Support JavaScript dependency installation in reusable GitHub Workflow

JohT · JohT · commit 48f9a667b59e · 2025-12-18T20:32:21.000+01:00
diff --git a/.github/workflows/internal-typescript-code-analysis.yml b/.github/workflows/internal-typescript-code-analysis.yml
@@ -46,78 +46,23 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       analysis-name: ${{ steps.set-analysis-name.outputs.analysis-name }}
-      sources-upload-name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
+      project-version: ${{ env.REACT_ROUTER_VERSION }}
 
     env: 
       PROJECT_NAME: react-router
       # Version variable name matches renovate.json configuration entry
       REACT_ROUTER_VERSION: 6.30.2
 
-    steps:
-    - name: (Prepare Code to Analyze) Checkout GIT repository
-      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
- 
-    
+    steps:   
     - name: Set Set output variable 'analysis-name'
       id: set-analysis-name
       run: echo "analysis-name=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> "$GITHUB_OUTPUT"
-    
-    - name: Setup temp directory if missing
-      run: mkdir -p ./temp
-
-    - name: Setup Cache for "temp/downloads" folder
-      uses: actions/cache@v4
-      with:
-        path: ./temp/downloads
-        key:
-          ${{ runner.os }}-${{ hashFiles('**/*.sh') }}
-
-    - name: Download ${{ steps.set-analysis-name.outputs.analysis-name }}
-      working-directory: temp
-      run: |
-        mkdir -p ${{ steps.set-analysis-name.outputs.analysis-name }}
-        cd ${{ steps.set-analysis-name.outputs.analysis-name }}
-        echo "Working directory: $( pwd -P )"
-        ./../../scripts/downloader/downloadReactRouter.sh ${{ env.REACT_ROUTER_VERSION }}
-
-    - name: (Prepare Code to Analyze) Setup pnpm for react-router
-      uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-      with:
-        package_json_file: temp/${{ steps.set-analysis-name.outputs.analysis-name }}/source/${{ steps.set-analysis-name.outputs.analysis-name }}/package.json
-          
-    - name: (Prepare Code to Analyze) Install dependencies with pnpm
-      working-directory: temp/${{ steps.set-analysis-name.outputs.analysis-name }}/source/${{ steps.set-analysis-name.outputs.analysis-name }}
-      run: pnpm install --frozen-lockfile --strict-peer-dependencies
-
-    - name: Debug folder structure in temp directory
-      if: runner.debug == '1'
-      working-directory: temp
-      run: |
-        ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/   /' -e 's/-/|/'
-
-    - name: (Prepare Code to Analyze) Generate ARTIFACT_UPLOAD_ID
-      run: echo "ARTIFACT_UPLOAD_ID=$(LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 10)" >> $GITHUB_ENV
- 
-    - name: (Prepare Code to Analyze) Set sources-upload-name
-      id: set-sources-upload-name
-      run: echo "sources-upload-name=${{ steps.set-analysis-name.outputs.analysis-name }}-analysis-sources_input-${{ env.ARTIFACT_UPLOAD_ID }}" >> "$GITHUB_OUTPUT"
-    
-    - name: (Prepare Code to Analyze) Upload code to analyze
-      if: success()
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
-      with:
-        name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
-        path: ./temp/${{ steps.set-analysis-name.outputs.analysis-name }}/source
-        include-hidden-files: true
-        if-no-files-found: error
-        retention-days: 1
-
-
 
