fix(security): patch @babel/traverse dependency vulnerabilities (#641) #1654
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Test and Deploy | |
on: | |
pull_request: | |
push: | |
branches: ["main", "beta"] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 14.21.3 | |
cache: 'yarn' | |
- name: Cache node_modules | |
uses: actions/cache@v3 | |
id: cache-primes | |
with: | |
path: "**/node_modules" | |
key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }} | |
- name: Install dependencies | |
if: steps.cache-primes.outputs.cache-hit != 'true' | |
run: yarn install --frozen-lockfile --non-interactive --production=false | |
- name: Lint commit message | |
uses: wagoid/commitlint-github-action@456526eec71276a59e74aafdfe06a9632ac2eee1 | |
- name: Lint javascript and typescript | |
run: yarn lint | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
needs: [lint] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 14.21.2 | |
cache: 'yarn' | |
- name: Cache node_modules | |
uses: actions/cache@v3 | |
with: | |
path: "**/node_modules" | |
key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }} | |
- name: Build | |
run: yarn build | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: [lint] | |
strategy: | |
matrix: | |
node: [14, 16, 18, 20] | |
include: | |
- node: 14 | |
withCoverage: ${{ true }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: 'yarn' | |
- name: Cache node_modules | |
uses: actions/cache@v3 | |
with: | |
path: "**/node_modules" | |
key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }} | |
- name: Login on dockerhub | |
run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin | |
- name: Start docker container | |
run: docker-compose up -d; sleep 15 | |
- name: Test with Node ${{ matrix.node }} | |
if: ${{ !matrix.withCoverage }} | |
run: yarn test | |
- name: Test with Node ${{ matrix.node }} & Send coverage | |
uses: paambaati/codeclimate-action@5f637ccd517bc8960de0fe59379dd922bcba9486 | |
if: matrix.withCoverage && matrix.node == 14 | |
env: | |
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
with: | |
coverageCommand: yarn test:coverage | |
- name: Test prepack | |
run: yarn prepack | |
- name: Test postpack | |
run: yarn postpack | |
deploy: | |
name: Release package | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: [build, test] | |
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/beta') | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.ref }} | |
persist-credentials: false # GITHUB_TOKEN must not be set for the semantic release | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 14.21.2 | |
cache: 'yarn' | |
- uses: actions/cache@v3 | |
with: | |
path: "**/node_modules" | |
key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }} | |
- name: Build | |
run: yarn build | |
- name: Get Semantic Release current version | |
id: semantic_version | |
run: | | |
VERSION=`node -p "require('./package.json').devDependencies['semantic-release']"` | |
echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
- name: Semantic Release | |
uses: cycjimmy/semantic-release-action@7f0c0e4904fb36f980686dda081f2f258500f3ea | |
id: semantic | |
with: | |
semantic_version: ${{ steps.semantic_version.outputs.version }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} | |
GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} | |
GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} | |
GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |