set up ci

avivkeller · avivkeller · commit ee826b756c00 · 2025-04-20T11:24:06.000-04:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -60,7 +60,6 @@ updates:
           - 'react'
           - 'react-dom'
           - '@types/react'
-          - '@types/react-dom'
       tailwind:
         patterns:
           - '@savvywombat/tailwindcss-grid-areas'
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -16,6 +16,7 @@ on:
     types:
       - labeled
   merge_group:
+  workflow_dispatch:
 
 defaults:
   run:
@@ -26,15 +27,18 @@ permissions:
   contents: read
   actions: read
 
+env:
+  # See https://turbo.build/repo/docs/reference/command-line-reference/run#--cache-dir
+  TURBO_ARGS: --cache-dir=.turbo/cache
+  # See https://turbo.build/repo/docs/reference/command-line-reference/run#--force
+  TURBO_FORCE: true
+
 jobs:
   build:
-    # This Job should run either on `merge_groups` or `push` events
+    # This Job should run either on non-`pull_request_target` events,
     # or `pull_request_target` event with a `labeled` action with a label named `github_actions:pull-request`
-    # since we want to run Website Builds on all these 3 occasions. As this allows us to be certain the that builds are passing
-    if: |
-      (github.event_name == 'push' || github.event_name == 'merge_group') ||
-      (github.event_name == 'pull_request_target' &&
-        github.event.label.name == 'github_actions:pull-request')
+    # since we want to run Website Builds on all these occasions. As this allows us to be certain the that builds are passing
+    if: github.event_name != 'pull_request_target' || github.event.label.name == 'github_actions:pull-request'
 
     name: Build on ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
@@ -50,14 +54,6 @@ jobs:
         with:
           egress-policy: audit
 
-      - name: Provide Turborepo Arguments
-        # This step is responsible for providing a reusable string that can be used within other steps and jobs
-        # that use the `turbo` cli command as a way of easily providing shared arguments to the `turbo` command
-        id: turborepo_arguments
-        # See https://turbo.build/repo/docs/reference/command-line-reference/run#--cache-dir
-        # See https://turbo.build/repo/docs/reference/command-line-reference/run#--force
-        run: echo "turbo_args=--force=true --cache-dir=.turbo/cache" >> "$GITHUB_OUTPUT"
-
       - name: Use GNU tar instead BSD tar
         # This ensures that we use GNU `tar` which is more efficient for extracting caches's
         if: matrix.os == 'windows-latest'
@@ -78,34 +74,31 @@ jobs:
 
       - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
-          # See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
-          path: |
-            ~/.npm
-            ${{ github.workspace }}/apps/site/.next/cache
-          # Generate a new cache whenever packages or source files change.
-          key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
-          # If source files changed but packages didn't, rebuild from a prior cache.
-          restore-keys: |
-            ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
+          path: ${{ github.workspace }}/apps/site/.next/cache
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
+          restore-keys: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: true
 
       - name: Set up Node.js
         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
         with:
           # We want to ensure that the Node.js version running here respects our supported versions
           node-version-file: '.nvmrc'
-          cache: 'npm'
+          cache: 'pnpm'
 
-      - name: Install npm packages
-        # We want to avoid npm from running the Audit Step and Funding messages on a CI environment
-        # We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted
-        # We also use `--omit=dev` to avoid installing devDependencies as we don't need them during the build step
-        run: npm i --no-audit --no-fund --userconfig=/dev/null --omit=dev
+      - name: Install packages
+        # We only want to install required production packages
+        run: pnpm install --prod --no-optional
 
       - name: Build Next.js (ISR)
         # We want a ISR build on CI to ensure that regular Next.js builds work as expected.
-        # We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
-        # the `${{ steps.turborepo_arguments.outputs.turbo_args }}` is a string substitution coming from a previous step
-        run: npx --package=turbo@latest -- turbo build ${{ steps.turborepo_arguments.outputs.turbo_args }}
+        run: pnpm build -- ${{ env.TURBO_ARGS }}
         env:
           # We want to ensure we have enough RAM allocated to the Node.js process
           # this should be a last resort in case by any chances the build memory gets too high
@@ -118,9 +111,7 @@ jobs:
         # We only run full static builds within Pull Requests. This step is also used to export
         # static output in all languages, and it only works on `push` events.
         if: github.event_name == 'push'
-        # We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
-        # the `${{ steps.turborepo_arguments.outputs.turbo_args }}` is a string substitution coming from a previous step
-        run: npx --package=turbo@latest -- turbo deploy ${{ steps.turborepo_arguments.outputs.turbo_args }}
+        run: pnpm deploy -- ${{ env.TURBO_ARGS }}
         env:
           # We want to ensure we have enough RAM allocated to the Node.js process
           # this should be a last resort in case by any chances the build memory gets too high
@@ -139,9 +130,7 @@ jobs:
         if: |
           (github.event_name == 'pull_request_target' &&
             github.event.pull_request.head.ref != 'chore/crowdin')
-        # We want to enforce that the actual `turbo@latest` package is used instead of a possible hijack from the user
-        # the `${{ steps.turborepo_arguments.outputs.turbo_args }}` is a string substitution coming from a previous step
-        run: npx --package=turbo@latest -- turbo deploy ${{ steps.turborepo_arguments.outputs.turbo_args }}
+        run: pnpm deploy -- ${{ env.TURBO_ARGS }}
         env:
           # We want to ensure we have enough RAM allocated to the Node.js process
           # this should be a last resort in case by any chances the build memory gets too high
@@ -154,14 +143,12 @@ jobs:
 
