Skip to content

fix: upgrade multiple dependencies with Snyk #8504

fix: upgrade multiple dependencies with Snyk

fix: upgrade multiple dependencies with Snyk #8504

Workflow file for this run

name: Deploy
concurrency: ci-${{ github.ref }}
on:
push:
branches:
- "*"
- "!skipci*"
permissions:
id-token: write
contents: read
actions: read
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "20.x"
- name: Install dependencies
run: |
npm ci --legacy-peer-deps
for service in services/*/; do
pushd "$service"
if [ -f package-lock.json ]; then npm ci --legacy-peer-deps; fi
popd
done
- name: Run ESLint
run: npx eslint --max-warnings=0 services
unit-test:
name: Unit Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "20.x"
- name: Unit Test & Publish Coverage
uses: paambaati/codeclimate-action@v5.0.0
env:
CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_TEST_REPORTER_ID }}
with:
debug: true
coverageCommand: ./unit-test.sh
coverageLocations: |
${{github.workspace}}/services/*/coverage/lcov.info:lcov
deploy:
name: Deploy
needs:
- lint
- unit-test
runs-on: ubuntu-latest
environment:
name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
url: "https://onemac.cms.gov"
steps:
- name: set branch_name
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
- name: Check branch name is a legal serverless stage name
run: |
if [[ ! $branch_name =~ ^[a-z][a-z0-9-]*$ ]] || [[ $branch_name -gt 128 ]]; then
echo """
------------------------------------------------------------------------------------------------------------------------------
ERROR: Please read below
------------------------------------------------------------------------------------------------------------------------------
Bad branch name detected; cannot continue.
The Serverless Application Framework has a concept of stages that facilitate multiple deployments of the same service.
In this setup, the git branch name gets passed to Serverless to serve as the stage name.
The stage name (branch name in this case) is tacked onto the end of the service name by Serverless.
Therefore, the branch name must be a valid service name.
From Serverless:
A service name should only contain alphanumeric (case sensitive) and hyphens. It should start with an alphabetic character and shouldnt exceed 128 characters.
For Github Actions support, please push your code to a new branch with a name that meets Serverless' service name requirements.
So, make a new branch with a name that begins with a letter and is made up of only letters, numbers, and hyphens... then delete this branch.
------------------------------------------------------------------------------------------------------------------------------
"""
exit 1
fi
- uses: actions/checkout@v3
- name: Validate branch name
run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
- name: set branch specific variable names
run: ./.github/build_vars.sh set_names
- name: set variable values
run: ./.github/build_vars.sh set_values
env:
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
ROUTE_53_HOSTED_ZONE_ID: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_HOSTED_ZONE_ID] }}
ROUTE_53_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_DOMAIN_NAME] }}
CLOUDFRONT_CERTIFICATE_ARN: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_CERTIFICATE_ARN] }}
CLOUDFRONT_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_DOMAIN_NAME] }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
METRICS_USERS: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_METRICS_USERS] || secrets.METRICS_USERS }}
OKTA_METADATA_URL: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_OKTA_METADATA_URL] || secrets.OKTA_METADATA_URL }}
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
REACT_APP_GOOGLE_TAG: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_REACT_APP_GOOGLE_TAG] || secrets[env.REACT_APP_GOOGLE_TAG] }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- uses: actions/setup-node@v3
with:
node-version: "20.x"
- name: Combine package-lock.json files to single file
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
- name: cache service dependencies
uses: actions/cache@v3
with:
path: |
services/.sechub/node_modules
services/admin/node_modules
services/seatool-sink/node_modules
services/uploads/node_modules
services/app-api/node_modules
services/email/node_modules
services/one-stream/node_modules
services/ui/node_modules
services/ui-auth/node_modules
services/ui-src/node_modules
node_modules
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }}
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: Set dev login flag for all but production branch
if: ${{ env.branch_name != 'production' }}
run: echo "ALLOW_DEV_LOGIN=true" >> $GITHUB_ENV
- name: Set testing email address unless in prod
if: ${{ env.branch_name != 'production' }}
run: echo "TESTING_TEAM_EMAIL=macproemailnotification@gmail.com" >> $GITHUB_ENV
- name: deploy
run: |
# When deploying multiple copies of this quickstart to the same AWS Account (not ideal), a prefix helps prevent stepping on each other.
