Skip to content

Update dependency express to v4.20.0 [SECURITY] #310

Update dependency express to v4.20.0 [SECURITY]

Update dependency express to v4.20.0 [SECURITY] #310

Workflow file for this run

name: CI/CD Pipeline
on:
push:
branches:
- '**'
- '!main'
- '![0-9]+.[0-9]+'
pull_request:
types: [ closed ]
branches:
- 'main'
- '[0-9]+.[0-9]+'
jobs:
lint-js:
name: Lint JS
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Get npm cache directory
id: npm-cache
run: echo "::set-output name=dir::$(npm config get cache)"
- name: Configure npm cache
uses: actions/cache@v3
with:
path: ${{ steps.npm-cache.outputs.dir }}
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Get Composer Cache Directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Validate composer.json
run: cd app && composer --no-interaction validate --no-check-all && cd -
- name: Install Node dependencies
run: npm ci && cd app && npm ci && cd -
env:
PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: true
CI: true
- name: Detect coding standard violations
run: npm run lint
unit-test-js:
name: Unit test JS
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Get npm cache directory
id: npm-cache
run: echo "::set-output name=dir::$(npm config get cache)"
- name: Configure npm cache
uses: actions/cache@v3
with:
path: ${{ steps.npm-cache.outputs.dir }}
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Get Composer Cache Directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Install Composer dependencies
run: cd app && composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction && cd -
- name: Setup Jest cache
uses: actions/cache@v3
with:
path: ~/.jest-cache
key: ${{ runner.os }}-jest
- name: Install Node dependencies
run: npm ci && cd app && npm ci && cd -
env:
CI: true
- name: Run unit tests (with coverage)
run: npm run test:coverage -- --cacheDirectory="$HOME/.jest-cache"
- name: Run Coveralls
uses: coverallsapp/github-action@master
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
path-to-lcov: "./app/tests/coverage/lcov.info"
release-tag:
needs: [lint-js, unit-test-js]
if: ${{ github.event.pull_request.merged == true }}
name: Release Tag
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set the tag version
id: package-version
uses: martinbeentjes/npm-get-version-action@main
- name: Prepare Release
id: prepare-release
continue-on-error: true
uses: derekherman/[email protected]
with:
baseRef: ${{ github.base_ref }}
headRef: ${{ github.head_ref }}
tagRef: ${{ steps.package-version.outputs.current-version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
uses: actions/create-release@v1
if: steps.prepare-release.outcome == 'success' && steps.prepare-release.conclusion == 'success'
with:
tag_name: ${{ steps.package-version.outputs.current-version }}
release_name: ${{ steps.package-version.outputs.current-version }}
body: |
${{ steps.prepare-release.outputs.changelog }}
${{ steps.prepare-release.outputs.props }}
prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-b') || contains(github.ref, '-a') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy-staging:
if: ${{ github.ref == 'refs/heads/develop' }}
needs: [lint-js, unit-test-js]
name: Deploy Staging
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Get npm cache directory
id: npm-cache
run: echo "::set-output name=dir::$(npm config get cache)"
- name: Configure npm cache
uses: actions/cache@v3
with:
path: ${{ steps.npm-cache.outputs.dir }}
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Install Node dependencies
run: npm ci
env:
PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: true
CI: true
- name: Build Documentation
run: npm run docs:build
- name: Authenticate Google Cloud
id: auth
uses: google-github-actions/auth@v0
with:
project_id: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }}
credentials_json: ${{ secrets.GOOGLE_CLOUD_SA_STAGING }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v0
- name: Login to GCR
uses: docker/login-action@v2
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GOOGLE_CLOUD_SA_STAGING }}
- name: Set image version
id: package-version
uses: martinbeentjes/npm-get-version-action@main
- name: Build images
env:
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }}
VERSION: ${{ steps.package-version.outputs.current-version}}
run: |
make build.lighthouse
make build.phpcs
make build.sync
- name: Push images
env:
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }}
VERSION: ${{ steps.package-version.outputs.current-version}}
run: |
make push.lighthouse
make push.phpcs
make push.sync
- name: Deploy to Cloud Run
env:
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }}
GOOGLE_CLOUD_RUN_LIGHTHOUSE_MEMORY: ${{ secrets.GOOGLE_CLOUD_RUN_LIGHTHOUSE_MEMORY }}
GOOGLE_CLOUD_RUN_PHPCS_MEMORY: ${{ secrets.GOOGLE_CLOUD_RUN_PHPCS_MEMORY }}
GOOGLE_CLOUD_RUN_SYNC_MEMORY: ${{ secrets.GOOGLE_CLOUD_RUN_SYNC_MEMORY }}
GOOGLE_CLOUD_STORAGE_BUCKET_NAME: ${{ secrets.GOOGLE_CLOUD_STORAGE_BUCKET_NAME_STAGING }}
VERSION: ${{ steps.package-version.outputs.current-version}}
run: |
make deploy.lighthouse
make deploy.phpcs
make deploy.sync
- name: Deploy to Cloud Functions
env:
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }}
GOOGLE_CLOUD_STORAGE_BUCKET_NAME: ${{ secrets.GOOGLE_CLOUD_STORAGE_BUCKET_NAME_STAGING }}
run: |
make deploy.api
make deploy.spec
- name: Deploy to Firebase
uses: FirebaseExtended/action-hosting-deploy@v0
with:
repoToken: "${{ secrets.GITHUB_TOKEN }}"
firebaseServiceAccount: "${{ secrets.GOOGLE_CLOUD_SA_STAGING }}"
projectId: ${{ secrets.GOOGLE_CLOUD_PROJECT_STAGING }}
channelId: live