Skip to content
Quality

chore(deps): update node.js to v24 #1029

Sign in to view logs

chore(deps): update node.js to v24

chore(deps): update node.js to v24 #1029

Workflow file for this run

.github/workflows/quality.yml at b2d9054
name: Quality
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
# Run weekly on Sundays at 2 AM UTC
- cron: '0 2 * * 0'
env:
NODE_VERSION: '22'
jobs:
code-analysis:
name: Static Code Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
fetch-depth: 0 # Needed for SonarCloud
- name: Enable Corepack
run: corepack enable
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'yarn'
- name: Install dependencies
run: yarn install --immutable
- name: Run ESLint with detailed output
run: |
yarn lint --format json --output-file eslint-report.json || true
yarn lint --format unix
- name: Upload ESLint report
uses: actions/upload-artifact@v5
if: always()
with:
name: eslint-report
path: eslint-report.json
dependency-security:
name: Dependency Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Enable Corepack
run: corepack enable
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'yarn'
- name: Install dependencies
run: yarn install --immutable
- name: Run security audit
run: |
echo "Running security audit..."
yarn npm audit --all --recursive > audit-report.txt || true
# Display results
cat audit-report.txt
# Check for high/critical vulnerabilities
if grep -q "critical\|high" audit-report.txt; then
echo "❌ High or critical vulnerabilities found!"
grep -E "critical|high" audit-report.txt
exit 1
else
echo "✅ No high or critical vulnerabilities found"
fi
- name: Upload audit report
uses: actions/upload-artifact@v5
if: always()
with:
name: audit-report
path: audit-report.txt
performance-analysis:
name: Build Performance Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Enable Corepack
run: corepack enable
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'yarn'
- name: Install dependencies
run: yarn install --immutable
- name: Analyze bundle size
run: |
echo "Building application for bundle analysis..."
ANALYZE=true yarn build
- name: Check bundle sizes
run: |
echo "📊 Bundle Size Analysis"
echo "======================"
# Check .next/static/chunks for large files
find .next/static/chunks -name "*.js" -size +500k -exec ls -lh {} \; | while read line; do
echo "⚠️ Large chunk detected: $line"
done
# Check overall build size
BUILD_SIZE=$(du -sh .next | cut -f1)
echo "📦 Total build size: $BUILD_SIZE"
# Check static assets
if [ -d ".next/static" ]; then
STATIC_SIZE=$(du -sh .next/static | cut -f1)
echo "🎨 Static assets size: $STATIC_SIZE"
fi
type-coverage:
name: TypeScript Coverage
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Enable Corepack
run: corepack enable
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'yarn'
- name: Install dependencies
run: yarn install --immutable
- name: Check TypeScript coverage
run: |
echo "🔍 TypeScript Coverage Analysis"
echo "==============================="
# Count TypeScript vs JavaScript files
TS_FILES=$(find src -name "*.ts" -o -name "*.tsx" | wc -l)
JS_FILES=$(find src -name "*.js" -o -name "*.jsx" | wc -l)
TOTAL_FILES=$((TS_FILES + JS_FILES))
if [ $TOTAL_FILES -gt 0 ]; then
# Use awk for arithmetic instead of bc
TS_COVERAGE=$(awk "BEGIN {printf \"%.2f\", $TS_FILES * 100 / $TOTAL_FILES}")
echo "📈 TypeScript coverage: ${TS_COVERAGE}% (${TS_FILES}/${TOTAL_FILES} files)"
# Use awk for comparison
if [ $(awk "BEGIN {print ($TS_COVERAGE < 95)}") -eq 1 ]; then
echo "⚠️ TypeScript coverage below 95%"
echo "JavaScript files found:"
find src -name "*.js" -o -name "*.jsx" || echo "None found"
else
echo "✅ Excellent TypeScript coverage!"
fi
else
echo "ℹ️ No source files found in src directory"
fi
- name: Run strict type checking
run: |
echo "🔧 Running TypeScript checks..."
# Remove --strict flag as it may not be supported
yarn typecheck
report-summary:
name: Quality Report Summary
runs-on: ubuntu-latest
needs: [code-analysis, dependency-security, performance-analysis, type-coverage]
if: always()
steps:
- name: Generate quality report
run: |
echo "# 📋 Code Quality Report" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "## Job Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Check each job result
if [ "${{ needs.code-analysis.result }}" = "success" ]; then
echo "✅ **Code Analysis**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Code Analysis**: Failed" >> $GITHUB_STEP_SUMMARY
fi
if [ "${{ needs.dependency-security.result }}" = "success" ]; then
echo "✅ **Security Scan**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Security Scan**: Failed" >> $GITHUB_STEP_SUMMARY
fi
if [ "${{ needs.performance-analysis.result }}" = "success" ]; then
echo "✅ **Performance Analysis**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Performance Analysis**: Failed" >> $GITHUB_STEP_SUMMARY
fi
if [ "${{ needs.type-coverage.result }}" = "success" ]; then
echo "✅ **TypeScript Coverage**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **TypeScript Coverage**: Failed" >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
echo "Generated at: $(date -u)" >> $GITHUB_STEP_SUMMARY