[Snyk] Fix for 4 vulnerabilities #984
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | Test | Analyze | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - graphql | |
| pull_request: | |
| branches: | |
| - develop | |
| jobs: | |
| #----------------------------------------- | |
| # Build | |
| #----------------------------------------- | |
| build: | |
| runs-on: ubuntu-latest | |
| name: Build | |
| strategy: | |
| matrix: | |
| node-version: [ 10.x, 12.x, 14.x] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| # Set up Node | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v2.2.0 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| # Restore cache | |
| - name: Restore frontend cache Node.js modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: 'node_modules' | |
| key: ${{ runner.os }}-${{ matrix.node-version }}-fe-modules-${{ hashFiles('**/yarn.lock') }} | |
| - name: Restore backend cache Node.js modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: 'server/node_modules' | |
| key: ${{ runner.os }}-${{ matrix.node-version }}-be-modules-${{ hashFiles('**/yarn.lock') }} | |
| # Build client | |
| - name: Build client | |
| run: chmod +x cli/cli.sh && ./cli/cli.sh build --frontend --analyze | |
| # Build server | |
| - name: Build server | |
| run: ./cli/cli.sh build --backend | |
| # Save build for later | |
| - name: Upload build | |
| uses: actions/upload-artifact@v2.2.2 | |
| with: | |
| name: build-${{ matrix.node-version }}-frontend | |
| path: build | |
| - name: Upload build | |
| uses: actions/upload-artifact@v2.2.2 | |
| with: | |
| name: build-${{ matrix.node-version }}-backend | |
| path: server/build | |
| # Save Eslint Analysis fron Sonar | |
| - name: Upload analysis | |
| uses: actions/upload-artifact@v2.2.2 | |
| with: | |
| name: analysis-${{ matrix.node-version }} | |
| path: analysis | |
| #----------------------------------------- | |
| # Unit Test | |
| # Frontend | |
| unit-test-frontend: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| name: Unit tests frontend | |
| steps: | |
| - uses: actions/checkout@v2 | |
| # Set up Node | |
| - name: Use Node.js 14 | |
| uses: actions/setup-node@v2.2.0 | |
| with: | |
| node-version: 14 | |
| cache: 'yarn' | |
| # Restore cache | |
| - name: Restore frontend cache Node.js modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: 'node_modules' | |
| key: ${{ runner.os }}-12-fe-modules-${{ hashFiles('yarn.lock') }} | |
| # Install dependencies | |
| - name: Install dependencies | |
| if: steps.node-cache.outputs.cache-hit != 'true' | |
| run: yarn install --frozen-lockfile | |
| # unit test | |
| - name: Unit Tests Frontend | |
| run: yarn run CRA:test:coverage | |
| # Save coverage for sonar | |
| - name: Upload build | |
| uses: actions/upload-artifact@v2.2.2 | |
| with: | |
| name: coverage-frontend | |
| path: coverage | |
| # Backend | |
| unit-test-backend: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| name: Unit tests backend | |
| if: ${{ 1==2 }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| # Set up Node | |
| - name: Use Node.js 14 | |
| uses: actions/setup-node@v2.2.0 | |
| with: | |
| node-version: 14 | |
| cache: 'yarn' | |
| # Restore cache | |
| - name: Restore backend cache Node.js modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: 'server/node_modules' | |
| key: ${{ runner.os }}-12-be-modules-${{ hashFiles('server/yarn.lock') }} | |
| # Install dependencies | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile && cd server && yarn install | |
| # unit test | |
| - name: Unit Tests Backend | |
| run: cd server && yarn run test:unit:coverage | |
| env: | |
| SERVER_PORT: 5001 | |
| ORIGIN_WHITE_LIST: 'http://localhost:5000;http://localhost:5001' | |
| SERVER_FORCE: true | |
| SERVER_TOKEN_EXPIRES_IN: 2h | |
| SERVER_SECRET: 'This_Is_Not_The_Real_Secret' | |
| SERVER_HASH: 'This_Is_Not_The_Real_Hash' | |
| STATIC_CONTENTS_CACHE: 10000 | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| DATABASE_SCHEMA: test | |
| REDISCLOUD_URL: ${{ secrets.REDISCLOUD_URL }} | |
| REDISCLOUD_PASSWORD: ${{ secrets.REDISCLOUD_PASSWORD }} | |
| REDISCLOUD_DB: ${{ secrets.REDISCLOUD_DB }} | |
| MONGODB_URI: ${{ secrets.MONGODB_URI }} | |
| # Save coverage for sonar | |
| - name: Upload build | |
| uses: actions/upload-artifact@v2.2.2 | |
| with: | |
| name: coverage-backend | |
| path: server/coverage | |
| #----------------------------------------- | |
| # Code Quality ( Sonarcloud ) | |
| #----------------------------------------- | |
| analyze: | |
| runs-on: ubuntu-latest | |
| # needs: [build, unit-test-frontend, unit-test-backend] | |
| needs: [build, unit-test-frontend] | |
| name: Code Quality | |
| continue-on-error: true | |
| steps: | |
| # Download Analysis, Coverage Frontend and Backend | |
| - name: Download analysis | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: analysis-14.x | |
| path: analysis | |
| - name: Download coverage frontend | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: coverage-frontend | |
| path: coverage | |
| # - name: Download coverage backend | |
| # uses: actions/download-artifact@v2 | |
| # with: | |
| # name: coverage-backend | |
| # path: server/coverage | |
| # https://github.com/marketplace/actions/sonarcloud-scan | |
| - name: SonarCloud Scan | |
| uses: sonarsource/sonarcloud-github-action@master | |
| with: | |
| projectBaseDir: /home/runner/work/calcetto/calcetto | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |