diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f2f2303..fdc2334 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -@jamesrweb @yevdyko \ No newline at end of file +* @jamesrweb @yevdyko \ No newline at end of file diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..7d8a4d3 --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,126 @@ +# Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at [INSERT CONTACT +METHOD]. All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the +[Contributor Covenant](https://www.contributor-covenant.org/), version 2.1, +available at +. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion). + +For answers to common questions about this code of conduct, see the FAQ at +. Translations are available at +. diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 32050a2..ba16cab 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,13 +1,55 @@ + + +## Issue Type + + + +- [ ] πŸ› Bug Report +- [ ] πŸ’‘ Feature Request +- [ ] πŸ“ Documentation Issue +- [ ] πŸ€” Question +- [ ] 🧹 Chore +- [ ] ❓Other + +## Description + + + ## Expected Behavior + + ## Actual Behavior -## Steps to Reproduce the Problem + + +## Steps to Reproduce + + 1. 2. 3. -## Specifications +## Possible Solution + + + +## Environment + +- Package Version: +- React Version: +- Browser: +- OS: +- Node.js Version: + +## Additional Context + + + +## Minimal Reproduction -Package Version: + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index a5a697e..f8c68f1 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,9 +1,68 @@ + + +## Related Issue + + + Fixes # +## PR Type + + + +- [ ] πŸ› Bug Fix +- [ ] ✨ New Feature +- [ ] πŸ”¨ Code Refactor +- [ ] πŸ“ Documentation Update +- [ ] πŸ§ͺ Test Update +- [ ] πŸ”§ Build/CI Update +- [ ] 🧹 Chore +- [ ] βͺ Revert + +## Description + + + ## Proposed Changes + + - - - -## Additional Notes (optional) +## How Has This Been Tested? + + + +- [ ] Unit Tests +- [ ] Integration Tests +- [ ] Manual Testing (please describe) + +## Screenshots/Recordings + + + +## Breaking Changes + + + +- [ ] Yes (please describe) +- [ ] No + +## Checklist + + + +- [ ] My code follows the code style of this project +- [ ] I have updated the documentation accordingly +- [ ] I have added tests to cover my changes +- [ ] All new and existing tests passed +- [ ] My changes generate no new warnings + +## Additional Notes + + diff --git a/README.md b/.github/README.md similarity index 100% rename from README.md rename to .github/README.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 9c6566f..10eef75 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -4,20 +4,46 @@ | Version | Supported | Supported Until | | -------- | ------------------ | ----------------------------- | -| >= 4.x.x | :white_check_mark: | Next major version + 6 months | -| >= 3.0.0 | :x: | 01.06.22 | -| <= 3.0.0 | :x: | N / A | +| >= 5.x.x | :white_check_mark: | Next major version + 6 months | +| >= 4.x.x | :white_check_mark: | 2026-01-18 | +| >= 3.0.0 | :x: | 2022-06-01 | +| <= 3.0.0 | :x: | N/A | ## Reporting a Vulnerability -To report a security vulnerability please -[open a new issue](https://github.com/p5-wrapper/react/issues/new) with the -label `security`. Security issues are a priority, and we aim to resolve them -within 48 hours. If a security vulnerability cannot be resolved by us, we will -raise the issue upstream with relevant parties such as 3rd party package -managers. +To report a security vulnerability, please follow these steps: + +1. **For non-critical issues**: + [Open a new issue](https://github.com/p5-wrapper/react/issues/new) and select + the "Bug Report" template. Add the `security` label to your issue. +2. **For critical vulnerabilities**: Please report them by tagging the core + maintainers directly (see the [Contacts section](#contacts) below). + +Security issues are a priority, and we aim to resolve them within 48 hours. If +we cannot resolve a security vulnerability in the wrapper itself, we will raise +the issue upstream with relevant parties such as 3rd party package maintainers +where possible. + +## Security Updates + +We regularly update our dependencies to patch security vulnerabilities. We use +Dependabot to automate this process, which creates pull requests for security +updates monthly. ## Contacts -If you need to reach out regarding a security issue that is critically urgent -then you can reach out directly to @jamesrweb. +For **critical** security issues, please tag: + +- James Robb ([@jamesrweb](https://github.com/jamesrweb)) +- Eugene Dyko ([@yevdyko](https://github.com/yevdyko)) + +## Disclosure Policy + +When we receive a security bug report, we will: + +1. Confirm the vulnerability and determine its impact +2. Develop a fix and release it according to severity +3. Publish a security advisory if necessary + +We appreciate your help in keeping +[@p5-wrapper/react](https://github.com/p5-wrapper/react) secure! diff --git a/.github/SUPPORT.md b/.github/SUPPORT.md index 2735a2c..20c9be1 100644 --- a/.github/SUPPORT.md +++ b/.github/SUPPORT.md @@ -1,32 +1,52 @@ # Support Guidelines -This repository is maintained by the @jamesrweb and the community, who all -volunteer their time. - -We track bugs, user questions, suggestions and requests through -[issues](https://github.com/p5-wrapper/react/issues) raised via the project -repository issues tab. +We track bugs, user questions, suggestions, and requests through +[issues](https://github.com/p5-wrapper/react/issues). ## Need help with something? -All questions should