Skip to content

[1.3][CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10 (#7740) #13625

[1.3][CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10 (#7740)

[1.3][CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10 (#7740) #13625

# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Build and test
# trigger on every commit push and PR for all branches except pushes for backport branches
on:
push:
branches: [ '**', '!backport/**' ]
paths-ignore:
- '**/*.md'
- 'docs/**'
pull_request:
branches: [ '**' ]
paths-ignore:
- '**/*.md'
- 'docs/**'
env:
TEST_BROWSER_HEADLESS: 1
CI: 1
GCS_UPLOAD_PREFIX: fake
TEST_OPENSEARCH_DASHBOARDS_HOST: localhost
TEST_OPENSEARCH_DASHBOARDS_PORT: 6610
TEST_OPENSEARCH_TRANSPORT_PORT: 9403
TEST_OPENSEARCH_PORT: 9400
OSD_SNAPSHOT_SKIP_VERIFY_CHECKSUM: true
NODE_OPTIONS: "--max_old_space_size=4096"
jobs:
build-lint-test-linux:
runs-on: ubuntu-latest
name: Build and Verify on Linux
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Setup Yarn
run: |
npm uninstall -g yarn
npm i -g [email protected]
yarn config set network-timeout 1000000 -g
- name: Configure Yarn Cache
run: echo "YARN_CACHE_LOCATION=$(yarn cache dir)" >> $GITHUB_ENV
- name: Initialize Yarn Cache
uses: actions/cache@v3
with:
path: ${{ env.YARN_CACHE_LOCATION }}
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-
- name: Run bootstrap
run: yarn osd bootstrap
- name: Run linter
id: linter
run: yarn lint
- name: Validate NOTICE file
id: notice-validate
run: yarn notice:validate
- name: Run unit tests with coverage
id: unit-tests
run: yarn test:jest:ci:coverage
- name: Run mocha tests with coverage
id: mocha-tests
run: yarn test:mocha:coverage
- name: Upload Code Coverage
id: upload-code-coverage
uses: codecov/codecov-action@v3
with:
directory: ./target/opensearch-dashboards-coverage
flags: Linux
- name: Run integration tests
id: integration-tests
run: yarn test:jest_integration:ci
build-lint-test-windows:
runs-on: windows-latest
name: Build and Verify on Windows
defaults:
run:
shell: powershell
steps:
- name: Configure git's autocrlf
run: |
git config --global core.autocrlf false
- name: Checkout code
uses: actions/checkout@v3
- name: Setup JDK
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Setup Yarn
run: |
npm uninstall -g yarn
npm i -g [email protected]
yarn config set network-timeout 1000000 -g
- name: Configure Yarn Cache
run: |
echo "YARN_CACHE_LOCATION=$(yarn cache dir)" >> $env:GITHUB_ENV
echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
- name: Initialize Yarn Cache
uses: actions/cache@v3
with:
path: ${{ env.YARN_CACHE_LOCATION }}
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-
- name: Run bootstrap
run: |
yarn osd bootstrap
if ($LASTEXITCODE) { yarn osd bootstrap }
- name: Run linter
id: linter
run: yarn lint
- name: Validate NOTICE file
id: notice-validate
run: yarn notice:validate
- name: Run unit tests with coverage
id: unit-tests
run: yarn test:jest:ci:coverage
- name: Run mocha tests with coverage
id: mocha-tests
run: yarn test:mocha:coverage
- name: Upload Code Coverage
id: upload-code-coverage
uses: codecov/codecov-action@v3
with:
directory: ./target/opensearch-dashboards-coverage
flags: Windows
- name: Run integration tests
id: integration-tests
run: yarn test:jest_integration:ci
functional-tests-linux:
runs-on: ubuntu-latest
name: Run functional tests on Linux
strategy:
matrix:
group: [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 ]
steps:
- run: echo Running functional tests for ciGroup${{ matrix.group }}
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Setup Yarn
run: |
npm uninstall -g yarn
npm i -g [email protected]
yarn config set network-timeout 1000000 -g
- name: Configure Yarn Cache
run: echo "YARN_CACHE_LOCATION=$(yarn cache dir)" >> $GITHUB_ENV
- name: Initialize Yarn Cache
uses: actions/cache@v3
with:
path: ${{ env.YARN_CACHE_LOCATION }}
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-
# Node 10 is only supported by ChromeDriver 107 and lower
- name: Download Chrome
id: download-chrome
uses: abhi1693/[email protected]
with:
browser: chrome
# https://omahaproxy.appspot.com/deps.json?version=107.0.5304.150
version: 1047731
- name: Setup Chrome
run: |
sudo rm -rf /usr/bin/google-chrome
sudo ln -s ${{steps.download-chrome.outputs.path}}/${{steps.download-chrome.outputs.binary}} /usr/bin/google-chrome
- name: Run bootstrap
run: yarn osd bootstrap
- name: Build plugins
run: node scripts/build_opensearch_dashboards_platform_plugins --no-examples --workers 10
- name: Run CI test group ${{ matrix.group }}
id: ftr-tests
run: node scripts/functional_tests.js --config test/functional/config.js --include ciGroup${{ matrix.group }}
env:
CI_GROUP: ciGroup${{ matrix.group }}
CI_PARALLEL_PROCESS_NUMBER: ciGroup${{ matrix.group }}
JOB: ci${{ matrix.group }}
CACHE_DIR: ciGroup${{ matrix.group }}
- uses: actions/upload-artifact@v3
if: failure()
with:
name: failure-artifacts
path: |
test/*/failure_debug/
test/*/screenshots/
functional-tests-windows:
runs-on: windows-latest
name: Run functional tests on Windows
