x.) | |
| - '18.18.2' | |
| # 18.x evaluates to a 18.x line >= 18.19.0, and hence will be run with OpenTelemetry JS SDK 2.x. | |
| - '18.x' | |
| - '20.x' | |
| - '22.x' | |
| - '23.x' | |
| - '24.x' | |
| # Maintenance note: Update the semver expression `untestedVersionRange` in src/index.ts when adding new | |
| # Node.js versions to the test matrix. | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| submodules: true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: versions | |
| run: | | |
| node --version | |
| npm --version | |
| - run: npm ci | |
| - name: lint | |
| if: ${{ matrix.node-version != '16.x' }} | |
| run: | | |
| npm run lint | |
| - name: test | |
| run: | | |
| npm test | |
| verify-minimum-version-check: | |
| name: Verify Minimum Version Check (Node.js ${{ matrix.node-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: | |
| - '14.x' | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| submodules: true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: versions | |
| run: | | |
| node --version | |
| npm --version | |
| - run: npm install | |
| - name: minimum version integration test | |
| run: | | |
| npm run test:integration:minimum-version-check | |
| publish-release: | |
| name: Publish Release | |
| runs-on: ubuntu-latest | |
| # only release from the main branch | |
| # actually, semantic-release does this check on its own anyway, but by adding a github ref check the job does not | |
| # even get triggered, saving some GH action minutes. | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| contents: write # for publishing GitHub releases | |
| issues: write # to be able to comment on released issues | |
| pull-requests: write # to be able to comment on released pull requests | |
| id-token: write # to enable use of OIDC for npm provenance | |
| needs: | |
| - verify | |
| - verify-minimum-version-check | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "lts/*" | |
| cache: 'npm' | |
| - run: npm ci | |
| - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies | |
| run: npm audit signatures | |
| - name: Release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # To (re-)create a suitable token, log in to https://www.npmjs.com, go to "Access Tokens" in your profile, | |
| # and create a new granular access token with read and write access scope "@dash0", i.e., under | |
| # "Packages and scopes", select "Only select packages and scopes", then the "dash0" scope. The user doing | |
| # this neeeds to have proper access to the dash0 npm organization. Providing access to the dash0 organization | |
| # (in the "Organizations" section) is not required. | |
| # The token is then provided via | |
| # https://github.com/dash0hq/opentelemetry-js-distribution/settings/secrets/actions as a repository secret. | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: npx semantic-release |