be raised in -[an issue](https://github.com/p5-wrapper/react/issues/new) with the `question` -tag and the `help wanted` tag added to the issue. +If you need help with using the library or have questions about its +functionality: + +1. Check the [documentation](https://github.com/p5-wrapper/react#readme) first +2. Search for [existing issues](https://github.com/p5-wrapper/react/issues) that + might address your question +3. If you can't find an answer, create + [a new issue](https://github.com/p5-wrapper/react/issues/new) with the + `question` tag ## Found a bug? -All bugs should be raised in -[an issue](https://github.com/p5-wrapper/react/issues/new) with the `bug` tag -added to the issue. +If you've discovered a bug in the library: + +1. Check if it's already been reported in the + [issues](https://github.com/p5-wrapper/react/issues) +2. If not, create [a new issue](https://github.com/p5-wrapper/react/issues/new) + with the `bug` tag +3. Include steps to reproduce the issue, then explain what the expected and + actual behaviors are + +## Thought of a cool new feature? + +If you have an idea for a new feature or enhancement: + +1. Check if it's already been suggested in the + [issues](https://github.com/p5-wrapper/react/issues) +2. If not, create [a new issue](https://github.com/p5-wrapper/react/issues/new) + with the `enhancement` tag +3. Describe the feature and why it would be valuable for your use case + +## Community Support -## Though of a cool new feature? +For general questions about p5.js (not specific to this wrapper), you can also +check: -All bugs should be raised in -[an issue](https://github.com/p5-wrapper/react/issues/new) with the -`enhancement` tag added to the issue. +- [p5.js forum](https://discourse.processing.org/c/p5js/10) +- [p5.js reference](https://p5js.org/reference/) +- [Stack Overflow](https://stackoverflow.com/questions/tagged/p5.js) -## Have questions about the project? +## Code of Conduct -All questions should be raised in -[an issue](https://github.com/p5-wrapper/react/issues/new) with the `question` -tag added to the issue. +Please note that this project adheres to a +[Code of Conduct](https://github.com/p5-wrapper/react/blob/master/CODE_OF_CONDUCT.md). +By participating in this project, you agree to abide by its terms. diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1fc42dd..a47efd8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,11 +4,40 @@ updates: directory: "/" schedule: interval: "monthly" + open-pull-requests-limit: 10 labels: - "npm" - "dependencies" groups: production-dependencies: dependency-type: "production" + patterns: + - "*" development-dependencies: dependency-type: "development" + patterns: + - "*" + ignore: + - dependency-name: "react" + update-types: ["version-update:semver-major"] + - dependency-name: "react-dom" + update-types: ["version-update:semver-major"] + commit-message: + prefix: "🧹 chore" + include: "scope" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + open-pull-requests-limit: 5 + labels: + - "github-actions" + - "dependencies" + groups: + github-actions: + patterns: + - "*" + commit-message: + prefix: "πŸ”§ ci" + include: "scope" diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml index 2e15aba..23440ad 100644 --- a/.github/workflows/CD.yml +++ b/.github/workflows/CD.yml @@ -3,14 +3,47 @@ name: CD on: push: branches: [master] + workflow_dispatch: -concurrency: cd-${{ github.ref }} +concurrency: + group: cd-${{ github.ref }} + cancel-in-progress: true jobs: gh-pages: runs-on: ubuntu-latest + permissions: + contents: write steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile - name: Build the demo application run: pnpm build:demo @@ -19,16 +52,54 @@ jobs: uses: JamesIves/github-pages-deploy-action@v4 with: folder: dist/demo + clean: true npm: runs-on: ubuntu-latest + needs: gh-pages + permissions: + contents: read + packages: write steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + registry-url: "https://registry.npmjs.org" + + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile - name: Build the component run: pnpm build:component - - uses: JS-DevTools/npm-publish@v3 + - name: Run tests + run: pnpm test + + - name: Publish to NPM + uses: JS-DevTools/npm-publish@v3 with: access: "public" tag: "next" diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index ab48276..1ba32fa 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -3,14 +3,70 @@ name: CI on: pull_request: branches: [master] + workflow_dispatch: -concurrency: ci-${{ github.ref }} +concurrency: + group: ci-${{ github.ref }} + cancel-in-progress: true jobs: + setup: + runs-on: ubuntu-latest + outputs: + cache-key: ${{ steps.cache-key.outputs.key }} + store-path: ${{ steps.pnpm-cache.outputs.store-path }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Get pnpm store directory + id: pnpm-cache + shell: bash + run: | + echo "store-path=$(pnpm store path --silent)" >> $GITHUB_OUTPUT + + - name: Generate cache key + id: cache-key + run: + echo "key=${{ runner.os }}-pnpm-store-${{ + hashFiles('**/pnpm-lock.yaml') }}" >> $GITHUB_OUTPUT + format: + needs: setup runs-on: ubuntu-latest + permissions: + contents: write steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ needs.setup.outputs.store-path }} + key: ${{ needs.setup.outputs.cache-key }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile - name: Check formatting run: pnpm format:check @@ -20,15 +76,42 @@ jobs: run: pnpm format - name: Commit fixed formatting issues + if: ${{ failure() }} uses: