Switch from Dependabot to Renovate to match org convention #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Least-privilege: this workflow only reads the repo to lint/build/verify; it | |
| # never writes back. Anything that needs write scopes lives in a separate | |
| # workflow with its own scoped permissions. | |
| permissions: | |
| contents: read | |
| jobs: | |
| ci: | |
| name: Lint, build, verify | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 | |
| with: | |
| bun-version: 1.3.13 | |
| # Bun is the package manager and script runner, but Next.js (and tsc) | |
| # run on Node. ubuntu-latest's default Node version drifts; pin via | |
| # .nvmrc so a future GitHub bump can't break the build silently. | |
| - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Install | |
| run: bun install --frozen-lockfile | |
| - name: Lint + format check | |
| run: bun run check:ci | |
| # Build BEFORE typecheck: the build runs velite (populating .velite/ | |
| # which the `#site/content` path alias resolves to) and produces | |
| # next-env.d.ts. tsc fails without these, so order matters here. | |
| - name: Build | |
| run: bun run build | |
| - name: Type check | |
| run: bun run typecheck | |
| - name: Start server | |
| run: | | |
| bun run start > /tmp/server.log 2>&1 & | |
| echo $! > /tmp/server.pid | |
| for i in $(seq 1 30); do | |
| if curl -sf http://localhost:3000 > /dev/null; then | |
| echo "server ready" | |
| exit 0 | |
| fi | |
| sleep 1 | |
| done | |
| echo "server failed to start in 30s" | |
| cat /tmp/server.log | |
| exit 1 | |
| - name: Verify endpoints | |
| run: bun run verify | |
| - name: Stop server | |
| if: always() | |
| run: | | |
| if [ -f /tmp/server.pid ]; then | |
| kill $(cat /tmp/server.pid) 2>/dev/null || true | |
| fi | |
| - name: Server logs (on failure) | |
| if: failure() | |
| run: cat /tmp/server.log || true |