⚡ Speed up FilterArbitrary shrink hot path
#16693
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Status | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - 'next-*_*_*' | |
| - 'fix-v*' | |
| pull_request: | |
| types: [opened, synchronize, reopened, labeled] | |
| branches: | |
| - main | |
| - 'next-*_*_*' | |
| - 'fix-v*' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Root jobs | |
| warmup_pnpm_cache: | |
| name: 'Warm up pnpm cache' | |
| if: github.event_name == 'push' || github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || (github.event.action == 'labeled' && github.event.label.name == 'force-build-status-execution') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| id: pnpm-cache | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Update pnpm cache | |
| if: steps.pnpm-cache.outputs.cache-hit != 'true' | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| warmup_pnpm_cache_others: | |
| name: 'Warm up pnpm cache (others)' | |
| if: github.event_name == 'push' || github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || (github.event.action == 'labeled' && github.event.label.name == 'force-build-status-execution') | |
| runs-on: ${{matrix.os}} | |
| strategy: | |
| matrix: | |
| os: ['macos-latest', 'windows-latest'] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| id: pnpm-cache | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Update pnpm cache | |
| if: steps.pnpm-cache.outputs.cache-hit != 'true' | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| # Jobs without any strong requirement on warmup_pnpm_cache | |
| # except that they have to wait for it to avoid setting an empty cache that would replace the one pushed by warmup_pnpm_cache | |
| no_dedupe_required: | |
| name: 'No dedupe required' | |
| needs: warmup_pnpm_cache | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Ensure no dedupe required | |
| run: pnpm dedupe --check | |
| package_quality: | |
| name: 'Package quality' | |
| needs: warmup_pnpm_cache | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Check package score using skypack | |
| run: cd packages/fast-check && pnpm dlx @skypack/package-check | |
| # Jobs requesting warmup_pnpm_cache | |
| format_lint: | |
| name: 'Format & Lint' | |
| needs: warmup_pnpm_cache | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm --filter @fast-check/monorepo install --frozen-lockfile --ignore-scripts | |
| - name: Check format | |
| run: node --run format:check | |
| - name: Check lint | |
| run: node --run lint:check | |
| production_packages: | |
| name: 'Build production packages' | |
| needs: warmup_pnpm_cache | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: ${{ github.event_name == 'push' && '' || 'pnpm' }} | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Build production packages | |
| run: node --run build-ci:all | |
| - name: Create bundles | |
| run: node --run pack:all | |
| - name: Upload production packages | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: bundles | |
| path: packages/**/package.tgz | |
| if-no-files-found: error | |
| retention-days: 1 | |
| # Jobs requesting warmup_pnpm_cache AND production_packages | |
| typecheck: | |
| name: 'Typecheck' | |
| needs: | |
| - warmup_pnpm_cache | |
| - production_packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Unpack production packages | |
| run: node --run unpack:all | |
| - name: Typecheck | |
| run: node --run typecheck:all | |
| - name: Check API surface (missing exports, inconsistent visibility, etc.) | |
| run: pnpm --filter fast-check run api-extractor | |
| preview: | |
| name: 'Preview' | |
| needs: | |
| - warmup_pnpm_cache | |
| - production_packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Unpack production packages | |
| run: node --run unpack:all | |
| # These are not real npm publish commands, but pnpm exec pkg-pr-new publish | |
| # pkg-pr-new is a tool for creating preview deployments, not for publishing to npm | |
| - name: Preview (no comment) # zizmor: ignore[use-trusted-publishing] | |
| if: github.event_name != 'pull_request' | |
| run: pnpm exec pkg-pr-new publish --pnpm --compact './packages/*' --template './examples' --comment=off | |
| - name: Preview # zizmor: ignore[use-trusted-publishing] | |
| if: github.event_name == 'pull_request' | |
| run: pnpm exec pkg-pr-new publish --pnpm --compact './packages/*' --template './examples' | |
| test: | |
| name: 'Test' | |
| needs: | |
| - warmup_pnpm_cache | |
| - warmup_pnpm_cache_others | |
| - production_packages | |
| runs-on: ${{matrix.os}} | |
| strategy: | |
| matrix: | |
| node-version: [22.x, 24.x, latest] | |
| os: ['ubuntu-latest'] | |
| shard-id: ['1'] | |
| shard-count: ['1'] | |
| include: | |
| - node-version: 24.x | |
| os: 'macos-latest' | |
| shard-id: 1 | |
| shard-count: 3 | |
| - node-version: 24.x | |
| os: 'macos-latest' | |
| shard-id: 2 | |
| shard-count: 3 | |
| - node-version: 24.x | |
| - node-version: 24.x | |
| os: 'macos-latest' | |
| shard-id: 3 | |
| shard-count: 3 | |
| - node-version: 24.x | |
| os: 'windows-latest' | |
| shard-id: 1 | |
| shard-count: 3 | |
| - node-version: 24.x | |
| os: 'windows-latest' | |
| shard-id: 2 | |
| shard-count: 3 | |
| - node-version: 24.x | |
| os: 'windows-latest' | |
| shard-id: 3 | |
| shard-count: 3 | |
| env: | |
| ENABLE_COVERAGE: ${{ matrix.os == 'macos-latest' }} | |
| SKIP_DOCUMENTATION: ${{ matrix.node-version != '24.x' || matrix.os == 'windows-latest' }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v${{matrix.node-version}} | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: ${{matrix.node-version}} | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Unpack production packages | |
| if: matrix.os != 'windows-latest' | |
| run: pnpm run unpack:all | |
| - name: Unpack production packages (Windows only) | |
| if: matrix.os == 'windows-latest' | |
| # untar seems to fail on Windows when untaring already existing files | |
| run: pnpm run unpack:all || true | |
| - name: Unit tests | |
| shell: bash -l {0} | |
| # The DEFAULT_SEED might be used by some of the packages and might be ignored by others | |
| # It's aim is to help to diagnose infinite loop that may occur during tests and cannot be stopped by fast-check itself | |
| run: | | |
| export EXPECT_DEFAULT_SEED="true" | |
| export DEFAULT_SEED=$(node -p "Date.now() ^ (Math.random() * 0x100000000)") | |
| export FAST_CI_RUN=$("${ENABLE_COVERAGE}" = "true") | |
| echo "DEFAULT_SEED is: ${DEFAULT_SEED}" | |
| if [ "${ENABLE_COVERAGE}" = "true" ]; then | |
| pnpm run test:coverage --shard=${{matrix.shard-id}}/${{matrix.shard-count}} | |
| else | |
| pnpm run test --shard=${{matrix.shard-id}}/${{matrix.shard-count}} | |
| fi | |
| - name: Upload coverage | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| if: env.ENABLE_COVERAGE == 'true' | |
| with: | |
| name: 'coverage-${{matrix.shard-id}}' | |
| path: coverage/ | |
| if-no-files-found: error | |
| retention-days: 1 | |
| publish_test_coverage: | |
| name: 'Publish test coverage' | |
| needs: | |
| - test | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Download coverage | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| pattern: coverage-* | |
| path: coverage-reports/ | |
| - name: Codecov | |
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 | |
| with: | |
| name: tests | |
| flags: tests | |
| token: ${{secrets.CODECOV_TOKEN}} | |
| fail_ci_if_error: true # default: false | |
| verbose: false # default: false | |
| documentation: | |
| name: 'Build documentation' | |
| needs: | |
| - warmup_pnpm_cache | |
| - production_packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 # all history in order to be able to show last-edited-at dates | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm --filter website install --frozen-lockfile --ignore-scripts | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Unpack production packages | |
| run: node --run unpack:all | |
| - name: Get date cache buster | |
| id: get-date | |
| shell: bash | |
| run: echo "date=$(/bin/date -u "+%Y%m")" >> $GITHUB_OUTPUT | |
| - name: Cache for assets | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: | | |
| website/static/img/sponsors.svg | |
| website/static/img/_ | |
| website/static/img/**/*.gif | |
| website/static/img/**/*.png | |
| key: assets-${{steps.get-date.outputs.date}}-${{hashFiles('.all-contributorsrc', 'website/prebuild/optimize-images.mjs')}} | |
| - name: Generate documentation | |
