chore(husky): Fixes husky (#346)

Author: ryasmi

.github/workflows/node.yml

@@ -6,29 +6,60 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
-  build:
+  bundle-and-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+      - run: npm ci
+      - run: npx --no-install microbundle
+      - run: npx --no-install eslint src
+
+  test:
+    needs: bundle-and-lint
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
-        # Reduce at EOL - https://nodejs.org/en/about/releases/
-        node-version: [14.x, 16.x, 18.x]
+        # Reduce at EOL - https://github.com/nodejs/Release
+        node-version: [18.x, 20.x]
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
       - run: npm ci
-      - run: npx --no-install microbundle
-      - run: npx --no-install eslint src
       - run: npx --no-install jest
-      - name: Codecov
-        uses: codecov/[email protected]
-      - run: npx --no-install semantic-release
-        if: matrix.node-version == '18.x'
+      - uses: codecov/[email protected]
+  release:
+    needs: test
+    if: success() && github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+      - run: npm ci
+      - run: npx --no-install microbundle
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
+      - name: Release
         env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npx semantic-release

.husky/pre-commit

@@ -2,5 +2,4 @@
 . "$(dirname "$0")/_/husky.sh"
 
 npx --no-install jest --onlyChanged
-npx --no-install pretty-quick --staged
-npx --no-install eslint --cache --fix src
+npx --no-install lint-staged

.nvmrc

@@ -1 +1 @@
-18
+20