GitHub Reusable Workflow: Node.js Continuous Integration

Node.js Continuous Integration

Release License Stars PRs Welcome

Overview

Workflow to performs continuous integration steps agains a Node.js project:

Permissions

Usage

name: Node.js Continuous Integration
on:
  push:
    branches:
      - main
permissions:
  contents: read
  security-events: write
  id-token: write
jobs:
  continuous-integration:
    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@4d7c1ed87c18493fc4c2dbae4dbde46cf251c9a7 # 0.16.1
    secrets:
      # Secrets to be used during the build step.
      # Must be a multi-line env formatted string.
      # Example:
      # ```txt
      # SECRET_EXAMPLE=$\
      # ```
      build-secrets: ""
    with:
      # JSON array of runner(s) to use.
      # See https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job.
      #
      # Default: `["ubuntu-latest"]`
      runs-on: '["ubuntu-latest"]'

      # Build parameters. Must be a string or a JSON object.
      # For string, provide a list of commands to run during the build step, one per line.
      # For JSON object, provide the following properties:
      #
      # - `commands`: Array of commands to run during the build step.
      # - `env`: Object of environment variables to set during the build step.
      # - `artifact`: String or array of strings specifying paths to artifacts to upload after the build
      #
      # Example:
      # ```json
      # {
      # "commands": [
      # "build",
      # "generate-artifacts"
      # ],
      # "env": {
      # "CUSTOM_ENV_VAR": "value"
      # },
      # "artifact": [
      # "dist/",
      # "packages/package-a/build/"
      # ]
      # }
      # ```
      #
      # Default: `build`
      build: build

      # Optional flag to enable check steps.
      # Default: `true`
      checks: true

      # Optional flag to enable linting.
      # Default: `true`
      lint: true

      # Code QL analysis language. See <https://github.com/github/codeql-action>.
      # Default: `typescript`
      code-ql: typescript

      # Enable dependency review scan. See <https://github.com/actions/dependency-review-action>.
      # Default: `true`
      dependency-review: true

      # Optional flag to enable test.
      # Default: `true`
      test: true

      # Specify code coverage reporter. Supported values: `codecov`.
      # Default: `codecov`
      coverage: codecov

      # Working directory where the dependencies are installed.
      # Default: `.`
      working-directory: .

      # Docker container image to run CI steps in. When specified, steps will execute inside this container instead of checking out code. The container should have the project code and dependencies pre-installed.
      container: ""

Inputs

Workflow Call Inputs

Input Description Required Type Default
runs-on JSON array of runner(s) to use. false string ["ubuntu-latest"]
  See https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job.      
build Build parameters. Must be a string or a JSON object. false string build
  For string, provide a list of commands to run during the build step, one per line.      
  For JSON object, provide the following properties:      
         
  - commands: Array of commands to run during the build step.      
  - env: Object of environment variables to set during the build step.      
  - artifact: String or array of strings specifying paths to artifacts to upload after the build      
         
  Example:      
  <pre lang="json">{ “commands”: [ “build”, “generate-artifacts” ], “env”: { “CUSTOM_ENV_VAR”: “value” }, “artifact”: [ “dist/”, “packages/package-a/build/” ] }</pre>      
checks Optional flag to enable check steps. false boolean true
lint Optional flag to enable linting. false boolean true
code-ql Code QL analysis language. See https://github.com/github/codeql-action. false string typescript
dependency-review Enable dependency review scan. See https://github.com/actions/dependency-review-action. false boolean true
test Optional flag to enable test. false boolean true
coverage Specify code coverage reporter. Supported values: codecov. false string codecov
working-directory Working directory where the dependencies are installed. false string .
container Docker container image to run CI steps in. When specified, steps will execute inside this container instead of checking out code. The container should have the project code and dependencies pre-installed. false string -

Secrets

Secret Description Required
build-secrets Secrets to be used during the build step. false
  Must be a multi-line env formatted string.  
  Example:  
  <pre lang="txt">SECRET_EXAMPLE=$</pre>  

Examples

Continuous Integration, build and publish

name: Continuous Integration - Build and Publish

name: Nodejs Continuous Integration

on:
  push:
    branches: [main]

jobs:
  continuous-integration:
    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@4d7c1ed87c18493fc4c2dbae4dbde46cf251c9a7 # 0.16.1
    permissions:
      id-token: write
      security-events: write
      contents: read
    with:
      build: |
        {
          "commands": ["build"],
          "artifact": "dist"
        }

  publish:
    needs: continuous-integration
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4.2.2

      - name: Setup NodeJS
        uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@0.2.2

      - name: Download build artifact
        uses: actions/download-artifact@v2
        with:
          name: build
          path: /

      - name: Publish
        run: |
          npm publish dist
        env:
          NODE_AUTH_TOKEN: $

Continuous Integration in a Docker container

This example runs CI checks inside a pre-built Docker container that contains the project code and dependencies. This ensures the same environment that will be deployed to production is tested.

name: Continuous Integration - Container Mode

on:
  push:
    branches: [main]

jobs:
  # Build the Docker image with project code and dependencies
  build-image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4.2.2

      - name: Build Docker image
        run: |
          docker build -t my-app:$ .

      - name: Push to registry
        run: |
          docker tag my-app:$ ghcr.io/$:$
          docker push ghcr.io/$:$

  # Run CI checks inside the Docker container
  continuous-integration:
    needs: build-image
    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@4d7c1ed87c18493fc4c2dbae4dbde46cf251c9a7 # 0.16.1
    permissions:
      id-token: write
      security-events: write
      contents: read
    with:
      container: ghcr.io/$:$
      # When using container mode, code-ql and dependency-review are typically disabled
      # as they require repository checkout
      code-ql: ""
      dependency-review: false
      # Specify which build/test commands to run (they should exist in package.json)
      build: "" # Skip build as it was done in the Docker image
      lint: true
      test: true

Contributing

Contributions are welcome! Please see the contributing guidelines for more details.

License

This project is licensed under the MIT License.

SPDX-License-Identifier: MIT

Copyright © 2025 hoverkraft-tech

For more details, see the license.

This documentation was automatically generated by CI Dokumentor.