| run: pnpm --filter website run build | |
| - name: Copy raw logo within documentation | |
| run: cp website/static/img/logo.png website/build/assets/images/logo.png | |
| - name: Upload documentation artifacts | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: website | |
| path: website/build/ | |
| if-no-files-found: error | |
| retention-days: 1 | |
| test_bundle: | |
| name: 'Test bundle' | |
| needs: | |
| - warmup_pnpm_cache | |
| - production_packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Unpack production packages | |
| run: node --run unpack:all | |
| - name: Alter internals to behave as if published | |
| run: pnpm --filter {./packages/**} --parallel exec $(pnpm bin)/packaged --keep node_modules --keep test-bundle | |
| - name: Check publication lint | |
| run: node --run publint:all | |
| - name: Check bundles | |
| run: pnpm --filter {./packages/**} --parallel run test-bundle | |
| - name: Check legacy bundles | |
| run: | | |
| export NODE_VERSION="$(node --version)" | |
| export NVS_HOME="$HOME/.nvs" | |
| git clone --branch v1.7.1 --depth 1 https://github.com/jasongin/nvs "$NVS_HOME" | |
| if [ "$(git -C "$NVS_HOME" rev-parse HEAD)" != "b87ae9593cd20e7b667e9099240c9befeb50659f" ]; then | |
| echo "ERROR: HEAD is not the expected commit hash" | |
| exit 1 | |
| fi | |
| chmod +x "$NVS_HOME/nvs" | |
| export PATH="$PATH:$NVS_HOME" | |
| if [ "$(node --version)" != "$NODE_VERSION" ]; then | |
| echo "ERROR: Node version got updated from $NODE_VERSION to $(node --version)" | |
| exit 2 | |
| fi | |
| pnpm --filter {./packages/**} --parallel run test-legacy-bundle | |
| if [ "$(node --version)" != "$NODE_VERSION" ]; then | |
| echo "ERROR: Node version got updated from $NODE_VERSION to $(node --version)" | |
| exit 3 | |
| fi | |
| test_types: | |
| name: 'Test types' | |
| needs: | |
| - warmup_pnpm_cache | |
| - production_packages | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| ts-version: | |
| # Latest version of TypeScript | |
| - 'latest' | |
| # Various intermediate versions of Typescript (if any required) | |
| - '5.8' # First version supporting require(esm) | |
| - '5.7' # First version adding generics on Uint8Array | |
| # Minimal requirement for TypeScript | |
| - '5.0' | |
| # Other release channels for TypeScript | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: '24.x' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Unpack production packages | |
| run: node --run unpack:all | |
| - name: Alter internals to behave as if published | |
| run: pnpm --filter {./packages/**} --parallel exec $(pnpm bin)/packaged --keep node_modules --keep test-types | |
| - name: Switch folder to CommonJS | |
| run: pnpm --filter {./packages/**} --parallel -c exec "cd test-types && ../../../.github/scripts/rename.sh ts cts" | |
| - name: Check in CommonJS mode | |
| run: pnpm --filter {./packages/**} --filter '!@fast-check/ava' --filter '!@fast-check/packaged' --filter '!@fast-check/poisoning' --filter '!@fast-check/vitest' --filter '!@fast-check/worker' --parallel -c exec "cd test-types && pnpm --package typescript@${{ matrix.ts-version }} dlx tsc --noEmit --skipLibCheck --strict *.cts" | |
| - name: Check in CommonJS mode with NodeNext | |
| run: pnpm --filter {./packages/**} --filter '!@fast-check/ava' --filter '!@fast-check/packaged' --filter '!@fast-check/poisoning' --filter '!@fast-check/vitest' --filter '!@fast-check/worker' --parallel -c exec "cd test-types && pnpm --package typescript@${{ matrix.ts-version }} dlx tsc --noEmit --skipLibCheck --strict --module NodeNext --moduleResolution NodeNext *.cts" | |
| - name: Switch folder to ES Modules | |
| run: pnpm --filter {./packages/**} --parallel -c exec "cd test-types && ../../../.github/scripts/rename.sh cts mts" | |
| - name: Check in ES Modules mode | |
| run: | | |
| if [ "${{ matrix.ts-version }}" = "5.0" ] || [ "${{ matrix.ts-version }}" = "5.7" ]; then | |
| pnpm --filter {./packages/**} --filter '!@fast-check/ava' --filter '!@fast-check/packaged' --filter '!@fast-check/poisoning' --filter '!@fast-check/vitest' --filter '!@fast-check/worker' --parallel -c exec "cd test-types && pnpm --package typescript@${{ matrix.ts-version }} dlx tsc --noEmit --skipLibCheck --strict *.mts" | |
| else | |
