diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 8376d08a5..1b0a13ab7 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -120,10 +120,10 @@ jobs: - name: setup tools run: | echo "::group::install docs-gen deps" - npm run -- dev-setup:docs-gen --ignore-scripts --loglevel=silly + npm run -- dev-setup:tools:docs-gen --ignore-scripts --loglevel=silly echo "::endgroup::" echo "::group::install code-style deps" - npm run -- dev-setup:code-style --ignore-scripts --loglevel=silly + npm run -- dev-setup:tools:code-style --ignore-scripts --loglevel=silly echo "::endgroup::" - name: make reports dir run: mkdir -p "$REPORTS_DIR" @@ -147,6 +147,28 @@ jobs: path: ${{ env.REPORTS_DIR }} if-no-files-found: error + test-dependencies: + name: test dependencies + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout + # see https://github.com/actions/checkout + uses: actions/checkout@v4 + - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }} + # see https://github.com/actions/setup-node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODE_ACTIVE_LTS }} + # cache: "npm" + # cache-dependency-path: "**/package-lock.json" + - name: setup project + run: npm install --ignore-scripts --loglevel=silly + - name: setup tool + run: npm run -- dev-setup:tools:test-dependencies --ignore-scripts --loglevel=silly + - name: test + run: npm run -- test:dependencies -d + test-node: needs: [ 'build' ] name: test node (${{ matrix.node-version }}, ${{ matrix.os }}) @@ -483,7 +505,7 @@ jobs: npm install --ignore-scripts --loglevel=silly echo "::endgroup::" echo "::group::install docs-gen deps" - npm run -- dev-setup:docs-gen --ignore-scripts --loglevel=silly + npm run -- dev-setup:tools:docs-gen --ignore-scripts --loglevel=silly echo "::endgroup::" - name: api-doc ${{ matrix.target }} run: npm run api-doc:${{ matrix.target }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d8fdfadb7..b01956fbb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -120,10 +120,13 @@ jobs: - name: setup tools run: | echo "::group::install docs-gen deps" - npm run -- dev-setup:docs-gen --ignore-scripts --loglevel=silly + npm run -- dev-setup:tools:docs-gen --ignore-scripts --loglevel=silly echo "::endgroup::" echo "::group::install code-style deps" - npm run -- dev-setup:code-style --ignore-scripts --loglevel=silly + npm run -- dev-setup:tools:code-style --ignore-scripts --loglevel=silly + echo "::endgroup::" + echo "::group::install test-dependencies deps" + npm run -- dev-setup:tools:test-dependencies --ignore-scripts --loglevel=silly echo "::endgroup::" # no explicit npm build. if a build is required, it should be configured as prepublish/prepublishOnly script of npm. - name: login to registries diff --git a/knip.jsonc b/knip.jsonc new file mode 100644 index 000000000..11c620df0 --- /dev/null +++ b/knip.jsonc @@ -0,0 +1,17 @@ +{ + "$schema": "https://unpkg.com/knip@5/schema-jsonc.json", + "entry": [ + "src/index.node.ts!", + "src/index.web.ts!" + ], + "project": [ + "src/**!", + "res/**!", + "tests/**", + "!tests/_data/normalizeResults/**", + "!tests/_data/schemaTestData/**" + ], + "ignore": [ + "tools/**" + ] +} diff --git a/package.json b/package.json index 98b936d3a..365a5a9c9 100644 --- a/package.json +++ b/package.json @@ -170,8 +170,10 @@ }, "scripts": { "dev-setup": "npm i && run-p --aggregate-output -lc dev-setup:\\*", - "dev-setup:docs-gen": "npm --prefix tools/docs-gen install", - "dev-setup:code-style": "npm --prefix tools/code-style install", + "dev-setup:tools": "run-p --aggregate-output -lc dev-setup:tools:\\*", + "dev-setup:tools:docs-gen": "npm --prefix tools/docs-gen install", + "dev-setup:tools:code-style": "npm --prefix tools/code-style install", + "dev-setup:tools:test-dependencies": "npm --prefix tools/test-dependencies install", "dev-setup:examples": "run-p --aggregate-output -lc dev-setup:examples:\\*", "dev-setup:examples:js": "npm --prefix examples/node/javascript i --ignore-scripts", "dev-setup:examples:ts-cjs": "npm --prefix examples/node/typescript/example.cjs i --ignore-scripts", @@ -190,6 +192,7 @@ "test:web": "node -e 'console.log(\"TODO: write web test\")'", "test:lint": "tsc --noEmit", "test:standard": "npm --prefix tools/code-style exec -- eslint .", + "test:dependencies": "npm --prefix tools/test-dependencies exec -- knip --include dependencies,unlisted,unresolved --production", "cs-fix": "npm --prefix tools/code-style exec -- eslint --fix .", "api-doc": "run-p --aggregate-output -lc api-doc:\\*", "api-doc:node": "npm --prefix tools/docs-gen exec -- typedoc --options ./typedoc.node.json", diff --git a/tools/test-dependencies/.gitignore b/tools/test-dependencies/.gitignore new file mode 100644 index 000000000..c1b13780e --- /dev/null +++ b/tools/test-dependencies/.gitignore @@ -0,0 +1,4 @@ +* +!/.gitignore +!/package.json +!/.npmrc diff --git a/tools/test-dependencies/.npmrc b/tools/test-dependencies/.npmrc new file mode 100644 index 000000000..147970caf --- /dev/null +++ b/tools/test-dependencies/.npmrc @@ -0,0 +1,5 @@ +; see the docs: https://docs.npmjs.com/cli/v9/using-npm/config + +package-lock=false +engine-strict=true +omit=peer # don't install them automatically; we take cate of them! diff --git a/tools/test-dependencies/package.json b/tools/test-dependencies/package.json new file mode 100644 index 000000000..52d74061a --- /dev/null +++ b/tools/test-dependencies/package.json @@ -0,0 +1,11 @@ +{ + "private": true, + "name": "@cyclonedx/cyclonedx-javascript-library/tools/test-dependencies", + "license": "Apache-2.0", + "engines": { + "node": ">=20.18" + }, + "dependencies": { + "knip": "5.61.3" + } +}