       - name: Sync Orama Cloud
         # We only want to sync the Orama Cloud production indexes on `push` events.
-        # We also want to sync the Orama Cloud preview (deployment) indexes on `pull_request_target` events.
+        # We also want to sync the Orama Cloud preview (deployment) indexes on `pull_request_target` events (or manual triggers).
         # We also want to ensure that the sync only happens on the `ubuntu-latest` runner to avoid duplicate syncs
         # or Windows-based path issues.
         env:
           ORAMA_INDEX_ID: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_INDEX_ID || secrets.ORAMA_INDEX_ID }}
           ORAMA_SECRET_KEY: ${{ github.event_name == 'push' && secrets.ORAMA_PRODUCTION_SECRET_KEY || secrets.ORAMA_SECRET_KEY }}
-        if: |
-          (matrix.os == 'ubuntu-latest') &&
-          ((github.event_name == 'push') || (github.event_name == 'pull_request_target'))
-        run: |
-          cd apps/site && npm run sync-orama
+        if: matrix.os == 'ubuntu-latest' && github.event_name !== 'merge_group'
+        working-directory: apps/site
+        run: pnpm sync-orama
diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
@@ -16,6 +16,7 @@ on:
       - main
     types:
       - labeled
+  workflow_dispatch:
 
 defaults:
   run:
@@ -36,9 +37,8 @@ jobs:
     # introduce changes to the Storybook. Hence, we skip running these on Crowdin PRs and Dependabot PRs
     # sha reference has no stable git tag reference or URL. see https://github.com/chromaui/chromatic-cli/issues/797
     if: |
-      github.event_name == 'push' || github.event_name == 'merge_group' ||
+      github.event_name != 'pull_request_target' ||
       (
-        github.event_name == 'pull_request_target' &&
         github.event.label.name == 'github_actions:pull-request' &&
         startsWith(github.event.pull_request.head.ref, 'dependabot/') == false &&
         github.event.pull_request.head.ref != 'chore/crowdin'
@@ -66,22 +66,29 @@ jobs:
           # previous changes and previous commits and determine which Storybooks should be tested against and what should be built
           fetch-depth: 0
 
+      - name: Set up pnpm
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: true
+
       - name: Set up Node.js
         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
         with:
           # We want to ensure that the Node.js version running here respects our supported versions
           node-version-file: '.nvmrc'
-          cache: 'npm'
+          cache: 'pnpm'
 
-      - name: Install npm packages
-        # We want to avoid npm from running the Audit Step and Funding messages on a CI environment
-        # We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted
-        run: npm i --no-audit --no-fund --userconfig=/dev/null
+      - name: Install packages
+        run: pnpm install
 
       - name: Start Visual Regression Tests (Chromatic)
         # This assigns the Environment Deployment for Storybook
+        # This action must be manually updated to the latest commit from
+        # https://github.com/chromaui/action
         id: chromatic-deploy
-        uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c
+        uses: chromaui/action@e8cc4c31775280b175a3c440076c00d19a9014d7 # v11.28.2
         with:
           workingDir: packages/ui-components
           buildScriptName: storybook:build
diff --git a/.github/workflows/lint-and-tests.yml b/.github/workflows/lint-and-tests.yml
@@ -55,7 +55,6 @@ jobs:
         with:
           path: |
             .turbo/cache
-            node_modules/.cache
             .eslintmdcache
             .stylelintcache
             .prettiercache
@@ -64,22 +63,27 @@ jobs:
           # as they will only run on files that have changed since the last cached run
           # this might of course lead to certain files not being checked against the linter, but the chances
           # of such situation from happening are very slim as the checksums of both files would need to match
-          key: cache-lint-${{ hashFiles('package-lock.json') }}-
+          key: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('.turbo/cache/**') }}
           restore-keys: |
-            cache-lint-${{ hashFiles('package-lock.json') }}-
+            cache-lint-${{ hashFiles('pnpm-lock.yaml') }}-
             cache-lint-
 
       - name: Set up pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda #v4.1.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
         with:
           # We want to ensure that the Node.js version running here respects our supported versions
           node-version-file: '.nvmrc'
           cache: true
 
-      - name: Install npm packages
-        # We want to avoid npm from running the Audit Step and Funding messages on a CI environment
-        # We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted
-        run: npm i --no-audit --no-fund --ignore-scripts --userconfig=/dev/null
+      - name: Set up Node.js
+        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+
+      - name: Install packages
+        run: pnpm install
 