| pnpm --filter {./packages/**} --filter '!@fast-check/ava' --filter '!@fast-check/packaged' --filter '!@fast-check/poisoning' --filter '!@fast-check/vitest' --filter '!@fast-check/worker' --parallel -c exec "cd test-types && pnpm --package typescript@${{ matrix.ts-version }} dlx tsc --noEmit --skipLibCheck --strict *.mts" | |
| fi | |
| - name: Check in ES Modules mode with NodeNext | |
| run: | | |
| if [ "${{ matrix.ts-version }}" = "5.0" ] || [ "${{ matrix.ts-version }}" = "5.7" ]; then | |
| pnpm --filter {./packages/**} --filter '!@fast-check/ava' --filter '!@fast-check/packaged' --filter '!@fast-check/poisoning' --filter '!@fast-check/vitest' --filter '!@fast-check/worker' --parallel -c exec "cd test-types && pnpm --package typescript@${{ matrix.ts-version }} dlx tsc --noEmit --skipLibCheck --strict --module NodeNext --moduleResolution NodeNext *.mts" | |
| else | |
| pnpm --filter {./packages/**} --parallel -c exec "cd test-types && pnpm --package typescript@${{ matrix.ts-version }} dlx tsc --noEmit --skipLibCheck --strict --module NodeNext --moduleResolution NodeNext *.mts" | |
| fi | |
| # Job to confirm every required job passed | |
| pre_all_checks_passed: | |
| name: 'Pre All checks passed' | |
| needs: | |
| - production_packages | |
| - documentation | |
| - format_lint | |
| - no_dedupe_required | |
| - package_quality | |
| - typecheck | |
| - test | |
| - test_bundle | |
| - test_types | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Success | |
| run: echo "Success" | |
| all_checks_passed: | |
| name: 'All checks passed' | |
| needs: pre_all_checks_passed | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - if: needs.pre_all_checks_passed.result == 'success' | |
| name: Success | |
| run: echo "Success" | |
| - if: needs.pre_all_checks_passed.result != 'success' | |
| name: Failure | |
| run: exit 1 | |
| # Publication jobs | |
| publish_documentation_netlify: | |
| name: 'Publish documentation on Netlify' | |
| if: github.event_name == 'push' | |
| needs: documentation | |
| runs-on: ubuntu-latest | |
| env: | |
| DRAFT_BUILD: ${{github.ref == 'refs/heads/main' && 'false' || 'true'}} | |
| steps: | |
| - name: Download documentation artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: website | |
| path: artifacts/ | |
| - name: Alter robots.txt for draft build | |
| if: env.DRAFT_BUILD == 'true' | |
| run: | | |
| echo "User-agent: *" > artifacts/robots.txt | |
| echo "Disallow: /" >> artifacts/robots.txt | |
| - name: Configure custom headers | |
| run: | | |
| echo "/*" > artifacts/_headers | |
| echo " Content-Security-Policy: default-src 'self'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com api.securityscorecards.dev bestpractices.coreinfrastructure.org www.bestpractices.dev cdn.bsky.app;connect-src *.algolia.net askai.algolia.com *.algolianet.com public.api.bsky.app api.counterapi.dev;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src 'self' stackblitz.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers | |
| - name: Compress documentation artifacts as zip | |
| run: zip -r artifacts.zip artifacts | |
| - name: Deploy to Netlify | |
| env: | |
| DRAFT_BUILD_VALUE: ${{env.DRAFT_BUILD}} | |
| run: >- | |
| curl -H "Content-Type: application/zip" | |
| -H "Authorization: Bearer ${{secrets.NETLIFY_AUTH_TOKEN}}" | |
| --data-binary "@artifacts.zip" | |
| https://api.netlify.com/api/v1/sites/${{secrets.NETLIFY_SITE_ID}}/deploys?draft=$DRAFT_BUILD_VALUE | |
| check_any_package: | |
| name: 'Check publish any package' | |
| needs: all_checks_passed | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tag_count: ${{steps.tag_count.outputs.count}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: tag_count | |
| name: Check if one tag matches the package | |
| run: | | |
| echo -n "count=" >> "$GITHUB_OUTPUT" | |
| git tag --points-at HEAD | wc -l >> "$GITHUB_OUTPUT" | |
| check_publish_fc: | |
| name: Check publish fast-check | |
| needs: check_any_package | |
| if: needs.check_any_package.outputs.tag_count != '0' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| status: ${{steps.check_has_tag.outcome}} | |
| tag: ${{steps.check_has_tag.outputs.tag}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: check_has_tag | |