# This can optionally be set as a variable in GitHub Actions Secrets
./deploy.sh $STAGE_PREFIX$branch_name
- name: Output Endpoint
run: |
pushd services
echo "::notice::Endpoint URL - `./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`"
popd
configure:
name: Configure
needs:
- deploy
runs-on: ubuntu-latest
steps:
- name: set branch_name
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
- name: Check branch name is a legal serverless stage name
run: |
if [[ ! $branch_name =~ ^[a-z][a-z0-9-]*$ ]] || [[ $branch_name -gt 128 ]]; then
echo """
------------------------------------------------------------------------------------------------------------------------------
ERROR: Please read below
------------------------------------------------------------------------------------------------------------------------------
Bad branch name detected; cannot continue.
The Serverless Application Framework has a concept of stages that facilitate multiple deployments of the same service.
In this setup, the git branch name gets passed to Serverless to serve as the stage name.
The stage name (branch name in this case) is tacked onto the end of the service name by Serverless.
Therefore, the branch name must be a valid service name.
From Serverless:
A service name should only contain alphanumeric (case sensitive) and hyphens. It should start with an alphabetic character and shouldnt exceed 128 characters.
For Github Actions support, please push your code to a new branch with a name that meets Serverless' service name requirements.
So, make a new branch with a name that begins with a letter and is made up of only letters, numbers, and hyphens... then delete this branch.
------------------------------------------------------------------------------------------------------------------------------
"""
exit 1
fi
- uses: actions/checkout@v3
- name: Validate branch name
run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
- name: set branch specific variable names
run: ./.github/build_vars.sh set_names
- name: set variable values
run: ./.github/build_vars.sh set_values
env:
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
ROUTE_53_HOSTED_ZONE_ID: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_HOSTED_ZONE_ID] }}
ROUTE_53_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_DOMAIN_NAME] }}
CLOUDFRONT_CERTIFICATE_ARN: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_CERTIFICATE_ARN] }}
CLOUDFRONT_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_DOMAIN_NAME] }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
METRICS_USERS: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_METRICS_USERS] || secrets.METRICS_USERS }}
OKTA_METADATA_URL: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_OKTA_METADATA_URL] || secrets.OKTA_METADATA_URL }}
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- uses: actions/setup-node@v3
with:
node-version: "20.x"
- name: Combine package-lock.json files to single file
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
- name: cache service dependencies
uses: actions/cache@v3
with:
path: |
services/.sechub/node_modules
services/admin/node_modules
services/seatool-sink/node_modules
services/uploads/node_modules
services/app-api/node_modules
services/email/node_modules
services/one-stream/node_modules
services/ui/node_modules
services/ui-auth/node_modules
services/ui-src/node_modules
node_modules
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }}
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: Set dev login flag for all but production branch
if: ${{ env.branch_name != 'production' }}
run: echo "ALLOW_DEV_LOGIN=true" >> $GITHUB_ENV
- name: Set testing email address unless in prod
if: ${{ env.branch_name != 'production' }}
run: echo "TESTING_TEAM_EMAIL=macproemailnotification@gmail.com" >> $GITHUB_ENV
- name: Output Endpoint
run: |
pushd services
echo "::notice::Endpoint URL - `./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`"
popd
- name: Consolidate Seed Data
if: ${{ env.branch_name != 'production'}}
run: cd services/app-api/seed-data && ./buildSeedData.py .
- name: Seed Data
if: ${{ env.branch_name != 'production' }}
env:
SLS_DEBUG: 'true'
BRANCH: ${{ env.STAGE_PREFIX }}${{ env.branch_name }}
run: |
set +e
cd services/app-api
serverless dynamodb seed --stage=$BRANCH --region=$AWS_DEFAULT_REGION --online
if [ $? -ne 0 ]; then
echo "Seed data step failed but continuing with the pipeline."
