fix: Dockerfile to reduce vulnerabilities #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Leave the powered by Sauce Labs bit in as this means we get additional concurrency | |
name: "Frontend admin tests powered by Sauce Labs" | |
on: [push] | |
jobs: | |
withplugins: | |
name: with plugins | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
node: [14, 16, 18] | |
steps: | |
- | |
name: Fail if Dependabot | |
if: github.actor == 'dependabot[bot]' | |
run: | | |
cat <<EOF >&2 | |
Frontend tests skipped because Dependabot can't access secrets. | |
Manually re-run the jobs to run the frontend tests. | |
For more information, see: | |
https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ | |
EOF | |
exit 1 | |
- | |
name: Generate Sauce Labs strings | |
id: sauce_strings | |
run: | | |
printf %s\\n '::set-output name=name::${{ github.workflow }} - ${{ github.job }} - Node ${{ matrix.node }}' | |
printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}-node${{ matrix.node }}' | |
- | |
name: Checkout repository | |
uses: actions/checkout@v3 | |
- | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: 'npm' | |
cache-dependency-path: | | |
src/package-lock.json | |
src/bin/doc/package-lock.json | |
- | |
name: Install etherpad plugins | |
# We intentionally install an old ep_align version to test upgrades to | |
# the minor version number. The --legacy-peer-deps flag is required to | |
# work around a bug in npm v7: https://github.com/npm/cli/issues/2199 | |
run: npm install --no-save --legacy-peer-deps ep_align@0.2.27 | |
# Etherpad core dependencies must be installed after installing the | |
# plugin's dependencies, otherwise npm will try to hoist common | |
# dependencies by removing them from src/node_modules and installing them | |
# in the top-level node_modules. As of v6.14.10, npm's hoist logic appears | |
# to be buggy, because it sometimes removes dependencies from | |
# src/node_modules but fails to add them to the top-level node_modules. | |
# Even if npm correctly hoists the dependencies, the hoisting seems to | |
# confuse tools such as `npm outdated`, `npm update`, and some ESLint | |
# rules. | |
- | |
name: Install all dependencies and symlink for ep_etherpad-lite | |
run: src/bin/installDeps.sh | |
- | |
name: Install etherpad plugins | |
run: rm -Rf node_modules/ep_align/static/tests/* | |
- | |
name: export GIT_HASH to env | |
id: environment | |
run: echo "::set-output name=sha_short::$(git rev-parse --short ${{ github.sha }})" | |
- | |
name: Create settings.json | |
run: cp settings.json.template settings.json | |
- | |
name: Write custom settings.json that enables the Admin UI tests | |
run: "sed -i 's/\"enableAdminUITests\": false/\"enableAdminUITests\": true,\\n\"users\":{\"admin\":{\"password\":\"changeme\",\"is_admin\":true}}/' settings.json" | |
- | |
name: increase maxHttpBufferSize | |
run: "sed -i 's/\"maxHttpBufferSize\": 10000/\"maxHttpBufferSize\": 100000/' settings.json" | |
- | |
name: Remove standard frontend test files, so only admin tests are run | |
run: mv src/tests/frontend/specs/* /tmp && mv /tmp/admin*.js src/tests/frontend/specs | |
- | |
uses: saucelabs/sauce-connect-action@v2.1.1 | |
with: | |
username: ${{ secrets.SAUCE_USERNAME }} | |
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} | |
tunnelIdentifier: ${{ steps.sauce_strings.outputs.tunnel_id }} | |
- | |
name: Run the frontend admin tests | |
shell: bash | |
env: | |
SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} | |
SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} | |
SAUCE_NAME: ${{ steps.sauce_strings.outputs.name }} | |
TRAVIS_JOB_NUMBER: ${{ steps.sauce_strings.outputs.tunnel_id }} | |
GIT_HASH: ${{ steps.environment.outputs.sha_short }} | |
run: | | |
src/tests/frontend/travis/adminrunner.sh |