[Snyk] Security upgrade @netlify/build from 28.4.5 to 29.41.3 #262
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
jobs: | |
integration: | |
name: Legacy Integration | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macOS-latest, windows-latest] | |
node-version: [14.x, '*'] | |
machine: ['0', '1', '2', '3', '4', '5', '6'] | |
exclude: | |
- os: macOS-latest | |
node-version: '14.x' | |
- os: windows-latest | |
node-version: '14.x' | |
fail-fast: false | |
steps: | |
# Sets an output parameter if this is a release PR | |
- name: Check for release | |
id: release-check | |
# For windows we have to use $env: | |
run: |- | |
echo "IS_RELEASE=true" >> $GITHUB_OUTPUT | |
echo "IS_RELEASE=true" >> $env:GITHUB_OUTPUT | |
if: "${{ startsWith(github.head_ref, 'release-') }}" | |
# This improves Windows network performance, we need this since we open many ports in our tests | |
- name: Increase Windows port limit and reduce time wait delay | |
run: | | |
netsh int ipv4 set dynamicport tcp start=1025 num=64511 | |
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters /v TcpTimedWaitDelay /t REG_DWORD /d 30 /f | |
if: "${{ matrix.os == 'windows-latest' && !steps.release-check.outputs.IS_RELEASE }}" | |
- name: Git checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
if: '${{!steps.release-check.outputs.IS_RELEASE}}' | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
cache-dependency-path: 'npm-shrinkwrap.json' | |
check-latest: true | |
if: '${{!steps.release-check.outputs.IS_RELEASE}}' | |
- name: Setup Deno | |
uses: denoland/setup-deno@v1 | |
if: '${{!steps.release-check.outputs.IS_RELEASE}}' | |
with: | |
deno-version: v1.x | |
- name: Install core dependencies | |
run: npm ci --no-audit | |
if: '${{!steps.release-check.outputs.IS_RELEASE}}' | |
- name: Determine Test Command | |
uses: haya14busa/action-cond@v1 | |
id: testCommand | |
with: | |
cond: ${{ github.event_name == 'pull_request' }} | |
if_true: 'npm run test:affected ${{ github.event.pull_request.base.sha }}' # on pull requests test with the project graph only the affected tests | |
if_false: 'npm run test:ci:ava:integration' # on the base branch run all the tests as security measure | |
if: '${{ !steps.release-check.outputs.IS_RELEASE }}' | |
- name: Generate self-signed certificates | |
run: npm run certs | |
if: '${{!steps.release-check.outputs.IS_RELEASE}}' | |
shell: bash | |
- name: Prepare tests | |
run: npm run test:init | |
if: '${{ !steps.release-check.outputs.IS_RELEASE }}' | |
- name: Tests | |
run: ${{ steps.testCommand.outputs.value }} | |
env: | |
# GitHub secrets are not available when running on PR from forks | |
# We set a flag so we can skip tests that access Netlify API | |
NETLIFY_TEST_DISABLE_LIVE: | |
${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }} | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
# NETLIFY_TEST_GITHUB_TOKEN is used to avoid reaching GitHub API limits in exec-fetcher.js | |
NETLIFY_TEST_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Changes the polling interval used by the file watcher | |
CHOKIDAR_INTERVAL: 20 | |
CHOKIDAR_USEPOLLING: 1 | |
# split tests across multiple machines | |
CI_NODE_INDEX: ${{ matrix.machine }} | |
CI_NODE_TOTAL: 7 | |
if: '${{ !steps.release-check.outputs.IS_RELEASE }}' | |
- name: Get test coverage flags | |
id: test-coverage-flags | |
# For windows we have to use $env: | |
run: |- | |
os=${{ matrix.os }} | |
node=$(node --version) | |
echo "os=${os/-latest/}" >> $GITHUB_OUTPUT | |
echo "os=${os/-latest/}" >> $env:GITHUB_OUTPUT | |
echo "node=node_${node/.*.*/}" >> $GITHUB_OUTPUT | |
echo "node=node_${node/.*.*/}" >> $env:GITHUB_OUTPUT | |
shell: bash | |
if: '${{ !steps.release-check.outputs.IS_RELEASE }}' | |
- uses: codecov/codecov-action@v3 | |
continue-on-error: true | |
with: | |
file: coverage/coverage-final.json | |
flags: ${{ steps.test-coverage-flags.outputs.os }},${{ steps.test-coverage-flags.outputs.node }} | |
if: '${{ !steps.release-check.outputs.IS_RELEASE }}' |