[Snyk] Security upgrade express from 4.19.2 to 4.20.0 #163
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node.js CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
# Lint Job | |
lint: | |
name: Lint Backend | |
runs-on: ubuntu-latest | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Full-depth clone for SonarQube analysis | |
# Step 2: Run Snyk Security Scan | |
- name: Snyk Security Scan | |
uses: snyk/actions/node@master | |
with: | |
command: test --all-projects | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
# Step 3: SonarQube Scan | |
- name: SonarQube Scan | |
uses: sonarsource/sonarqube-scan-action@master | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
# Test Job | |
test: | |
name: Test Backend | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Full-depth clone for SonarQube analysis | |
# Step 2: Set up Node.js environment (latest version) | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "22.x" | |
cache: npm | |
# Step 3: Install dependencies | |
- name: Install Dependencies | |
run: npm ci | |
# Step 4: Run tests | |
- name: Run Tests | |
env: | |
DB_HOST: ${{ secrets.DB_HOST }} | |
DB_DIALECT: ${{ secrets.DB_DIALECT }} | |
DB_USER: ${{ secrets.DB_USER }} | |
DB_PW: ${{ secrets.DB_PW }} | |
DB_NAME: ${{ secrets.DB_NAME }} | |
run: npm test --if-present | |
# Build Job | |
build: | |
name: Build Backend | |
needs: test | |
runs-on: ubuntu-latest | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
# Step 2: Set up Node.js environment (latest version) | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "22.x" | |
cache: npm | |
# Step 3: Install dependencies | |
- name: Install Dependencies | |
run: npm ci | |
# Step 4: Build the source code | |
- name: Build Source Code | |
run: npm run build --if-present | |
# Deliver Job | |
deliver: | |
name: Deliver Backend | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
# Step 2: Log in to Docker Hub | |
- name: Log in to Docker Hub | |
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin | |
# Step 3: Build Docker image | |
- name: Build Docker Image | |
run: docker build -t gregory789/contint-backend-repository:contint-backend-image . | |
# Step 4: Push Docker image to Docker Hub | |
- name: Push Docker Image | |
run: docker push gregory789/contint-backend-repository:contint-backend-image | |
# Deploy Job | |
deploy: | |
name: Deploy Backend | |
needs: deliver | |
runs-on: ubuntu-22.04 | |
steps: | |
# Step 1: Checkout the code | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
# Step 2: Execute remote SSH commands using SSH key | |
- name: Executing remote SSH commands using SSH key | |
uses: appleboy/ssh-action@v1.0.3 | |
with: | |
host: 34.193.142.100 | |
username: ubuntu | |
key: ${{ secrets.SSH_KEY }} | |
port: 22 | |
script: sudo /home/ubuntu/deploy.sh |