| name: Check if one tag matches the package | |
| run: echo "tag=$(git tag --points-at HEAD | grep '^v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' || true)" >> "$GITHUB_OUTPUT" | |
| publish_package_fc: | |
| name: Publish fast-check | |
| needs: check_publish_fc | |
| if: needs.check_publish_fc.outputs.tag != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| # These are false positives - attestations ensure artifact integrity | |
| # setup-node actions in publish jobs followed by gh-release for attestation uploads | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # zizmor: ignore[cache-poisoning] | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| check-latest: true | |
| - name: Install npm with stage publish support | |
| # Run outside the repo so the project's devEngines pin (pnpm) does not block npm | |
| run: cd .. && npm install -g npm@latest | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Set package filename | |
| run: echo "TGZ_NAME=fast-check-$(tar -xzOf packages/fast-check/package.tgz package/package.json | jq -r '.version').tgz" >> $GITHUB_ENV | |
| - name: Rename package for publication | |
| run: mv packages/fast-check/package.tgz "packages/fast-check/$TGZ_NAME" | |
| - name: Publish fast-check | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
| run: cd .. && npm stage publish --access public --tag "$PUBLISH_TAG" "$GITHUB_WORKSPACE/packages/fast-check/$TGZ_NAME" | |
| - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| id: attest | |
| with: | |
| subject-path: packages/fast-check/${{env.TGZ_NAME}} | |
| - name: Rename attestation bundle | |
| run: mv "$BUNDLE_PATH" "packages/fast-check/$TGZ_NAME.sigstore.json" | |
| env: | |
| BUNDLE_PATH: ${{steps.attest.outputs.bundle-path}} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| tag_name: ${{needs.check_publish_fc.outputs.tag}} | |
| draft: false | |
| append_body: true | |
| fail_on_unmatched_files: true | |
| overwrite_files: false | |
| files: | | |
| packages/fast-check/${{env.TGZ_NAME}} | |
| packages/fast-check/${{env.TGZ_NAME}}.sigstore.json | |
| body: | | |
| [View attestation](${{steps.attest.outputs.attestation-url}}) • [Documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations) | |
| check_publish_ava: | |
| name: Check publish @fast-check/ava | |
| needs: check_any_package | |
| if: needs.check_any_package.outputs.tag_count != '0' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| status: ${{steps.check_has_tag.outcome}} | |
| tag: ${{steps.check_has_tag.outputs.tag}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: check_has_tag | |
| name: Check if one tag matches the package | |
| run: echo "tag=$(git tag --points-at HEAD | grep '^ava/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' || true)" >> "$GITHUB_OUTPUT" | |
| publish_package_ava: | |
| name: Publish @fast-check/ava | |
| needs: check_publish_ava | |
| if: needs.check_publish_ava.outputs.tag != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # zizmor: ignore[cache-poisoning] | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| check-latest: true | |
| - name: Install npm with stage publish support | |
| # Run outside the repo so the project's devEngines pin (pnpm) does not block npm | |
| run: cd .. && npm install -g npm@latest | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Set package filename | |
| run: echo "TGZ_NAME=ava-$(tar -xzOf packages/ava/package.tgz package/package.json | jq -r '.version').tgz" >> $GITHUB_ENV | |
| - name: Rename package for publication | |
| run: mv packages/ava/package.tgz "packages/ava/$TGZ_NAME" | |
| - name: Publish @fast-check/ava | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
| run: cd .. && npm stage publish --access public --tag "$PUBLISH_TAG" "$GITHUB_WORKSPACE/packages/ava/$TGZ_NAME" | |
| - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| id: attest | |
| with: | |
| subject-path: packages/ava/${{env.TGZ_NAME}} | |
| - name: Rename attestation bundle | |
| run: mv "$BUNDLE_PATH" "packages/ava/$TGZ_NAME.sigstore.json" | |
| env: | |
| BUNDLE_PATH: ${{steps.attest.outputs.bundle-path}} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| tag_name: ${{needs.check_publish_ava.outputs.tag}} | |
| draft: false | |
| append_body: true | |
