github-workflows-dojo360-nodejs-ci
Build, test, and scan Node.js apps using the recommended UHG reusable CI workflows (npm/yarn/pnpm), with Artifactory integration and optional container builds
Node.js CI Workflow Skill
Overview
Dojo360’s legacy nodejs-ci.yml workflow is deprecated (no further releases). For new work, teams should use the UHG CI Workflows reusable workflows from uhg-pipelines/ci-workflows.
This skill documents the recommended Node.js CI patterns (npm/yarn/pnpm) and provides copy/paste templates.
Workflow Reference
Recommended (Use This)
Repository: uhg-pipelines/ci-workflows
Workflows:
.github/workflows/node-npm-ci.yml@v2.github/workflows/node-yarn-ci.yml@v2.github/workflows/node-pnpm-ci.yml@v2
Legacy (Deprecated)
Repository: dojo360/pipelines-workflows
Workflow: .github/workflows/nodejs-ci.yml@beta
Docs: https://github.com/dojo360/pipelines-workflows/tree/main/web/nodejs-ci/index.md
Key Features
- Unit tests + build (language-appropriate defaults)
- Code quality scans (configurable)
- Artifactory integration via
jfrog-project-key - Optional container image build/publish (if you provide Docker inputs)
- Supports npm/yarn/pnpm variants
Prerequisites
- Product onboarded to Dojo360 Metadata API OR local metadata file (common enterprise prerequisite)
- Artifactory project/repositories provisioned
- If building containers:
- Dockerfile must use Optum golden images (no public base images)
- Runner must have Docker available
Common Inputs (UHG reusable workflows)
These are the most commonly used inputs you’ll set when calling the UHG reusable workflows:
| Input | Type | Description |
|---|---|---|
jfrog-project-key | string | JFrog project key (routes to the correct SaaS Artifactory repos) |
working-directory | string | Where your Node project lives (default: .) |
node-version | string | Node.js version (e.g., 20) |
docker-tags | string | Image tag(s) to publish when doing Docker builds |
docker-context | string | Docker build context |
docker-dockerfile | string | Dockerfile path |
Secrets
UHG reusable workflows typically handle auth via OIDC + EPL actions, but you may still need:
- Repository/Org secrets required by your org’s Artifactory or scanning configuration
- If you enable scanning tools that require tokens (e.g., Sonar), ensure those secrets exist
Templates
See ready-to-copy examples in .github/skills/github-workflows-dojo360-nodejs-ci/templates/:
basic-node-npm-ci.ymlbasic-node-yarn-ci.ymlbasic-node-pnpm-ci.ymlnode-npm-ci-with-docker-build.yml
Notes / Gotchas
- Optum’s npm curation may block packages newer than 5 days; see
.github/skills/node-npm-install/SKILL.md. - If you build container images, ensure your Dockerfile uses Optum golden images (see repo guidance in
.github/instructions/docker.instructions.md).
Related Assets
github-workflows-dojo360-azure-infrastructure
Deploy Azure infrastructure using Terraform with PCAM vaulted access and native Azure authentication through Dojo360 Azure Infrastructure workflow
Owner: pcorazao
github-workflows-dojo360-container-cd
Deploy containerized applications to AWS ECS/Azure ACS using Dojo360 Container CD workflow with blue-green and rolling update strategies
Owner: pcorazao
github-workflows-dojo360-container-promotion
Multi-environment container deployment promotion through prescribed deployment paths with automated approval gates and E2E testing
Owner: pcorazao
github-workflows-dojo360-database
Automate database schema updates using Liquibase via the Dojo360 database workflow (with rollback and validation patterns)
Owner: pcorazao
github-workflows-dojo360-database-promotion
Promote Liquibase database changes across environments (dev→qa→cert→prod) with deployment-path validation and approval gates
Owner: pcorazao
github-workflows-dojo360-dockerfile-ci
Build and scan container images from a Dockerfile using Optum golden images and the recommended UHG reusable workflow
Owner: pcorazao