       - name: Run quality checks with `turbo`
         # We run the ESLint and Prettier commands on all Workflow triggers of the `Lint` job, besides if
@@ -88,7 +92,7 @@ jobs:
         if: |
           (github.event_name == 'push' || github.event_name == 'merge_group') ||
           (github.event_name == 'pull_request' && github.event.pull_request.head.ref != 'chore/crowdin')
-        run: npx turbo lint check-types prettier
+        run: pnpm exec turbo lint check-types prettier
 
       - name: Save Lint Cache
         # We only want to save caches on `push` events or `pull_request_target` events
@@ -105,11 +109,10 @@ jobs:
         with:
           path: |
             .turbo/cache
-            node_modules/.cache
             .eslintmdcache
             .stylelintcache
             .prettiercache
-          key: cache-lint-${{ hashFiles('package-lock.json') }}-${{ hashFiles('.turbo/cache/**') }}
+          key: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('.turbo/cache/**') }}
 
   tests:
     name: Tests
@@ -124,22 +127,27 @@ jobs:
       - name: Git Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
+      - name: Set up pnpm
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: true
+
       - name: Set up Node.js
         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
         with:
           # We want to ensure that the Node.js version running here respects our supported versions
           node-version-file: '.nvmrc'
-          cache: 'npm'
+          cache: 'pnpm'
 
-      - name: Install npm packages
-        # We want to avoid npm from running the Audit Step and Funding messages on a CI environment
-        # We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted
-        run: npm i --no-audit --no-fund --userconfig=/dev/null
+      - name: Install packages
+        run: pnpm install
 
       - name: Run Unit Tests
         # We want to run Unit Tests in every circumstance, including Crowdin PRs and Dependabot PRs to ensure
         # that changes to dependencies or translations don't break the Unit Tests
-        run: npm run test:ci
+        run: pnpm test:ci
 
       - name: Upload test coverage to Codecov
         if: ${{ !cancelled() && github.event_name != 'merge_group' }}
diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml
@@ -88,32 +88,37 @@ jobs:
           # as they will only run on files that have changed since the last cached run
           # this might of course lead to certain files not being checked against the linter, but the chances
           # of such situation from happening are very slim as the checksums of both files would need to match
-          key: cache-lint-${{ hashFiles('package-lock.json') }}-
+          key: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/site/.eslintmdcache') }}
           restore-keys: |
-            cache-lint-${{ hashFiles('package-lock.json') }}-
+            cache-lint-${{ hashFiles('pnpm-lock.yaml') }}-
             cache-lint-
 
+      - name: Set up pnpm
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        with:
+          # We want to ensure that the Node.js version running here respects our supported versions
+          node-version-file: '.nvmrc'
+          cache: true
+
       - name: Set up Node.js
         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
         with:
           # We want to ensure that the Node.js version running here respects our supported versions
           node-version-file: '.nvmrc'
-          cache: 'npm'
+          cache: 'pnpm'
 
-      - name: Install npm packages
-        # We want to avoid npm from running the Audit Step and Funding messages on a CI environment
-        # We also use `npm i` instead of `npm ci` so that the node_modules/.cache folder doesn't get deleted
-        run: npm i --no-audit --no-fund --ignore-scripts --userconfig=/dev/null
+      - name: Install packages
+        run: pnpm install
 
       - name: Run `npx lint:md --fix`
         # This runs a specific version of ESLint with only the Translation Pages Globbing
         # This avoid that unrelated changes get linted/modified within this PR
-        run: npx eslint "apps/site/pages/**/*.md?(x)" --fix --cache --cache-strategy=metadata --cache-file=apps/site/.eslintmdcache --config=apps/site/eslint.config.js
+        run: pnpm exec eslint "apps/site/pages/**/*.md?(x)" --fix --cache --cache-strategy=metadata --cache-file=apps/site/.eslintmdcache --config=apps/site/eslint.config.js
 
       - name: Run `npx prettier --write`
         # This runs a specific version of Prettier with only the Translation Pages Globbing
         # This avoid that unrelated changes get prettied/modified within this PR
-        run: npx prettier "apps/site/{pages,i18n}/**/*.{json,md,mdx}" --check --write --cache --cache-strategy=metadata --cache-location=apps/site/.prettiercache
+        run: pnpm exec prettier "apps/site/{pages,i18n}/**/*.{json,md,mdx}" --check --write --cache --cache-strategy=metadata --cache-location=apps/site/.prettiercache
 
       - name: Push Changes back to Pull Request
         uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
@@ -128,4 +133,4 @@ jobs:
           path: |
             apps/site/.eslintmdcache
             apps/site/.prettiercache
-          key: cache-lint-${{ hashFiles('package-lock.json') }}-${{ hashFiles('apps/site/.eslintmdcache') }}
+          key: cache-lint-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/site/.eslintmdcache') }}