fi
set -e
- name: Load Test Users
if: ${{ env.branch_name != 'production'}}
run: ./loadTestUsers.py $STAGE_PREFIX$branch_name
- name: Migrate Data
if: ${{ env.branch_name != 'production'}}
run: cd ./services/app-api && sls invoke -s $STAGE_PREFIX$branch_name -f migrate
- name: Reset Test Data
if: ${{ env.branch_name != 'production'}}
run: cd ./services/admin && sls invoke -s $STAGE_PREFIX$branch_name -f resetData
cypress-test:
name: Cypress Tests
needs: configure
if: ${{ github.ref != 'refs/heads/production'}}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
containers:
[
Package_Details_Appendix_K_CMS_User.spec.feature,
Package_Details_Appendix_K_State_User.spec.feature,
Package_Details_CHIP_SPA_CMS_User.spec.feature,
Package_Details_CHIP_SPA_State_User.spec.feature,
Package_Details_Initial_Waiver_CMS_User.spec.feature,
Package_Details_Initial_Waiver_State_User.spec.feature,
Package_Details_Medicaid_SPA_CMS_User.spec.feature,
Package_Details_Medicaid_SPA_State_User.spec.feature,
Package_Details_Renewal_Waiver_CMS_User.spec.feature,
Package_Details_Renewal_Waiver_State_User.spec.feature,
Package_Details_Temporary_Extension_CMS_User.spec.feature,
Package_Details_Temporary_Extension_State_User.spec.feature,
Package_Details_Waiver_Amendment_CMS_User.spec.feature,
Package_Details_Waiver_Amendment_State_User.spec.feature,
Dashboard_Initial_Waiver_RAI_Response.spec.feature,
Dashboard_Column_Picker_SPA_CMS.spec.feature,
Dashboard_Column_Picker_SPA_State.spec.feature,
Dashboard_Column_Picker_Waiver_CMS.spec.feature,
Dashboard_Column_Picker_Waiver_State.spec.feature,
Dashboard_Filter_By_State.spec.feature,
Dashboard_Filter_options_that_include_Dates.spec.feature,
Dashboard_Filter_options_that_include_Dates_CMS.spec.feature,
Dashboard_Filter.spec.feature,
Dashboard_Search_Bar.spec.feature,
Dashboard_Medicaid_SPA_RAI_Response.spec.feature,
Dashboard_Waiver_Renewal_RAI_Response.spec.feature,
SPA_Form_Logic.spec.feature,
Dashboard_Tabs.spec.feature,
Dashboard_Waiver_Amendment_RAI_Response.spec.feature,
Comprehensive_Capitated_1915b_Waiver_Form_Logic.spec.feature,
FFS_Selective_Waiver_Form_Logic.spec.feature,
Profile_View_CMS_Approver.spec.feature,
Profile_View_CMS_System_Admin.spec.feature,
Profile_View_CMS_User_Denied.spec.feature,
Profile_View_CMS_User_Revoked.spec.feature,
Profile_View_Helpdesk_User.spec.feature,
Profile_View_Mixed_Case_Emails.spec.feature,
Profile_View_State_Submitter.spec.feature,
Profile_View_State_System_Admin.spec.feature,
Request_A_Role_Change_As_CMS_Read_Only.spec.feature,
Request_A_Role_Change.spec.feature,
Home_Page.spec.feature,
FAQ_Page.spec.feature,
Chip_SPA_Form.spec.feature,
Medicaid_SPA_Form.spec.feature,
CMS_Read_Only_View.spec.feature,
Appendix_K_Form.spec.feature,
FFS_Selective_Waiver_Amendment_Form.spec.feature,
FFS_Selective_Waiver_Renewal_Form.spec.feature,
FFS_Selective_Initial_Waiver_Form.spec.feature,
Comprehensive_Capitated_1915b_Initial_Waiver_Form.spec.feature,
Comprehensive_Capitated_1915b_Waiver_Amendment_Form.spec.feature,
Comprehensive_Capitated_1915b_Waiver_Renewal_Form.spec.feature,
Dashboard_CHIP_SPA_RAI_Response.spec.feature,
Dashboard_AppK_RAI_Response.spec.feature,
Temporary_Extension_1915b_Form.spec.feature,
Temporary_Extension_1915c_Form.spec.feature,
Dashboard_No_Action_Packages.spec.feature,
Dashboard_RAI_Issued_Actions.spec.feature,
Dashboard_Under_Review_Actions.spec.feature,
Dashboard_Approved_Actions.spec.feature,
Dashboard_Filter_CMS.spec.feature,
Withdraw_Package_Form_App_K_Amendment.spec.feature,
Withdraw_Package_Form_CHIP_SPA.spec.feature,
Withdraw_Package_Form_Initial_Waiver.spec.feature,
Withdraw_Package_Form_Medicaid_SPA.spec.feature,
Withdraw_Package_Form_Waiver_Amendment.spec.feature,
Withdraw_Package_Form_Waiver_Renewal.spec.feature,
Subsequent_Submission_1915b_Amendment_Waiver.spec.feature,
Subsequent_Submission_1915c_Appendix_K.spec.feature,
Subsequent_Submission_CHIP_Spa.spec.feature,