| fail_on_unmatched_files: true | |
| overwrite_files: false | |
| files: | | |
| packages/ava/${{env.TGZ_NAME}} | |
| packages/ava/${{env.TGZ_NAME}}.sigstore.json | |
| body: | | |
| [View attestation](${{steps.attest.outputs.attestation-url}}) • [Documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations) | |
| check_publish_jest: | |
| name: Check publish @fast-check/jest | |
| needs: check_any_package | |
| if: needs.check_any_package.outputs.tag_count != '0' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| status: ${{steps.check_has_tag.outcome}} | |
| tag: ${{steps.check_has_tag.outputs.tag}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: check_has_tag | |
| name: Check if one tag matches the package | |
| run: echo "tag=$(git tag --points-at HEAD | grep '^jest/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' || true)" >> "$GITHUB_OUTPUT" | |
| publish_package_jest: | |
| name: Publish @fast-check/jest | |
| needs: check_publish_jest | |
| if: needs.check_publish_jest.outputs.tag != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # zizmor: ignore[cache-poisoning] | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| check-latest: true | |
| - name: Install npm with stage publish support | |
| # Run outside the repo so the project's devEngines pin (pnpm) does not block npm | |
| run: cd .. && npm install -g npm@latest | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Set package filename | |
| run: echo "TGZ_NAME=jest-$(tar -xzOf packages/jest/package.tgz package/package.json | jq -r '.version').tgz" >> $GITHUB_ENV | |
| - name: Rename package for publication | |
| run: mv packages/jest/package.tgz "packages/jest/$TGZ_NAME" | |
| - name: Publish @fast-check/jest | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
| run: cd .. && npm stage publish --access public --tag "$PUBLISH_TAG" "$GITHUB_WORKSPACE/packages/jest/$TGZ_NAME" | |
| - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| id: attest | |
| with: | |
| subject-path: packages/jest/${{env.TGZ_NAME}} | |
| - name: Rename attestation bundle | |
| run: mv "$BUNDLE_PATH" "packages/jest/$TGZ_NAME.sigstore.json" | |
| env: | |
| BUNDLE_PATH: ${{steps.attest.outputs.bundle-path}} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| tag_name: ${{needs.check_publish_jest.outputs.tag}} | |
| draft: false | |
| append_body: true | |
| fail_on_unmatched_files: true | |
| overwrite_files: false | |
| files: | | |
| packages/jest/${{env.TGZ_NAME}} | |
| packages/jest/${{env.TGZ_NAME}}.sigstore.json | |
| body: | | |
| [View attestation](${{steps.attest.outputs.attestation-url}}) • [Documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations) | |
| check_publish_packaged: | |
| name: Check publish @fast-check/packaged | |
| needs: check_any_package | |
| if: needs.check_any_package.outputs.tag_count != '0' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| status: ${{steps.check_has_tag.outcome}} | |
| tag: ${{steps.check_has_tag.outputs.tag}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: check_has_tag | |
| name: Check if one tag matches the package | |
| run: echo "tag=$(git tag --points-at HEAD | grep '^packaged/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' || true)" >> "$GITHUB_OUTPUT" | |
| publish_package_packaged: | |
| name: Publish @fast-check/packaged | |
| needs: check_publish_packaged | |
| if: needs.check_publish_packaged.outputs.tag != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # zizmor: ignore[cache-poisoning] | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| check-latest: true | |
| - name: Install npm with stage publish support | |
| # Run outside the repo so the project's devEngines pin (pnpm) does not block npm | |
| run: cd .. && npm install -g npm@latest | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Set package filename | |
| run: echo "TGZ_NAME=packaged-$(tar -xzOf packages/packaged/package.tgz package/package.json | jq -r '.version').tgz" >> $GITHUB_ENV | |
| - name: Rename package for publication | |
| run: mv packages/packaged/package.tgz "packages/packaged/$TGZ_NAME" | |
| - name: Publish @fast-check/packaged | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