   analyze-code-graph:
     needs: [prepare-code-to-analyze]
     uses: ./.github/workflows/public-analyze-code-graph.yml
     with:
       analysis-name: ${{ needs.prepare-code-to-analyze.outputs.analysis-name }}
-      sources-upload-name: ${{ needs.prepare-code-to-analyze.outputs.sources-upload-name }}
+      source-repository: https://github.com/remix-run/react-router.git
+      source-repository-branch: react-router@${{ needs.prepare-code-to-analyze.outputs.project-version }}
       jupyter-pdf: "false"
diff --git a/.github/workflows/internal-typescript-upload-code-example.yml b/.github/workflows/internal-typescript-upload-code-example.yml
@@ -0,0 +1,124 @@
+name: Typescript Code Upload Example for Graph Analysis
+
+on:
+  push:
+    branches:
+      - main
+    # Ignore changes in documentation, general configuration and reports for push events
+    paths-ignore: 
+      - '**/*.md'
+      - '**/*.txt'
+      - '!requirements.txt'
+      - '**/*.css'
+      - '**/*.html'
+      - '**/*.js'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'renovate.json'
+      - 'renovate-presets/**'
+      - 'changelogTemplate.mustache'
+      - '**.code-workspace'
+      - '.github/workflows/internal-java-code-analysis.yml'
+      - '.github/workflows/*documentation.yml'
+  pull_request:
+    branches:
+      - main
+    # Ignore changes in documentation, general configuration and reports for pull request events
+    paths-ignore: 
+      - '**/*.md'
+      - '**/*.txt'
+      - '!requirements.txt'
+      - '**/*.css'
+      - '**/*.html'
+      - '**/*.js'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'renovate.json'
+      - 'renovate-presets/**'
+      - 'changelogTemplate.mustache'
+      - '**.code-workspace'
+      - '.github/workflows/internal-java-code-analysis.yml'
+      - '.github/workflows/*documentation.yml'
+
+jobs:
+
+  prepare-code-to-analyze:
+    runs-on: ubuntu-latest
+    outputs:
+      analysis-name: ${{ steps.set-analysis-name.outputs.analysis-name }}
+      sources-upload-name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
+
+    env: 
+      PROJECT_NAME: react-router
+      # Version variable name matches renovate.json configuration entry
+      REACT_ROUTER_6_VERSION: 6.30.2
+
+    steps:
+    - name: (Prepare Code to Analyze) Checkout GIT repository
+      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
+ 
+    
+    - name: Set Set output variable 'analysis-name'
+      id: set-analysis-name
+      run: echo "analysis-name=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_6_VERSION }}" >> "$GITHUB_OUTPUT"
+    
+    - name: Setup temp directory if missing
+      run: mkdir -p ./temp
+
+    - name: Setup Cache for "temp/downloads" folder
+      uses: actions/cache@v4
+      with:
+        path: ./temp/downloads
+        key:
+          ${{ runner.os }}-${{ hashFiles('**/*.sh') }}
+
+    - name: Download ${{ steps.set-analysis-name.outputs.analysis-name }}
+      working-directory: temp
+      run: |
+        mkdir -p ${{ steps.set-analysis-name.outputs.analysis-name }}
+        cd ${{ steps.set-analysis-name.outputs.analysis-name }}
+        echo "Working directory: $( pwd -P )"
+        ./../../scripts/downloader/downloadReactRouter.sh ${{ env.REACT_ROUTER_6_VERSION }}
+
+    - name: (Prepare Code to Analyze) Setup pnpm for react-router
+      uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+      with:
+        package_json_file: temp/${{ steps.set-analysis-name.outputs.analysis-name }}/source/${{ steps.set-analysis-name.outputs.analysis-name }}/package.json
+          
+    - name: (Prepare Code to Analyze) Install dependencies with pnpm
+      working-directory: temp/${{ steps.set-analysis-name.outputs.analysis-name }}/source/${{ steps.set-analysis-name.outputs.analysis-name }}
+      run: pnpm install --frozen-lockfile --strict-peer-dependencies
+
+    - name: Debug folder structure in temp directory
+      if: runner.debug == '1'
+      working-directory: temp
+      run: |
+        ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/   /' -e 's/-/|/'
+
+    - name: (Prepare Code to Analyze) Generate ARTIFACT_UPLOAD_ID
+      run: echo "ARTIFACT_UPLOAD_ID=$(LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 10)" >> $GITHUB_ENV
+ 
+    - name: (Prepare Code to Analyze) Set sources-upload-name
+      id: set-sources-upload-name
+      run: echo "sources-upload-name=${{ steps.set-analysis-name.outputs.analysis-name }}-analysis-sources_input-${{ env.ARTIFACT_UPLOAD_ID }}" >> "$GITHUB_OUTPUT"
+    
+    - name: (Prepare Code to Analyze) Upload code to analyze
+      if: success()
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+      with:
+        name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }}
+        path: ./temp/${{ steps.set-analysis-name.outputs.analysis-name }}/source
+        include-hidden-files: true
+        if-no-files-found: error
+        retention-days: 1
+
+
+
+  explore-code-graph:
+    needs: [prepare-code-to-analyze]
+    uses: ./.github/workflows/public-analyze-code-graph.yml
+    with:
+      analysis-name: ${{ needs.prepare-code-to-analyze.outputs.analysis-name }}
+      sources-upload-name: ${{ needs.prepare-code-to-analyze.outputs.sources-upload-name }}
+      jupyter-pdf: "false"
+      analysis-arguments: "--explore" # Only setup the Graph, do not generate any reports
diff --git a/.github/workflows/public-analyze-code-graph.yml b/.github/workflows/public-analyze-code-graph.yml
@@ -32,6 +32,7 @@ on:
           containing the content of the 'source' directory for the analysis. 
           Also supports sub-folders for multiple source code bases.
           Please use 'include-hidden-files: true' if you also want to upload the git history.
+          Note: JavaScript dependencies will NOT be installed automatically when using this option. This needs to be done before uploading the sources.
         required: false
         type: string
         default: ''
@@ -40,6 +41,7 @@ on:
           The URL of the source repository to analyze. For now, only GitHub repositories are supported.
           This can be used instead of 'sources-upload-name' to directly analyze a repository without uploading artifacts first.
           It can also be used in addition to 'sources-upload-name' to analyze both uploaded sources and a repository.
+          If specified, JavaScript dependencies will be installed automatically if a package.json file is found in the repository.
         required: false
         type: string
         default: ''  
@@ -143,7 +145,8 @@ jobs:
           distribution: "temurin"
           java-version: ${{ matrix.java }}
 
