Update dependency express to v4.20.0 [SECURITY] #310
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD Pipeline | |
on: | |
push: | |
branches: | |
- '**' | |
- '!main' | |
- '![0-9]+.[0-9]+' | |
pull_request: | |
types: [ closed ] | |
branches: | |
- 'main' | |
- '[0-9]+.[0-9]+' | |
jobs: | |
lint-js: | |
name: Lint JS | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Get npm cache directory | |
id: npm-cache | |
run: echo "::set-output name=dir::$(npm config get cache)" | |
- name: Configure npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.npm-cache.outputs.dir }} | |
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-npm- | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
- name: Configure Composer cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Validate composer.json | |
run: cd app && composer --no-interaction validate --no-check-all && cd - | |
- name: Install Node dependencies | |
run: npm ci && cd app && npm ci && cd - | |
env: | |
PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: true | |
CI: true | |
- name: Detect coding standard violations | |
run: npm run lint | |
unit-test-js: | |
name: Unit test JS | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Get npm cache directory | |
id: npm-cache | |
run: echo "::set-output name=dir::$(npm config get cache)" | |
- name: Configure npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.npm-cache.outputs.dir }} | |
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-npm- | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: echo "::set-output name=dir::$(composer config cache-files-dir)" | |
- name: Configure Composer cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Install Composer dependencies | |
run: cd app && composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction && cd - | |
- name: Setup Jest cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.jest-cache | |
key: ${{ runner.os }}-jest | |
- name: Install Node dependencies | |
run: npm ci && cd app && npm ci && cd - | |
env: | |
CI: true | |
- name: Run unit tests (with coverage) | |
run: npm run test:coverage -- --cacheDirectory="$HOME/.jest-cache" | |
- name: Run Coveralls | |
uses: coverallsapp/github-action@master | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
path-to-lcov: "./app/tests/coverage/lcov.info" | |
release-tag: | |
needs: [lint-js, unit-test-js] | |
if: ${{ github.event.pull_request.merged == true }} | |
name: Release Tag | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set the tag version | |
id: package-version | |
uses: martinbeentjes/npm-get-version-action@main | |
- name: Prepare Release | |
id: prepare-release | |
continue-on-error: true | |
uses: derekherman/[email protected] | |
with: | |
baseRef: ${{ github.base_ref }} | |
headRef: ${{ github.head_ref }} | |
tagRef: ${{ steps.package-version.outputs.current-version }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
uses: actions/create-release@v1 | |
if: steps.prepare-release.outcome == 'success' && steps.prepare-release.conclusion == 'success' | |
with: | |
tag_name: ${{ steps.package-version.outputs.current-version }} | |
release_name: ${{ steps.package-version.outputs.current-version }} | |
body: | | |
${{ steps.prepare-release.outputs.changelog }} | |
${{ steps.prepare-release.outputs.props }} | |
prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-b') || contains(github.ref, '-a') }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
deploy-staging: | |
if: ${{ github.ref == 'refs/heads/develop' }} | |
needs: [lint-js, unit-test-js] | |
name: Deploy Staging | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Get npm cache directory | |
id: npm-cache | |
run: echo "::set-output name=dir::$(npm config get cache)" | |
- name: Configure npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.npm-cache.outputs.dir }} | |
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-npm- | |
- name: Install Node dependencies | |
run: npm ci | |
env: | |
PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: true | |
CI: true | |
- name: Build Documentation | |
run: npm run docs:build | |
- name: Authenticate Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v0 | |
with: | |
project_id: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }} | |
credentials_json: ${{ secrets.GOOGLE_CLOUD_SA_STAGING }} | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v0 | |
- name: Login to GCR | |
uses: docker/login-action@v2 | |
with: | |
registry: gcr.io | |
username: _json_key | |
password: ${{ secrets.GOOGLE_CLOUD_SA_STAGING }} | |
- name: Set image version | |
id: package-version | |
uses: martinbeentjes/npm-get-version-action@main | |
- name: Build images | |
env: | |
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }} | |
VERSION: ${{ steps.package-version.outputs.current-version}} | |
run: | | |
make build.lighthouse | |
make build.phpcs | |
make build.sync | |
- name: Push images | |
env: | |
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }} | |
VERSION: ${{ steps.package-version.outputs.current-version}} | |
run: | | |
make push.lighthouse | |
make push.phpcs | |
make push.sync | |
- name: Deploy to Cloud Run | |
env: | |
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }} | |
GOOGLE_CLOUD_RUN_LIGHTHOUSE_MEMORY: ${{ secrets.GOOGLE_CLOUD_RUN_LIGHTHOUSE_MEMORY }} | |
GOOGLE_CLOUD_RUN_PHPCS_MEMORY: ${{ secrets.GOOGLE_CLOUD_RUN_PHPCS_MEMORY }} | |
GOOGLE_CLOUD_RUN_SYNC_MEMORY: ${{ secrets.GOOGLE_CLOUD_RUN_SYNC_MEMORY }} | |
GOOGLE_CLOUD_STORAGE_BUCKET_NAME: ${{ secrets.GOOGLE_CLOUD_STORAGE_BUCKET_NAME_STAGING }} | |
VERSION: ${{ steps.package-version.outputs.current-version}} | |
run: | | |
make deploy.lighthouse | |
make deploy.phpcs | |
make deploy.sync | |
- name: Deploy to Cloud Functions | |
env: | |
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }} | |
GOOGLE_CLOUD_STORAGE_BUCKET_NAME: ${{ secrets.GOOGLE_CLOUD_STORAGE_BUCKET_NAME_STAGING }} | |
run: | | |
make deploy.api | |
make deploy.spec | |
- name: Deploy to Firebase | |
uses: FirebaseExtended/action-hosting-deploy@v0 | |
with: | |
repoToken: "${{ secrets.GITHUB_TOKEN }}" | |
firebaseServiceAccount: "${{ secrets.GOOGLE_CLOUD_SA_STAGING }}" | |
projectId: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }} | |
channelId: live |