stefanzweifel/git-auto-commit-action@v5 with: - commit_message: Apply fixed formatting issues + commit_message: "🧹 style: apply automatic formatting fixes" branch: ${{ github.head_ref }} lint: + needs: setup runs-on: ubuntu-latest + permissions: + contents: write steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ needs.setup.outputs.store-path }} + key: ${{ needs.setup.outputs.cache-key }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile - name: Lint run: pnpm lint @@ -38,36 +121,148 @@ jobs: run: pnpm lint:fix - name: Commit fixed linting issues + if: ${{ failure() }} uses: stefanzweifel/git-auto-commit-action@v5 with: - commit_message: Apply fixed linting issues + commit_message: "πŸ› fix: apply automatic linting fixes" branch: ${{ github.head_ref }} test: + needs: [setup, lint, format] runs-on: ubuntu-latest steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 - - name: Test - run: pnpm test + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ needs.setup.outputs.store-path }} + key: ${{ needs.setup.outputs.cache-key }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Run tests + run: pnpm test:coverage + + - name: Download previous coverage artifact + uses: actions/download-artifact@v4 + continue-on-error: true + with: + name: test-coverage-{{ matrix.runs-on }} + path: previous-coverage/ + github-token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.repository }} + + - name: Comment the new code coverage + uses: lucassabreu/comment-coverage-clover@main + continue-on-error: true + with: + file: ./coverage/clover.xml + base-file: ./previous-coverage/clover.xml + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload test coverage + if: success() + uses: actions/upload-artifact@v4 + with: + name: test-coverage-{{ matrix.runs-on }} + path: coverage/ + retention-days: 7 build: + needs: [setup, test] runs-on: ubuntu-latest steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ needs.setup.outputs.store-path }} + key: ${{ needs.setup.outputs.cache-key }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile - name: Build run: pnpm build - npm: + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + continue-on-error: true + with: + name: build-artifacts-{{ matrix.runs-on }} + path: dist/ + retention-days: 7 + + npm-dry-run: + needs: [setup, build] runs-on: ubuntu-latest steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + registry-url: "https://registry.npmjs.org" - - name: Build the component - run: pnpm build:component + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ needs.setup.outputs.store-path }} + key: ${{ needs.setup.outputs.cache-key }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Download build artifacts + uses: actions/download-artifact@v4 + continue-on-error: true + with: + name: build-artifacts-{{ matrix.runs-on }} + path: dist/ - - uses: JS-DevTools/npm-publish@v3 + - name: NPM publish dry run + uses: JS-DevTools/npm-publish@v3 with: access: "public" tag: "next" diff --git a/.github/workflows/CODEQL.yml b/.github/workflows/CODEQL.yml index 4e09d05..3ad6d0c 100644 --- a/.github/workflows/CODEQL.yml +++ b/.github/workflows/CODEQL.yml @@ -1,15 +1,17 @@ -name: CodeQL Analysis +name: CodeQL on: push: branches: [master] pull_request: branches: [master] + workflow_dispatch: jobs: analyze: name: Analyze runs-on: ubuntu-latest + timeout-minutes: 360 permissions: actions: read contents: read @@ -23,11 +25,17 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} + queries: security-extended,security-and-quality + + - name: CodeQL Autobuild + uses: github/codeql-action/autobuild@v3 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + - name: CodeQL Analysis + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/DependabotBot.yml b/.github/workflows/DependabotBot.yml index 61a2138..dd747df 100644 --- a/.github/workflows/DependabotBot.yml +++ b/.github/workflows/DependabotBot.yml @@ -1,26 +1,71 @@ -name: Dependabot Bot +name: Dependabot on: pull_request: branches: [master] -concurrency: dependabot-${{ github.ref }} +concurrency: + group: dependabot-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: write + pull-requests: write jobs: - dependabot-bot: + dependabot-auto-format: runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' steps: - - uses: P5-wrapper/setup-action@v1.0.6 + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.GITHUB_TOKEN }} - - name: Run format if the PR is from the Dependabot Bot - if: github.actor == 'dependabot[bot]' - run: pnpm format + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Setup PNPM + uses: pnpm/action-setup@v3 + with: + version: 10 + run_install: false + + - name: Get pnpm store directory shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - name: Commit any formatting changes - if: github.actor == 'dependabot[bot]' - uses: stefanzweifel/git-auto-commit-action@v5.0.0 + - name: Setup pnpm cache + uses: actions/cache@v4 with: - commit_message: Apply formatting updates - branch: ${{ github.ref_name }} - token: ${{ secrets.GH_TOKEN }} + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Run format + run: pnpm format + + - name: Run lint fix + run: pnpm lint:fix + continue-on-error: true + + - name: Commit formatting changes + uses: stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "🧹 style: apply formatting to dependabot PR" + branch: ${{ github.head_ref }} + + - name: Enable auto-merge for Dependabot PRs + run: | + PR_URL="${{ github.event.pull_request.html_url }}" + gh pr merge --auto --merge "$PR_URL" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}