ts: bump cu for now #2154

Workflow file for this run

.github/workflows/ci-code-review-ts.yml at 7a8602b

	name: Code Review - TypeScript

	on:
	pull_request:
	branches: ['main', 'dev']
	paths: ['ts/**', 'yarn.lock']
	push:
	paths: ['ts/**', 'yarn.lock']

	jobs:
	format:
	name: Format
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	node-version: '16'
	cache: 'yarn'

	- name: Install dependencies
	run: yarn install --frozen-lockfile

	- name: Format
	run: yarn format

	lint:
	name: Lint
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	node-version: '16'
	cache: 'yarn'

	- name: Install dependencies
	run: yarn install --frozen-lockfile

	- name: Lint
	run: yarn lint

	test:
	name: Test
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	node-version: '16'
	cache: 'yarn'

	- name: Install dependencies
	run: yarn install --frozen-lockfile

	- name: Run Test
	run: yarn test

	sast:
	name: Security Scan
	runs-on: ubuntu-latest
	container:
	image: returntocorp/semgrep

	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Run semgrep
	run: semgrep ci --sarif --output=semgrep-results.sarif
	env:
	SEMGREP_RULES: p/typescript

	- name: Upload output
	uses: github/codeql-action/upload-sarif@v2
	if: always()
	with:
	sarif_file: semgrep-results.sarif

	sca:
	name: Dependency Scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	# Report all vulnerabilities in security tab
	- name: Report on all vulnerabilities
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	scan-ref: 'yarn.lock'
	ignore-unfixed: true
	hide-progress: true
	format: 'sarif'
	output: 'trivy-results.sarif'

	# Fail the job on critical vulnerabiliies with fix available
	- name: Fail on critical vulnerabilities
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	scan-ref: 'yarn.lock'
	ignore-unfixed: true
	hide-progress: true
	format: 'table'
	severity: 'CRITICAL'
	exit-code: '1'

	- name: Upload output
	uses: github/codeql-action/upload-sarif@v2
	if: always()
	with:
	sarif_file: 'trivy-results.sarif'

	yarn-pass:
	name: Yarn tests pass
	needs: ['format', 'lint', 'test']
	runs-on: ubuntu-latest
	steps:
	- run: echo ok

	security-pass:
	name: Security tests pass
	needs: ['sca', 'sast']
	runs-on: ubuntu-latest
	steps:
	- run: echo ok

	all-pass:
	name: All tests pass 🚀
	needs: ['yarn-pass', 'security-pass']
	runs-on: ubuntu-latest
	steps:
	- run: echo ok

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ts: bump cu for now #2154

Workflow file

ts: bump cu for now #2154

Jobs

Run details

Workflow file for this run