Skip to content

[Snyk] Security upgrade @netlify/build from 28.4.5 to 29.41.3 #262

[Snyk] Security upgrade @netlify/build from 28.4.5 to 29.41.3

[Snyk] Security upgrade @netlify/build from 28.4.5 to 29.41.3 #262

Workflow file for this run

name: Tests
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
integration:
name: Legacy Integration
runs-on: ${{ matrix.os }}
timeout-minutes: 30
strategy:
matrix:
os: [ubuntu-latest, macOS-latest, windows-latest]
node-version: [14.x, '*']
machine: ['0', '1', '2', '3', '4', '5', '6']
exclude:
- os: macOS-latest
node-version: '14.x'
- os: windows-latest
node-version: '14.x'
fail-fast: false
steps:
# Sets an output parameter if this is a release PR
- name: Check for release
id: release-check
# For windows we have to use $env:
run: |-
echo "IS_RELEASE=true" >> $GITHUB_OUTPUT
echo "IS_RELEASE=true" >> $env:GITHUB_OUTPUT
if: "${{ startsWith(github.head_ref, 'release-') }}"
# This improves Windows network performance, we need this since we open many ports in our tests
- name: Increase Windows port limit and reduce time wait delay
run: |
netsh int ipv4 set dynamicport tcp start=1025 num=64511
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters /v TcpTimedWaitDelay /t REG_DWORD /d 30 /f
if: "${{ matrix.os == 'windows-latest' && !steps.release-check.outputs.IS_RELEASE }}"
- name: Git checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache-dependency-path: 'npm-shrinkwrap.json'
check-latest: true
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
- name: Setup Deno
uses: denoland/setup-deno@v1
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
with:
deno-version: v1.x
- name: Install core dependencies
run: npm ci --no-audit
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
- name: Determine Test Command
uses: haya14busa/action-cond@v1
id: testCommand
with:
cond: ${{ github.event_name == 'pull_request' }}
if_true: 'npm run test:affected ${{ github.event.pull_request.base.sha }}' # on pull requests test with the project graph only the affected tests
if_false: 'npm run test:ci:ava:integration' # on the base branch run all the tests as security measure
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
- name: Generate self-signed certificates
run: npm run certs
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
shell: bash
- name: Prepare tests
run: npm run test:init
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
- name: Tests
run: ${{ steps.testCommand.outputs.value }}
env:
# GitHub secrets are not available when running on PR from forks
# We set a flag so we can skip tests that access Netlify API
NETLIFY_TEST_DISABLE_LIVE:
${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
# NETLIFY_TEST_GITHUB_TOKEN is used to avoid reaching GitHub API limits in exec-fetcher.js
NETLIFY_TEST_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Changes the polling interval used by the file watcher
CHOKIDAR_INTERVAL: 20
CHOKIDAR_USEPOLLING: 1
# split tests across multiple machines
CI_NODE_INDEX: ${{ matrix.machine }}
CI_NODE_TOTAL: 7
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
- name: Get test coverage flags
id: test-coverage-flags
# For windows we have to use $env:
run: |-
os=${{ matrix.os }}
node=$(node --version)
echo "os=${os/-latest/}" >> $GITHUB_OUTPUT
echo "os=${os/-latest/}" >> $env:GITHUB_OUTPUT
echo "node=node_${node/.*.*/}" >> $GITHUB_OUTPUT
echo "node=node_${node/.*.*/}" >> $env:GITHUB_OUTPUT
shell: bash
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
- uses: codecov/codecov-action@v3
continue-on-error: true
with:
file: coverage/coverage-final.json
flags: ${{ steps.test-coverage-flags.outputs.os }},${{ steps.test-coverage-flags.outputs.node }}
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'