strategy:
matrix:
group: [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 ]
defaults:
run:
shell: powershell
steps:
- run: echo Running functional tests for ciGroup${{ matrix.group }}
- name: Configure git's autocrlf
run: |
git config --global core.autocrlf false
- name: Checkout code
uses: actions/checkout@v3
- name: Setup JDK
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Setup Yarn
run: |
npm uninstall -g yarn
npm i -g [email protected]
yarn config set network-timeout 1000000 -g
- name: Configure Yarn Cache
run: |
echo "YARN_CACHE_LOCATION=$(yarn cache dir)" >> $env:GITHUB_ENV
echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
- name: Initialize Yarn Cache
uses: actions/cache@v3
with:
path: ${{ env.YARN_CACHE_LOCATION }}
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-
# Node 10 is only supported by ChromeDriver 107 and lower
- name: Download Chrome
id: download-chrome
uses: abhi1693/[email protected]
with:
browser: chrome
# https://omahaproxy.appspot.com/deps.json?version=107.0.5296.1
version: 1045634
- name: Setup Chrome
run: |
New-Item -Force -Type Directory "$Env:Programfiles/Google/Chrome/Application"
Remove-Item -Recurse -Force "$Env:Programfiles/Google/Chrome/Application/*"
Copy-Item -Force -Recurse "${{steps.download-chrome.outputs.path}}/*" "$Env:Programfiles/Google/Chrome/Application"
- name: Run bootstrap
run: |
yarn osd bootstrap
if ($LASTEXITCODE) { yarn osd bootstrap }
- name: Build plugins
run: node scripts/build_opensearch_dashboards_platform_plugins --no-examples --workers 10
- name: Run CI test group ${{ matrix.group }}
id: ftr-tests
run: node scripts/functional_tests.js --config test/functional/config.js --include ciGroup${{ matrix.group }}
env:
CI_GROUP: ciGroup${{ matrix.group }}
CI_PARALLEL_PROCESS_NUMBER: ciGroup${{ matrix.group }}
JOB: ci${{ matrix.group }}
CACHE_DIR: ciGroup${{ matrix.group }}
- uses: actions/upload-artifact@v3
if: failure()
with:
name: failure-artifacts-ci${{ matrix.group }}
path: |
test/*/failure_debug/
test/*/screenshots/
build-min-artifact-tests-linux:
runs-on: ubuntu-latest
name: Build min release artifacts on Linux
defaults:
run:
working-directory: ./artifacts
strategy:
matrix:
include:
- name: Linux x64
ext: tar.gz
suffix: linux-x64
script: build-platform --linux --skip-os-packages
- name: Linux ARM64
ext: tar.gz
suffix: linux-arm64
script: build-platform --linux-arm --skip-os-packages
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
path: ./artifacts
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: './artifacts/.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Setup Yarn
run: |
npm uninstall -g yarn
npm i -g [email protected]
yarn config set network-timeout 1000000 -g
- name: Configure Yarn Cache
run: echo "YARN_CACHE_LOCATION=$(yarn cache dir)" >> $GITHUB_ENV
- name: Initialize Yarn Cache
uses: actions/cache@v3
with:
path: ${{ env.YARN_CACHE_LOCATION }}
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-
- name: Get package version
run: |
echo "VERSION=$(yarn --silent pkg-version)" >> $GITHUB_ENV
- name: Get artifact build name
run: |
echo "ARTIFACT_BUILD_NAME=opensearch-dashboards-${{ env.VERSION }}-${{ matrix.suffix }}.${{ matrix.ext }}" >> $GITHUB_ENV
- name: Run bootstrap
run: yarn osd bootstrap
- name: Build `${{ matrix.name }}`
run: yarn ${{ matrix.script }} --release
- uses: actions/upload-artifact@v3
if: success()
with:
name: ${{ matrix.suffix }}-${{ env.VERSION }}
path: ./artifacts/target/${{ env.ARTIFACT_BUILD_NAME }}
retention-days: 1
build-min-artifact-tests-windows:
runs-on: windows-latest
name: Build min release artifacts on Windows
defaults:
run:
working-directory: artifacts
strategy:
matrix:
include:
- name: Windows x64
ext: zip
suffix: windows-x64
script: build-platform --windows --skip-os-packages
steps:
- name: Configure git's autocrlf
run: |
git config --global core.autocrlf false
working-directory: .
- name: Checkout code
uses: actions/checkout@v3
with:
path: artifacts
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: 'artifacts/.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Setup Yarn
run: |
npm uninstall -g yarn
npm i -g [email protected]
yarn config set network-timeout 1000000 -g
- name: Configure Yarn Cache
run: |
echo "YARN_CACHE_LOCATION=$(yarn cache dir)" >> $env:GITHUB_ENV
echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
- name: Initialize Yarn Cache
uses: actions/cache@v3
with:
path: ${{ env.YARN_CACHE_LOCATION }}
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-
- name: Get package version
run: |
echo "VERSION=$(yarn --silent pkg-version)" >> $env:GITHUB_ENV
- name: Get artifact build name
run: |
echo "ARTIFACT_BUILD_NAME=opensearch-dashboards-${{ env.VERSION }}-${{ matrix.suffix }}.${{ matrix.ext }}" >> $env:GITHUB_ENV
- name: Run bootstrap
run: yarn osd bootstrap
- name: Build `${{ matrix.name }}`
run: yarn ${{ matrix.script }} --release
- uses: actions/upload-artifact@v3
if: success()
with:
name: ${{ matrix.suffix }}-${{ env.VERSION }}
path: artifacts/target/${{ env.ARTIFACT_BUILD_NAME }}
retention-days: 1