Addausi patch 2 #2604
Addausi patch 2 #2604
Conversation
This workflow automates the testing and publishing of Node.js packages to GitHub Packages upon release creation.
Add workflow for testing and publishing Node.js packages
|
@Addausi is attempting to deploy a commit to the Consensys Team on Vercel. A member of the Team first needs to authorize it. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| mvn-toolchain-id: # optional | ||
| # Name of Maven Toolchain Vendor if the default name of "${distribution}" is not wanted. See examples of supported syntax in Advanced Usage file | ||
| mvn-toolchain-vendor: # optional | ||
|
|
There was a problem hiding this comment.
Malformed YAML breaks workflow with invalid syntax
The trivy-cache.yml workflow file has been corrupted by accidentally pasting the actions/setup-java action template at the top of the file. Line 1 contains invalid YAML syntax (--- - name: Setup Java JDK with content after the document separator on the same line). The Java setup configuration (lines 1-43) exists outside of any workflow structure and appears to be template/snippet text that was accidentally inserted. The actual workflow definition doesn't begin until line 45. This will cause the GitHub Actions workflow to fail with a YAML parsing error.
| - name: Build | ||
| run: | | ||
| npm install | ||
| grunt |
There was a problem hiding this comment.
Workflow references grunt which isn't a dependency
This workflow runs grunt after npm install, but grunt is not listed as a dependency in package.json. The project uses Docusaurus for building, not Grunt. This workflow will fail on every run because the grunt command won't be found. This appears to be a template workflow that was added without being adapted to this project's actual build system.
| - run: npm ci | ||
| - run: npm publish | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} |
There was a problem hiding this comment.
Publish workflow fails on private package
This workflow attempts to run npm publish when a release is created, but package.json has "private": true set. Publishing a private package to npm or GitHub Packages will fail with an error. This workflow appears to be a default template that was added without being configured for this project's actual publishing needs.
| with: | ||
| node-version: 20 | ||
| - run: npm ci | ||
| - run: npm test |
There was a problem hiding this comment.
Workflow runs npm test but no test script exists
The build job runs npm test but package.json does not define a test script. This will cause the build job to fail with "Missing script: test" error on every release, preventing the entire publish workflow from completing. The project's scripts include lint, typecheck, and build, but no test command.
|
1 participant
Description
Issue(s) fixed
Fixes #
Preview
Checklist
External contributor checklist
Note
Adds CI and security metadata.
npm-grunt.yml(Grunt build on Node 18/20/22 for pushes/PRs),npm-publish-github-packages.yml(test on release then publish to GitHub Packages), andtrivy-cache.yml(scheduled/PR Trivy cache update)SECURITY.mdwith supported versions and vulnerability reporting guidanceWritten by Cursor Bugbot for commit 5ce0cf1. This will update automatically on new commits. Configure here.