| run: cd .. && npm stage publish --access public --tag "$PUBLISH_TAG" "$GITHUB_WORKSPACE/packages/packaged/$TGZ_NAME" | |
| - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| id: attest | |
| with: | |
| subject-path: packages/packaged/${{env.TGZ_NAME}} | |
| - name: Rename attestation bundle | |
| run: mv "$BUNDLE_PATH" "packages/packaged/$TGZ_NAME.sigstore.json" | |
| env: | |
| BUNDLE_PATH: ${{steps.attest.outputs.bundle-path}} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| tag_name: ${{needs.check_publish_packaged.outputs.tag}} | |
| draft: false | |
| append_body: true | |
| fail_on_unmatched_files: true | |
| overwrite_files: false | |
| files: | | |
| packages/packaged/${{env.TGZ_NAME}} | |
| packages/packaged/${{env.TGZ_NAME}}.sigstore.json | |
| body: | | |
| [View attestation](${{steps.attest.outputs.attestation-url}}) • [Documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations) | |
| check_publish_poisoning: | |
| name: Check publish @fast-check/poisoning | |
| needs: check_any_package | |
| if: needs.check_any_package.outputs.tag_count != '0' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| status: ${{steps.check_has_tag.outcome}} | |
| tag: ${{steps.check_has_tag.outputs.tag}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: check_has_tag | |
| name: Check if one tag matches the package | |
| run: echo "tag=$(git tag --points-at HEAD | grep '^poisoning/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' || true)" >> "$GITHUB_OUTPUT" | |
| publish_package_poisoning: | |
| name: Publish @fast-check/poisoning | |
| needs: check_publish_poisoning | |
| if: needs.check_publish_poisoning.outputs.tag != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # zizmor: ignore[cache-poisoning] | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| check-latest: true | |
| - name: Install npm with stage publish support | |
| # Run outside the repo so the project's devEngines pin (pnpm) does not block npm | |
| run: cd .. && npm install -g npm@latest | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Set package filename | |
| run: echo "TGZ_NAME=poisoning-$(tar -xzOf packages/poisoning/package.tgz package/package.json | jq -r '.version').tgz" >> $GITHUB_ENV | |
| - name: Rename package for publication | |
| run: mv packages/poisoning/package.tgz "packages/poisoning/$TGZ_NAME" | |
| - name: Publish @fast-check/poisoning | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
| run: cd .. && npm stage publish --access public --tag "$PUBLISH_TAG" "$GITHUB_WORKSPACE/packages/poisoning/$TGZ_NAME" | |
| - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| id: attest | |
| with: | |
| subject-path: packages/poisoning/${{env.TGZ_NAME}} | |
| - name: Rename attestation bundle | |
| run: mv "$BUNDLE_PATH" "packages/poisoning/$TGZ_NAME.sigstore.json" | |
| env: | |
| BUNDLE_PATH: ${{steps.attest.outputs.bundle-path}} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| tag_name: ${{needs.check_publish_poisoning.outputs.tag}} | |
| draft: false | |
| append_body: true | |
| fail_on_unmatched_files: true | |
| overwrite_files: false | |
| files: | | |
| packages/poisoning/${{env.TGZ_NAME}} | |
| packages/poisoning/${{env.TGZ_NAME}}.sigstore.json | |
| body: | | |
| [View attestation](${{steps.attest.outputs.attestation-url}}) • [Documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations) | |
| check_publish_vitest: | |
| name: Check publish @fast-check/vitest | |
| needs: check_any_package | |
| if: needs.check_any_package.outputs.tag_count != '0' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| status: ${{steps.check_has_tag.outcome}} | |
| tag: ${{steps.check_has_tag.outputs.tag}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: check_has_tag | |
| name: Check if one tag matches the package | |
| run: echo "tag=$(git tag --points-at HEAD | grep '^vitest/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' || true)" >> "$GITHUB_OUTPUT" | |
| publish_package_vitest: | |
| name: Publish @fast-check/vitest | |
| needs: check_publish_vitest | |
| if: needs.check_publish_vitest.outputs.tag != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # zizmor: ignore[cache-poisoning] | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| check-latest: true | |
| - name: Install npm with stage publish support | |
