Build/update GitHub actions

.github/workflows/codeql-analysis.yml

@@ -39,11 +39,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5

.github/workflows/commitlint.yml

@@ -6,16 +6,16 @@ jobs:
     if: github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: 22
 
       - run: yarn install --immutable
 
-      - uses: wagoid/commitlint-github-action@v5
+      - uses: wagoid/commitlint-github-action@9763196e10f27aef304c9b8b660d31d97fce0f99 # v5.5.1
         env:
           NODE_PATH: ${{ github.workspace }}/node_modules

.github/workflows/deploy.yml

@@ -8,26 +8,27 @@ on:
     branches: [master]
 
 jobs:
-  deploy:
-    if: "!contains(github.event.head_commit.message, 'skip ci')"
+  setup:
+    if: "${{!contains(github.event.head_commit.message, 'skip ci') && !contains(github.event.head_commit.message, 'Release: Version Updates')}}"
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
-          token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 0
           ref: 'master'
 
       # - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
       - name: Derive appropriate SHAs for base and head for `nx affected` commands
-        uses: nrwl/nx-set-shas@v3
+        uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3
         with:
           main-branch-name: 'master'
 
       - name: Set Node Version
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: 22
 
@@ -37,7 +38,7 @@ jobs:
           echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
 
       - name: Restore yarn cache
-        uses: actions/cache@v3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         id: yarn-cache
         with:
           path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -60,33 +61,116 @@ jobs:
       - name: Unit Tests
         run: yarn test:ci
 
-      - name: Upload coverage report
-        uses: codecov/codecov-action@v3
+  publish:
+    if: "${{!contains(github.event.head_commit.message, 'skip ci') && !contains(github.event.head_commit.message, 'Release: Version Updates')}}"
+    needs: [setup]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Required for git push and creating tags
+      pull-requests: write # Required for creating pull requests
+    steps:
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          fetch-depth: 0
+          ref: 'master'
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Derive appropriate SHAs for base and head for `nx affected` commands
+        uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3
+        with:
+          main-branch-name: 'master'
+
+      - name: Set Node Version
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          file: ./coverage/coverage-final.json
-          token: ${{ secrets.CODECOV_TOKEN }}
+          node-version: 22
+          cache: 'yarn'
+          cache-dependency-path: 'yarn.lock'
+
+      - name: Install Dependencies
+        run: yarn install --immutable
+
+      - name: Build Packages
+        run: yarn build
 
       - name: Setup Publish Config
         run: |
           yarn config set npmAuthToken "${{ secrets.NPM_TOKEN }}"
-          git config --global user.email ${{ secrets.GH_EMAIL }}
-          git config --global user.name ${{ secrets.GH_USER }}
+          git config user.email ${{ secrets.GH_EMAIL }}
+          git config user.name ${{ secrets.GH_USER }}
+          # Reset .yarnrc.yml to prevent committing
+          git checkout -- .yarnrc.yml
 
-      - name: Publish
+      - name: Version Packages
         run: |
           yarn nx affected --target version --parallel=1
+
+      - name: Check for Version Changes
+        id: changes
+        run: |
+          git status
+          git diff --name-only
+          # Check for changes excluding .yarnrc.yml
+          if git diff --quiet HEAD -- ':!.yarnrc.yml'; then
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "No version changes detected (excluding .yarnrc.yml)"
+          else
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+            echo "Version changes detected (excluding .yarnrc.yml)"
+          fi
+          echo "Output set to: $(cat $GITHUB_OUTPUT | grep has_changes)"
+
+      - name: Publish
+        if: steps.changes.outputs.has_changes == 'true'
+        run: |
           yarn nx affected --target publish --parallel=1
-          git push && git push --tags
 
-      - name: Build Docs and Storybook
+      - name: Create Release PR
+        if: steps.changes.outputs.has_changes == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "Creating PR because changes detected: ${{ steps.changes.outputs.has_changes }}"
+          git push origin --delete release/version-updates || true
+          git checkout -b release/version-updates
+          git push origin release/version-updates
+          git push origin --tags
+          gh pr create --title "Release: Version Updates" --body "Automated release PR with version updates and package publications." --base master --head release/version-updates
+
+  deploy-docs:
+    if: "${{!contains(github.event.head_commit.message, 'skip ci') && !contains(github.event.head_commit.message, 'Release: Version Updates')}}"
+    needs: [publish]
+    runs-on: ubuntu-latest
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          fetch-depth: 0
+          ref: 'master'
+
+      - name: Set Node Version
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22
+          cache: 'yarn'
+          cache-dependency-path: 'yarn.lock'
+
+      - name: Install Dependencies
+        run: yarn install --immutable
+
+      - name: Build Docs
         run: yarn deploy:ci
 
-      - name: Deploy Docs and Storybook
-        uses: crazy-max/ghaction-github-pages@v3
+      - name: Upload Pages Artifact
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
-          target_branch: gh-pages
-          build_dir: docusaurus/build
-          commit_message: deployed docs [skip ci]
-          committer: ${{ secrets.GH_USER }} ${{ secrets.GH_EMAIL }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          path: docusaurus/build
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

.github/workflows/pr-build.yml

@@ -4,12 +4,11 @@
 # If adding a step that requires SECRETS or GITHUB WRITE PERMISSIONS be sure to have dependabot skip it.
 # > if: ${{ github.actor != 'dependabot[bot]' }}
 
-name: Node.js CI
+name: Pull Request Build
 
 on:
   pull_request:
     branches: [master]
-  merge_group:
 
 jobs:
   # This job will:
@@ -24,17 +23,17 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
 
       - name: Derive appropriate SHAs for base and head for `nx affected` commands
-        uses: nrwl/nx-set-shas@v3
+        uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3
         with:
           main-branch-name: 'master'
 
       - name: Set Node Version
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: ${{ matrix.node }}
 
@@ -43,7 +42,7 @@ jobs:
         run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
 
       - name: Restore yarn cache
-        uses: actions/cache@v3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         id: yarn-cache
         with:
           path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -69,28 +68,10 @@ jobs:
       - name: Version Bump Dry Run
         run: yarn version:dry-run
 
-      - name: Upload coverage report
-        if: ${{ github.actor != 'dependabot[bot]' }}
-        uses: codecov/codecov-action@v3 # FIXME: no CI provider detected
-        with:
-          file: ./coverage/coverage-final.json
-          token: ${{ secrets.CODECOV_TOKEN }}
-
       - name: Build Docs
+        if: ${{ matrix.node == 22 }}
         run: yarn build:docs
 
       - name: Build Storybook
+        if: ${{ matrix.node == 22 }}
         run: yarn build:storybook
-#       TODO: fix Netlify draft deploys, investigate gh-pages for draft docs
-#         if: github.actor != 'dependabot[bot]'
-#       - name: Deploy draft to Netlify
-#         uses: South-Paw/action-netlify-deploy@v1.0.4
-#         if: github.actor != 'dependabot[bot]'
-#         with:
-#           github-token: ${{ secrets.BOT_TOKEN }}
-#           netlify-auth-token: ${{ secrets.NETLIFY_DEPLOY_KEY }}
-#           netlify-site-id: ${{ secrets.NETLIFY_SITE_API_ID }}
-#           config-path: './netlify.toml'
-#           build-dir: './docusaurus/build'
-#           draft: true
-#           comment-on-pull-request: true

package.json

@@ -44,7 +44,6 @@
     "clean:locks": "rm yarn.lock",
     "clean:storybook": "rm -rf storybook-docs/ storybook-static/",
     "clean:nuke": "yarn clean && rm -rf node_modules/",
-    "codecov:ci": "codecov",
     "deploy:ci": "yarn build:docs && yarn build:storybook:netlify",
     "deploy:docs": "nx deploy @availity/dinosaurdocs",
     "dev": "nx run-many --target=dev --all",
@@ -94,7 +93,6 @@
     "availity-uikit": "^4.7.2",
     "babel-loader": "^9.2.1",
     "babel-preset-react-app": "^10.1.0",
-    "codecov": "^3.8.3",
     "conventional-changelog-cli": "^4.1.0",
     "css-loader": "^5.2.7",
     "dependency-check": "^4.1.0",

packages/analytics/package.json

@@ -25,7 +25,7 @@
     "publish:canary": "yarn npm publish --access public --tag canary"
   },
   "dependencies": {
-    "@availity/analytics-core": "^5.0.11",
+    "@availity/analytics-core": "^6.0.5",
     "prop-types": "^15.8.1"
   },
   "devDependencies": {

packages/authorize/package.json

@@ -35,16 +35,16 @@
     "@tanstack/react-query": "^4.36.1"
   },
   "devDependencies": {
-    "@availity/api-axios": "^11.0.0",
-    "axios": "^1.8.4",
+    "@availity/api-axios": "^11.2.2",
+    "axios": "^1.12.2",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "tsup": "^8.4.0",
     "typescript": "^5.5.4"
   },
   "peerDependencies": {
     "@availity/api-axios": "^11.0.0",
-    "axios": "^1.8.2",
+    "axios": "^1.12.2",
     "react": "^18.0.0",
     "react-dom": "^18.0.0"
   },

packages/avatar/package.json

@@ -32,14 +32,14 @@
     "react-loading-skeleton": "^2.2.0"
   },
   "devDependencies": {
-    "@availity/api-axios": "^11.0.0",
-    "axios": "^1.8.4",
+    "@availity/api-axios": "^11.2.2",
+    "axios": "^1.12.2",
     "react": "^18.3.1",
     "react-dom": "^18.3.1"
   },
   "peerDependencies": {
     "@availity/api-axios": "^11.0.0",
-    "axios": "^1.8.2",
+    "axios": "^1.12.2",
     "react": "^18.0.0"
   },
   "publishConfig": {

packages/change-password/package.json

@@ -35,15 +35,15 @@
     "prop-types": "^15.8.1"
   },
   "devDependencies": {
-    "@availity/api-axios": "^11.0.0",
-    "axios": "^1.8.4",
+    "@availity/api-axios": "^11.2.2",
+    "axios": "^1.12.2",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "reactstrap": "^8.10.1"
   },
   "peerDependencies": {
     "@availity/api-axios": "^11.0.0",
-    "axios": "^1.8.2",
+    "axios": "^1.12.2",
     "react": "^18.0.0",
     "reactstrap": "^8.10.1"
   },