(hotfix) Resolves security issue in @3um-Group/Fortuna/actions/runs/1… #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Simple workflow for deploying static content to GitHub Pages | |
name: Deploy static content to Pages | |
on: | |
# Runs on pushes targeting the semantic version releases | |
push: | |
# Sequence of patterns matched against refs/tags | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
permissions: | |
contents: write | |
pages: write | |
id-token: write | |
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
concurrency: | |
group: "pages" | |
cancel-in-progress: false | |
#continue-on-error: true | |
jobs: | |
security: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- uses: actions/setup-node@v1 | |
with: | |
registry-url: https://npm.pkg.github.com/ | |
- name: Install dependencies based on package-lock.json | |
run: npm ci | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.GPR_PRIVATE_READ_TOKEN }} | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/node@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
command: test | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Nodejs | |
uses: actions/setup-node@v1 | |
with: | |
registry-url: https://npm.pkg.github.com/ | |
- name: Install dependencies based on package-lock.json | |
run: npm ci | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.GPR_PRIVATE_READ_TOKEN }} | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Execute Unit tests | |
run: npm test | |
deploy: | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Nodejs | |
uses: actions/setup-node@v1 | |
with: | |
registry-url: https://npm.pkg.github.com/ | |
- name: Install dependencies based on package-lock.json | |
run: npm ci | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.GPR_PRIVATE_READ_TOKEN }} | |
- name: Run unit tests | |
run: npm build | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Setup Pages | |
uses: actions/configure-pages@v5 | |
# Update version in package.json according to the tag | |
- name: Check package version | |
uses: technote-space/package-version-check-action@v1 | |
- name: Generate Changelog | |
uses: scottbrenner/generate-changelog-action@master | |
id: Changelog | |
env: | |
REPO: ${{ github.repository }} | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@latest | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: Release ${{ github.ref }} | |
body: | | |
${{ steps.Changelog.outputs.changelog }} | |
draft: false | |
prerelease: false | |
- run: npm build | |
- name: Upload artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
# Upload entire repository | |
path: './build' | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 |