| # Run outside the repo so the project's devEngines pin (pnpm) does not block npm | |
| run: cd .. && npm install -g npm@latest | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Set package filename | |
| run: echo "TGZ_NAME=vitest-$(tar -xzOf packages/vitest/package.tgz package/package.json | jq -r '.version').tgz" >> $GITHUB_ENV | |
| - name: Rename package for publication | |
| run: mv packages/vitest/package.tgz "packages/vitest/$TGZ_NAME" | |
| - name: Publish @fast-check/vitest | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
| run: cd .. && npm stage publish --access public --tag "$PUBLISH_TAG" "$GITHUB_WORKSPACE/packages/vitest/$TGZ_NAME" | |
| - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| id: attest | |
| with: | |
| subject-path: packages/vitest/${{env.TGZ_NAME}} | |
| - name: Rename attestation bundle | |
| run: mv "$BUNDLE_PATH" "packages/vitest/$TGZ_NAME.sigstore.json" | |
| env: | |
| BUNDLE_PATH: ${{steps.attest.outputs.bundle-path}} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| tag_name: ${{needs.check_publish_vitest.outputs.tag}} | |
| draft: false | |
| append_body: true | |
| fail_on_unmatched_files: true | |
| overwrite_files: false | |
| files: | | |
| packages/vitest/${{env.TGZ_NAME}} | |
| packages/vitest/${{env.TGZ_NAME}}.sigstore.json | |
| body: | | |
| [View attestation](${{steps.attest.outputs.attestation-url}}) • [Documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations) | |
| check_publish_worker: | |
| name: Check publish @fast-check/worker | |
| needs: check_any_package | |
| if: needs.check_any_package.outputs.tag_count != '0' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| status: ${{steps.check_has_tag.outcome}} | |
| tag: ${{steps.check_has_tag.outputs.tag}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - id: check_has_tag | |
| name: Check if one tag matches the package | |
| run: echo "tag=$(git tag --points-at HEAD | grep '^worker/v[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*' || true)" >> "$GITHUB_OUTPUT" | |
| publish_package_worker: | |
| name: Publish @fast-check/worker | |
| needs: check_publish_worker | |
| if: needs.check_publish_worker.outputs.tag != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Using Node v24.x | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # zizmor: ignore[cache-poisoning] | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| check-latest: true | |
| - name: Install npm with stage publish support | |
| # Run outside the repo so the project's devEngines pin (pnpm) does not block npm | |
| run: cd .. && npm install -g npm@latest | |
| - name: Download production packages | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bundles | |
| path: packages/ | |
| - name: Set package filename | |
| run: echo "TGZ_NAME=worker-$(tar -xzOf packages/worker/package.tgz package/package.json | jq -r '.version').tgz" >> $GITHUB_ENV | |
| - name: Rename package for publication | |
| run: mv packages/worker/package.tgz "packages/worker/$TGZ_NAME" | |
| - name: Publish @fast-check/worker | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| PUBLISH_TAG: ${{github.ref == 'refs/heads/main' && 'latest' || startsWith(github.ref, 'refs/heads/next-') && 'next' || 'legacy'}} | |
| run: cd .. && npm stage publish --access public --tag "$PUBLISH_TAG" "$GITHUB_WORKSPACE/packages/worker/$TGZ_NAME" | |
| - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| id: attest | |
| with: | |
| subject-path: packages/worker/${{env.TGZ_NAME}} | |
| - name: Rename attestation bundle | |
| run: mv "$BUNDLE_PATH" "packages/worker/$TGZ_NAME.sigstore.json" | |
| env: | |
| BUNDLE_PATH: ${{steps.attest.outputs.bundle-path}} | |
| - name: Update GitHub Release | |
| uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 | |
| with: | |
| tag_name: ${{needs.check_publish_worker.outputs.tag}} | |
| draft: false | |
| append_body: true | |
| fail_on_unmatched_files: true | |
| overwrite_files: false | |
| files: | | |
| packages/worker/${{env.TGZ_NAME}} | |
| packages/worker/${{env.TGZ_NAME}}.sigstore.json | |
| body: | | |
| [View attestation](${{steps.attest.outputs.attestation-url}}) • [Documentation](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations) |