Skip to content

Audit Snyk check/fix 2.7 #13226

Audit Snyk check/fix 2.7

Audit Snyk check/fix 2.7 #13226

Workflow file for this run

---
name: Continuous integration
on:
push:
pull_request:
pull_request_target:
types: [labeled]
env:
HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
MAIN_BRANCH: '2.7'
CI: true
jobs:
not-failed-backport:
runs-on: ubuntu-22.04
name: Test that's not a failed backport
timeout-minutes: 5
steps:
- run: 'false'
if: "github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.'"
main:
runs-on: ubuntu-22.04
name: Continuous integration
timeout-minutes: 40
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
env:
PATH: /bin:/usr/bin:/usr/local/bin:/home/runner/.local/bin
steps:
- run: '! ls BACKPORT_TODO'
- run: /opt/google/chrome/chrome --version
- name: Get sha
id: sha
run: echo "::set-output name=sha::$(jq -r .pull_request.head.sha < ${GITHUB_EVENT_PATH})"
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'pull_request_target'
- uses: actions/checkout@v2
with:
fetch-depth: 0
if: github.event_name != 'pull_request_target'
- uses: actions/checkout@v2
with:
fetch-depth: 0
ref: ${{ steps.sha.outputs.sha }}
if: github.event_name == 'pull_request_target'
- uses: actions/setup-node@v1
with:
node-version: '16.x'
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: npm transifex
if: env.HAS_SECRETS == 'HAS_SECRETS'
- run: gopass show gs/ci/test-mask
if: env.HAS_SECRETS == 'HAS_SECRETS'
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- name: Checks
run: c2cciutils-checks
- run: |
sudo rm /etc/apt/sources.list.d/*.list
sudo apt update
sudo apt install g++-10 libgbm1 graphicsmagick fonts-liberation2 gettext
- run: buildtools/set-version
- run: make .build/node_modules.timestamp
# Lint
- run: npx tsc --version
- run: npm run typecheck
if: github.event_name != 'pull_request_target'
# First do the lint on TypeScript files to see the error in the many warnings messages
- run: make .build/eslint-ts.timestamp
if: github.event_name != 'pull_request_target'
- run: make lint
if: github.event_name != 'pull_request_target'
- run: make test
if: github.event_name != 'pull_request_target'
- run: make check-examples-checker
if: github.event_name != 'pull_request_target'
# Cypress tests
- run: make serve-gmf-apps &
if: github.event_name != 'pull_request_target'
- run: npm run test-cli
if: github.event_name != 'pull_request_target'
# Webpack build of ngeo/gmf examples and gmf apps
- run: NODE_ENV=production make examples-hosted
- run: npm run build-storybook
- run: make check-examples
if: github.event_name != 'pull_request_target'
- uses: actions/upload-artifact@v2
with:
name: Examples hosted
path: .build/examples-hosted
if-no-files-found: ignore
retention-days: 5
if: failure()
# Generate API doc, api, lib
- run: npm run doc -- srcapi/store/config.ts --json dist/typedoc.json
- run: npm run doc
- run: npm run build-api
- run: npm run dist
- run: npm run dist-spinner
- uses: actions/upload-artifact@v2
with:
name: Npm logs
path: /home/runner/.npm/_logs
if-no-files-found: ignore
retention-days: 5
if: failure()
- run: make transifex-send
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
- run: buildtools/npm-publish
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'push'
- name: Publish Storybook to Chromatic to run visual tests
run: npm run chromatic -- --project-token=$(gopass show gs/ci/chromatic/ngeo_token)
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'push'
- name: Publish Storybook to Chromatic to run visual tests
run: GITHUB_SHA=${GITHUB_SHA_} npm run chromatic -- --project-token=$(gopass show gs/ci/chromatic/ngeo_token) --branch-name=${GITHUB_HEAD_REF}
if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'pull_request_target'
env:
GITHUB_SHA_: ${{ steps.sha.outputs.sha }}
- name: Notify c2cgeoportal
run: >
curl --request POST --header "Content-Type: application/json"
--header 'Accept: application/vnd.github.v3+json'
--header "Authorization: token ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}"
https://api.github.com/repos/camptocamp/c2cgeoportal/dispatches
--data '{"event_type": "ngeo_${{ env.MAIN_BRANCH }}_updated"}'
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Prepare gh-pages
run: |
mkdir -p gh-pages
cp -ar api/dist gh-pages/api
cp -ar apidoc gh-pages/apidoc
cp -ar .build/examples-hosted gh-pages/examples
cp -ar .build/storybook gh-pages/storybook
if: startsWith(github.ref, 'refs/heads/') && ! contains(github.ref_name, '/') && env.HAS_SECRETS == 'HAS_SECRETS'
- uses: actions/upload-artifact@v2
with:
name: gh-pages
path: gh-pages
if: startsWith(github.ref, 'refs/heads/') && ! contains(github.ref_name, '/') && env.HAS_SECRETS == 'HAS_SECRETS'
gh-pages:
runs-on: ubuntu-22.04
name: Github Pages
timeout-minutes: 10
if: startsWith(github.ref, 'refs/heads/') && ! contains(github.ref_name, '/')
concurrency: gh-pages
needs:
- main
steps:
- uses: actions/checkout@v2
with:
ref: gh-pages
fetch-depth: 0
if: env.HAS_SECRETS == 'HAS_SECRETS'
- uses: actions/download-artifact@v2
with:
name: gh-pages
path: ${{ github.ref_name }}
if: env.HAS_SECRETS == 'HAS_SECRETS'
- name: Rewrite root commit and force push
run: |
git config --global user.name "Continuous integration"
git config --global user.email "[email protected]"
FIRST_COMMIT=$(git log --format='%H' | tail -1)
git reset --quiet --mixed $FIRST_COMMIT
git add ${{ github.ref_name }}
git commit --quiet --amend --message="Update GitHub pages"
git push --force
if: env.HAS_SECRETS == 'HAS_SECRETS'