Skip to content

github-workflows-dojo360-nodejs-ci

Build, test, and scan Node.js apps using the recommended UHG reusable CI workflows (npm/yarn/pnpm), with Artifactory integration and optional container builds

active
IDE:
claude
codex
vscode
Version:
1.0.0
Owner:pcorazao
github-actions
workflow
dojo360

Node.js CI Workflow Skill

Overview

Dojo360’s legacy nodejs-ci.yml workflow is deprecated (no further releases). For new work, teams should use the UHG CI Workflows reusable workflows from uhg-pipelines/ci-workflows.

This skill documents the recommended Node.js CI patterns (npm/yarn/pnpm) and provides copy/paste templates.

Workflow Reference

Recommended (Use This)

Repository: uhg-pipelines/ci-workflows
Workflows:

  • .github/workflows/node-npm-ci.yml@v2
  • .github/workflows/node-yarn-ci.yml@v2
  • .github/workflows/node-pnpm-ci.yml@v2

Legacy (Deprecated)

Repository: dojo360/pipelines-workflows
Workflow: .github/workflows/nodejs-ci.yml@beta
Docs: https://github.com/dojo360/pipelines-workflows/tree/main/web/nodejs-ci/index.md

Key Features

  • Unit tests + build (language-appropriate defaults)
  • Code quality scans (configurable)
  • Artifactory integration via jfrog-project-key
  • Optional container image build/publish (if you provide Docker inputs)
  • Supports npm/yarn/pnpm variants

Prerequisites

  • Product onboarded to Dojo360 Metadata API OR local metadata file (common enterprise prerequisite)
  • Artifactory project/repositories provisioned
  • If building containers:
    • Dockerfile must use Optum golden images (no public base images)
    • Runner must have Docker available

Common Inputs (UHG reusable workflows)

These are the most commonly used inputs you’ll set when calling the UHG reusable workflows:

InputTypeDescription
jfrog-project-keystringJFrog project key (routes to the correct SaaS Artifactory repos)
working-directorystringWhere your Node project lives (default: .)
node-versionstringNode.js version (e.g., 20)
docker-tagsstringImage tag(s) to publish when doing Docker builds
docker-contextstringDocker build context
docker-dockerfilestringDockerfile path

Secrets

UHG reusable workflows typically handle auth via OIDC + EPL actions, but you may still need:

  • Repository/Org secrets required by your org’s Artifactory or scanning configuration
  • If you enable scanning tools that require tokens (e.g., Sonar), ensure those secrets exist

Templates

See ready-to-copy examples in .github/skills/github-workflows-dojo360-nodejs-ci/templates/:

  • basic-node-npm-ci.yml
  • basic-node-yarn-ci.yml
  • basic-node-pnpm-ci.yml
  • node-npm-ci-with-docker-build.yml

Notes / Gotchas

  • Optum’s npm curation may block packages newer than 5 days; see .github/skills/node-npm-install/SKILL.md.
  • If you build container images, ensure your Dockerfile uses Optum golden images (see repo guidance in .github/instructions/docker.instructions.md).

Related Assets