Skip to content

fix: package.json & package-lock.json to reduce vulnerabilities #2206

fix: package.json & package-lock.json to reduce vulnerabilities

fix: package.json & package-lock.json to reduce vulnerabilities #2206

Workflow file for this run

name: Build
on: [push]
jobs:
# -- TESTS ------------------------------------------------------------------
tests:
runs-on: ubuntu-latest
strategy:
matrix:
node: ['16']
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
- name: Setup Node.js ${{ matrix.node }}
uses: actions/setup-node@5b52f097d36d4b0b2f94ed6de710023fbb8b2236 # tag=v3.1.0
with:
node-version: ${{ matrix.node }}
check-latest: true
- name: Install dependencies
run: npm install
- name: Run unit-tests + Code Coverage
run: npm run test:coverage
- name: Save Code Coverage
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
with:
name: code-coverage
path: coverage
# -- SONARCLOUD -------------------------------------------------------------
code-quality:
runs-on: ubuntu-latest
needs: tests
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
- name: Download Code Coverage
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0
with:
name: code-coverage
path: coverage
- name: Get App Version
run: ./scripts/version.sh
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# -- SAST SCAN --------------------------------------------------------------
code-security:
runs-on: ubuntu-latest
needs: tests
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
- name: Checkout
uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # tag=v3
- name: Perform Scan
uses: ShiftLeftSecurity/scan-action@master
env:
WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SCAN_ANNOTATE_PR: true
- uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
with:
name: reports
path: reports
# -- RELEASE ----------------------------------------------------------------
release:
runs-on: ubuntu-latest
needs:
- code-quality
- code-security
if: github.ref == 'refs/heads/master'
steps:
- name: Checkout
uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748 # tag=v3
- name: Semantic Release
uses: cycjimmy/semantic-release-action@3b88c82b34098e8b51e401c1082c9170b0a3ec3c # tag=v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# -- BUILD ------------------------------------------------------------------
build:
runs-on: ubuntu-latest
needs: release
strategy:
matrix:
node: ['16']
steps:
- name: Checkout
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
- name: Setup Node.js ${{ matrix.node }}
uses: actions/setup-node@5b52f097d36d4b0b2f94ed6de710023fbb8b2236 # tag=v3.1.0
with:
node-version: ${{ matrix.node }}
check-latest: true
- name: Install dependencies
run: npm install