-      # "Setup Python" can be skipped if jupyter notebook analysis-results aren't needed
+      # "Setup Python" could be skipped if jupyter notebook analysis-results aren't needed or .venv is used.
+      # However, since this is a reuseable workflow, we always do it here.
       - name: (Python Setup) Use version ${{ matrix.python }} with Conda package manager Miniforge
         if: inputs.use-venv_virtual_python_environment == 'false'
         id: prepare-conda-environment
@@ -203,7 +206,31 @@ jobs:
         working-directory: temp/${{ inputs.analysis-name }}
         run: ./../../scripts/cloneGitRepository.sh --url "${{ inputs.source-repository }}" --branch "${{ inputs.source-repository-branch }}" --history-only "${{ inputs.source-repository-history-only }}" --target "source/${{ inputs.analysis-name }}"
 
-      - name: (Code Analysis Setup) Install JavaScript dependencies in cloned source repository if needed
+      - name: (Code Analysis JavaScript Setup) Detect node version file .nvmrc in cloned source repository
+        if: inputs.source-repository != ''
+        working-directory: temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }}
+        run: echo "nodeVersionFileDetected=$(if [ -f ".nvmrc" ]; then echo "true"; else echo "false"; fi)" >> $GITHUB_ENV
+      - name: (Code Analysis JavaScript Setup) Detect pnpm project in cloned source repository
+        if: inputs.source-repository != ''
+        working-directory: temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }}
+        run: echo "pnpmDetected=$(if [ -f "pnpm-lock.yaml" ]; then echo "true"; else echo "false"; fi)" >> $GITHUB_ENV
+      - name: (Code Analysis JavaScript Setup) Setup Node.js with version in .nvmrc for cloned source repository
+        if: inputs.source-repository != '' && env.nodeVersionFileDetected == 'true'
+        uses: actions/setup-node@v6.1.0
+        with:
+          node-version-file: temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }}/.nvmrc
+      - name: (Code Analysis JavaScript Setup) Setup Node.js (long-term support version fallback, no .nvmrc) for cloned source repository
+        if: inputs.source-repository != '' && env.nodeVersionFileDetected != 'true'
+        uses: actions/setup-node@v6.1.0
+        with:
+          node-version: 'lts/*'
+      - name: (Code Analysis JavaScript Setup) Setup pnpm for cloned source repository
+        if: inputs.source-repository != '' && env.pnpmDetected == 'true'
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        with:
+          package_json_file: temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }}/package.json
+          run_install: false
+      - name: (Code Analysis JavaScript Setup) Install JavaScript dependencies in cloned source repository if needed
         if: inputs.source-repository != ''
         working-directory: temp/${{ inputs.analysis-name }}
         run: ./../../scripts/installJavaScriptDependencies.sh
@@ -243,16 +270,26 @@ jobs:
         id: set-analysis-results-artifact-name
         run: echo "uploaded-analysis-results-artifact-name=code-analysis-results-${{ env.ENVIRONMENT_INFO }}" >> $GITHUB_OUTPUT
 
-      # Upload successful analysis-results in case they are needed for troubleshooting
+      # Upload successful analysis-results as the main output artifact
       - name: (Code Analysis Results) Archive successful analysis-results
-        if: success()
+        if: success() && !contains(inputs.analysis-arguments, '--explore')
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: ${{ steps.set-analysis-results-artifact-name.outputs.uploaded-analysis-results-artifact-name }}
           path: ./temp/${{ inputs.analysis-name }}/reports/*
           if-no-files-found: error
           retention-days: ${{ inputs.retention-days }}
 
+      # Upload logs if analysis results had been skipped ("--explore" analysis option)
+      - name: (Code Analysis Results) Archive successful analysis-results
+        if: success() && contains(inputs.analysis-arguments, '--explore')
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        with:
+          name: ${{ steps.set-analysis-results-artifact-name.outputs.uploaded-analysis-results-artifact-name }}
+          path: ./temp/${{ inputs.analysis-name }}/runtime/*
+          if-no-files-found: error
+          retention-days: ${{ inputs.retention-days }}
+
     
       # Upload logs and unfinished analysis-results in case of an error for troubleshooting
       - name: (Code Analysis Results) Archive failed run with logs and unfinished analysis-results