Subsequent_Submission_Initial_Waiver.spec.feature,
Subsequent_Submission_Medicaid_Spa.spec.feature,
Subsequent_Submission_Renewal_Waiver.spec.feature,
]
steps:
- name: set branch_name
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
- uses: actions/checkout@v3
- name: set branch specific variable names
run: ./.github/build_vars.sh set_names
- name: set variable values
run: ./.github/build_vars.sh set_values
env:
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- uses: actions/setup-node@v3
with:
node-version: 18
- name: Combine package-lock.json files to single file
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
- name: cache service dependencies
uses: actions/cache@v3
with:
path: |
services/uploads/node_modules
services/app-api/node_modules
services/ui/node_modules
services/ui-auth/node_modules
services/ui-src/node_modules
node_modules
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }}
- name: Install dependencies
run: |
npm ci --legacy-peer-deps
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: Endpoint
run: |
pushd services
export APPLICATION_ENDPOINT=`./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`
echo "APPLICATION_ENDPOINT=$APPLICATION_ENDPOINT" >> $GITHUB_ENV
echo "Application endpoint: $APPLICATION_ENDPOINT"
popd
- name: Run Cypress Tests
uses: cypress-io/github-action@v5
with:
working-directory: tests/cypress
spec: cypress/e2e/${{ matrix.containers }}
browser: chromium
config: baseUrl=${{ env.APPLICATION_ENDPOINT }}
- name: Upload screenshots
uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-screenshots
path: tests/cypress/screenshots/
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
if: env.SLACK_WEBHOOK_URL != '' && contains(fromJson('["develop", "master", "production"]'), env.branch_name) && failure ()
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: ${{env.branch_name}} Deploy Failure
SLACK_ICON_EMOJI: ":bell:"
SLACK_COLOR: ${{job.status}}
SLACK_FOOTER: ""
MSG_MINIMAL: actions url,commit,ref
a11y-tests:
name: A11y Tests
needs: configure
if: ${{ github.ref != 'refs/heads/production' }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
containers:
[
homePage,
faqPage,
manageProfilePage,
dashboardPage,
packagePageSpas,
packagePageWaivers,
RequestRoleChangePage,
spaTypePage,
submissionType,
PackageWaiverActionTypePage,
PackageRequestTempExtentionPage,
PackageMedicaidSpaPage,
PackageCHIPSPAPage,
PackageAppendixKPage,
PackageWaiverAmendmentPage,
PackageInitialWaiverPage,
PackageWaiverRenewalPage,
]
steps:
- name: set branch_name
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
- uses: actions/checkout@v3
- name: set branch specific variable names
run: ./.github/build_vars.sh set_names
- name: set variable values
run: ./.github/build_vars.sh set_values
env:
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- uses: actions/setup-node@v3
with:
node-version: 18
- name: Combine package-lock.json files to single file
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
- name: cache service dependencies
uses: actions/cache@v3
with:
path: |
services/app-api/node_modules
services/uploads/node_modules
services/ui/node_modules
services/ui-auth/node_modules
services/ui-src/node_modules
node_modules
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }}
- name: Install dependencies
run: |
npm install --frozen-lockfile --legacy-peer-deps
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: Endpoint
run: |
pushd services
export APPLICATION_ENDPOINT=`./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`
echo "APPLICATION_ENDPOINT=$APPLICATION_ENDPOINT" >> $GITHUB_ENV
echo "Application endpoint: $APPLICATION_ENDPOINT"
popd
- name: Check Project A11y
uses: cypress-io/github-action@v5
with:
working-directory: tests/cypress
spec: cypress/e2e/a11y/${{ matrix.containers }}.spec.js
browser: chromium
config: baseUrl=${{ env.APPLICATION_ENDPOINT }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}