Skip to content

chore: security fixes #13054

chore: security fixes

chore: security fixes #13054

Workflow file for this run

name: CI # Run CI Checks
on:
pull_request:
branches:
- main
- v1
- 'release\/v2**'
merge_group:
types: [checks_requested]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Cache dependencies
uses: actions/cache@v2
with:
path: '**/node_modules'
key: build-modules-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
- name: Install
run: yarn
- name: CI build checks
run: yarn ci-check:build
format:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Cache dependencies
uses: actions/cache@v2
with:
path: '**/node_modules'
key: lint-modules-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
- name: Install
run: yarn
- name: Check formatting of project files
run: yarn format:diff
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Cache dependencies
uses: actions/cache@v2
with:
path: '**/node_modules'
key: lint-modules-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
- name: Install
run: yarn
- name: CI lint checks
run: yarn ci-check:lint
spellcheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Cache dependencies
uses: actions/cache@v2
with:
path: '**/node_modules'
key: spellcheck-modules-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
- name: Install
run: yarn
- name: CI spellcheck checks
run: yarn ci-check:spellcheck
test-c4p:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Cache dependencies
uses: actions/cache@v2
with:
path: '**/node_modules'
key: test-c4p-modules-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
- name: Install
run: yarn
- name: CI tests for c4p
run: yarn ci-check:test:c4p --collectCoverage
- name: Upload coverage reports to Codecov with GitHub Action
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- name: CI snapshot tests for c4p
run: yarn ci-check:test:c4p:snapshot
test-c4p-wc:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Cache dependencies
uses: actions/cache@v2
with:
path: '**/node_modules'
key:
test-c4p-wc-modules-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
- name: Install
run: yarn
- name: CI tests for products web components
run: yarn ci-check:test:c4p-wc
avt-runner:
strategy:
matrix:
shard: [1, 2, 3, 4]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Install
run: yarn
- name: Install browsers
run: yarn playwright install --with-deps
- name: Build project
run: yarn build
- name: Run storybook
id: storybook
run: |
npx serve -l 3000 packages/core/storybook-static &
pid=$!
echo "pid=$pid" >> $GITHUB_OUTPUT
- uses: ./actions/wait-for-it
with:
URL: 'http://localhost:3000'
timeout-minutes: 3
- name: Run AVT
if: github.repository == 'carbon-design-system/ibm-products'
run: |
yarn playwright test --project chromium --grep @avt --shard="${{ matrix.shard }}/4"
- name: Stop storybook
run: kill ${{ steps.storybook.outputs.pid }}
- name: Upload test results
if: always()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #4.4.3
with:
name: playwright-avt-report
path: .playwright
vrt-runner:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: '20.x'
cache: yarn
- name: Install
run: yarn
- name: Install browsers
run: yarn playwright install --with-deps
- name: Build project
run: yarn build
- name: Run VRT
working-directory: packages/core
env:
PERCY_TOKEN: web_d04495b0b413d61c2ea6b9118d1748b43f4fdd58d17ebe453ef8e0016b5766e4
run: yarn percy storybook storybook-static
avt:
if: ${{ always() }}
runs-on: ubuntu-latest
needs: avt-runner
steps:
- name: Check AVT Runner job status
if: ${{ needs.avt-runner.result != 'success' }}
run: exit 1