chore: align gh actions and dependabot with ecosystem standard, updat…

…e dev dependencies
storyblok · Feb 6, 2025 · 65c67fe · 65c67fe
1 parent a4a2639
commit 65c67fe
Show file tree

Hide file tree

Showing 11 changed files with 2,925 additions and 2,285 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,8 +4,29 @@ updates:
     directory: /
     schedule:
       interval: daily
-      time: '05:00'
+      time: '04:00'
     commit-message:
       prefix: fix
       prefix-development: chore
       include: scope
+    labels:
+      - dependabot
+    groups:
+      security-updates:
+        patterns:
+          - '*'
+        exclude-patterns:
+          - 'storyblok*'
+        update-types:
+          - patch
+          - minor
+      storyblok:
+        patterns:
+          - 'storyblok*'
+        update-types:
+          - patch
+          - minor
+    ignore:
+      - dependency-name: '*'
+        update-types:
+          - version-update:semver-major
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -0,0 +1,33 @@
+name: CI
+
+on: [push, pull_request]
+
+env:
+  PNPM_CACHE_FOLDER: .pnpm-store
+  SKIP_INSTALL_SIMPLE_GIT_HOOKS: 1 # Skip installing simple-git-hooks
+
+jobs:
+  commitlint:
+    # Skip job if PR is from Dependabot
+    if: github.actor != 'dependabot[bot]'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: pnpm
+      - name: Install dependencies
+        run: pnpm install
+      - name: Validate current commit (last commit) with commitlint
+        if: github.event_name == 'push'
+        run: pnpm commitlint --last --verbose
+      - name: Validate PR commits with commitlint
+        if: github.event_name == 'pull_request'
+        run: pnpm commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose
diff --git a/.github/workflows/dependabot-autoapprove.yml b/.github/workflows/dependabot-autoapprove.yml
@@ -0,0 +1,28 @@
+name: Dependabot auto-approve
+on: pull_request
+
+permissions:
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'storyblok/storyblok-nuxt'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
+          alert-lookup: true
+      - uses: actions/checkout@v4
+      - name: Approve a PR if not already approved
+        run: |
+          gh pr checkout "$PR_URL" # sets the upstream metadata for `gh pr status`
+          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then gh pr review --approve "$PR_URL"
+          else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
+          fi
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml
@@ -9,6 +9,8 @@ on:
 
 jobs:
   main:
+    # Skip job if PR is from Dependabot
+    if: github.actor != 'dependabot[bot]'
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -3,7 +3,7 @@ on: [push]
 
 env:
   PNPM_CACHE_FOLDER: .pnpm-store
-  HUSKY: 0 # Bypass husky commit hook for CI
+  SKIP_INSTALL_SIMPLE_GIT_HOOKS: 1 # Skip installing simple-git-hooks
 
 jobs:
   lint:

diff --git a/.github/workflows/pkg.pr.new.yml b/.github/workflows/pkg.pr.new.yml
@@ -8,7 +8,7 @@ on:
 
 env:
   PNPM_CACHE_FOLDER: .pnpm-store
-  HUSKY: 0 # Bypass husky commit hook for CI
+  SKIP_INSTALL_SIMPLE_GIT_HOOKS: 1 # Skip installing simple-git-hooks
 
 permissions: {}
 
@@ -18,14 +18,15 @@ concurrency:
 
 jobs:
   build:
+    # Skip job if PR is from Dependabot
+    if: github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     strategy:
       matrix:
         node-version: [20]
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
       - run: npm i -g --force corepack && corepack enable
       - uses: actions/setup-node@v4
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,40 +2,36 @@ name: Release CI
 
 on:
   push:
-    branches: [main, next]
+    branches: [main]
   pull_request:
-    branches: [main, next]
+    branches: [main]
 
 env:
   PNPM_CACHE_FOLDER: .pnpm-store
-  HUSKY: 0 # Bypass husky commit hook for CI
+  SKIP_INSTALL_SIMPLE_GIT_HOOKS: 1 # Skip installing simple-git-hooks
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        node-version: [20]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
-      - name: Use Node.js 20
-        uses: actions/setup-node@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: ${{ matrix.node-version }}
           cache: pnpm
-      - name: Set up Cypress binary cache
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/Cypress
-          key: cypress-${{ runner.os }}-cypress-${{ hashFiles('pnpm-lock.yaml') }}
       - name: Install dependencies
         run: pnpm install
       - name: Build lib
-        run: pnpm run build
-      - name: Cypress run
-        run: pnpm run test:e2e
+        run: pnpm build
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: npx semantic-release
+        run: pnpx semantic-release
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,7 +3,7 @@ on: [push]
 
 env:
   PNPM_CACHE_FOLDER: .pnpm-store
-  HUSKY: 0 # Bypass husky commit hook for CI
+  SKIP_INSTALL_SIMPLE_GIT_HOOKS: 1 # Skip installing simple-git-hooks
 
 jobs:
   test:
@@ -33,3 +33,11 @@ jobs:
         run: pnpm run build
       - name: Cypress run
         run: pnpm run test:e2e
+      - name: Upload Cypress artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: cypress-artifacts
+          path: |
+            cypress/screenshots
+            cypress/videos
diff --git a/package.json b/package.json
@@ -1,8 +1,8 @@
 {
   "name": "@storyblok/nuxt",
   "type": "module",
-  "version": "6.1.0",
-  "packageManager": "pnpm@9.9.0",
+  "version": "6.2.2",
+  "packageManager": "pnpm@10.2.0",
   "description": "Storyblok Nuxt module",
   "repository": {
     "type": "git",
@@ -44,31 +44,38 @@
     "@storyblok/vue": "^8.1.10"
   },
   "devDependencies": {
-    "@commitlint/cli": "^19.5.0",
-    "@commitlint/config-conventional": "^19.5.0",
-    "@cypress/vite-dev-server": "^5.2.0",
-    "@nuxt/eslint": "^0.6.1",
-    "@nuxt/eslint-config": "^0.5.7",
-    "@nuxt/kit": "^3.13.2",
+    "@commitlint/cli": "^19.7.1",
+    "@commitlint/config-conventional": "^19.7.1",
+    "@cypress/vite-dev-server": "^6.0.2",
+    "@nuxt/eslint": "^1.0.0",
+    "@nuxt/eslint-config": "^1.0.0",
+    "@nuxt/kit": "^3.15.4",
     "@nuxt/module-builder": "^0.8.4",
-    "@nuxt/schema": "^3.13.2",
-    "@nuxt/test-utils": "^3.14.3",
+    "@nuxt/schema": "^3.15.4",
+    "@nuxt/test-utils": "^3.15.4",
     "@nuxtjs/eslint-config-typescript": "^12.1.0",
     "@storyblok/eslint-config": "^0.3.0",
-    "@types/node": "^20.8.10",
+    "@types/node": "^22.13.1",
     "cypress": "^13.15.0",
     "eslint": "^8.57.1",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-cypress": "^3.5.0",
     "eslint-plugin-vue": "^9.28.0",
-    "nuxt": "^3.13.2",
-    "prettier": "^3.3.3",
-    "start-server-and-test": "^2.0.8"
+    "nuxt": "^3.15.4",
+    "prettier": "^3.4.2",
+    "simple-git-hooks": "^2.11.1",
+    "start-server-and-test": "^2.0.10"
+  },
+  "pnpm": {
+    "onlyBuiltDependencies": ["cypress"]
   },
   "commitlint": {
     "extends": [
       "@commitlint/config-conventional"
-    ]
+    ],
+    "rules": {
+      "body-max-line-length": [2, "always", 200]
+    }
   },
   "release": {
     "branches": [
@@ -81,5 +88,9 @@
   },
   "publishConfig": {
     "access": "public"
+  },
+  "simple-git-hooks": {
+    "pre-commit": "pnpm lint",
+    "pre-push": "pnpm commitlint --last --verbose"
   }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,7 +3,7 @@ on: [push] @@
     env:
       PNPM_CACHE_FOLDER: .pnpm-store
-      HUSKY: 0 # Bypass husky commit hook for CI
+      SKIP_INSTALL_SIMPLE_GIT_HOOKS: 1 # Skip installing simple-git-hooks
     jobs:
       lint:
@@ Expand Down @@