Skip to content

chore(deps): update dependency jose to v2.0.7 [security] (#4193) #2307

chore(deps): update dependency jose to v2.0.7 [security] (#4193)

chore(deps): update dependency jose to v2.0.7 [security] (#4193) #2307

name: Pipeline development and production
on:
push:
branches:
- master
workflow_dispatch:
jobs:
test:
uses: ./.github/workflows/reusable-test.yml
with:
environment-name: Development
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_INTEGRATION_TESTS_ACCESS_TOKEN }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_INTEGRATION_TESTS_PREVIEW_ACCESS_TOKEN }}
build-images:
uses: ./.github/workflows/reusable-build-images.yml
build-development:
uses: ./.github/workflows/reusable-build.yml
with:
environment-name: Development
crn-contentful-env: Development
gp2-contentful-env: Development
secrets:
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
SLACK_WEBHOOK: 'n-a'
build-analysis-development:
needs: [build-development]
uses: ./.github/workflows/reusable-build-analysis.yml
with:
environment-name: Development
secrets:
BUNDLEWATCH_GITHUB_TOKEN: ${{ secrets.BUNDLEWATCH_GITHUB_TOKEN }}
build-production:
uses: ./.github/workflows/reusable-build.yml
with:
environment-name: Production
crn-contentful-env: Production
gp2-contentful-env: Production
secrets:
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN}}
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
build-analysis-production:
needs: [build-production]
uses: ./.github/workflows/reusable-build-analysis.yml
with:
environment-name: Production
secrets:
BUNDLEWATCH_GITHUB_TOKEN: ${{ secrets.BUNDLEWATCH_GITHUB_TOKEN }}
deployment-development:
needs: [test, build-analysis-development]
uses: ./.github/workflows/reusable-deployment.yml
with:
environment-name: Development
crn-contentful-env: Development
gp2-contentful-env: Development
secrets:
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }}
CRN_CI_AUTH0_CLIENT_SECRET: ${{ secrets.CRN_CI_AUTH0_CLIENT_SECRET }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }}
GP2_CI_AUTH0_CLIENT_SECRET: ${{ secrets.GP2_CI_AUTH0_CLIENT_SECRET }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
SLACK_WEBHOOK: 'n-a'
crn-contentful-migrate-empty:
needs: [deployment-development]
runs-on: ubuntu-latest
container:
image: ghcr.io/yldio/asap-hub/node-python-sq:7b77d99657ab3718ed548ba366ffbcbb15315fd8
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup
id: setup
uses: ./.github/actions/setup-environment
with:
environment-name: Development
- name: Run Contentful migrations
run: |
yarn contentful:migration:run:crn
env:
CONTENTFUL_ENV_ID: Empty
CONTENTFUL_MANAGEMENT_ACCESS_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CONTENTFUL_SPACE_ID: ${{ steps.setup.outputs.crn-contentful-space-id }}
algolia-sync-development-crn:
needs: [deployment-development]
uses: ./.github/workflows/reusable-crn-algolia-sync.yml
with:
environment-name: Development
contentful-environment-id: Development
entity: all
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
algolia-sync-development-gp2:
needs: [deployment-development]
uses: ./.github/workflows/reusable-gp2-algolia-sync.yml
with:
environment-name: Development
contentful-environment-id: Development
entity: all
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
verify-development:
needs:
[
deployment-development,
algolia-sync-development-crn,
algolia-sync-development-gp2,
]
uses: ./.github/workflows/reusable-verify.yml
with:
environment-name: Development
secrets:
FRONTEND_SENTRY_RELEASE_AUTH_TOKEN: ${{ secrets.FRONTEND_SENTRY_RELEASE_AUTH_TOKEN }}
deployment-production:
needs: [build-analysis-production, verify-development]
uses: ./.github/workflows/reusable-deployment.yml
with:
environment-name: Production
crn-contentful-env: Production
gp2-contentful-env: Production
secrets:
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }}
CRN_CI_AUTH0_CLIENT_SECRET: ${{ secrets.CRN_CI_AUTH0_CLIENT_SECRET }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }}
GP2_CI_AUTH0_CLIENT_SECRET: ${{ secrets.GP2_CI_AUTH0_CLIENT_SECRET }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
algolia-sync-production-crn:
needs: [deployment-production]
uses: ./.github/workflows/reusable-crn-algolia-sync.yml
with:
environment-name: Production
entity: all
contentful-environment-id: Production
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
algolia-sync-production-gp2:
needs: [deployment-production]
uses: ./.github/workflows/reusable-gp2-algolia-sync.yml
with:
environment-name: Production
entity: all
contentful-environment-id: Production
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
verify-production:
needs:
[
deployment-production,
algolia-sync-production-crn,
algolia-sync-production-gp2,
]
uses: ./.github/workflows/reusable-verify.yml
with:
environment-name: Production
secrets:
FRONTEND_SENTRY_RELEASE_AUTH_TOKEN: ${{ secrets.FRONTEND_SENTRY_RELEASE_AUTH_TOKEN }}
notify_failure:
runs-on: ubuntu-latest
needs:
[
test,
build-images,
build-development,
build-analysis-development,
build-production,
build-analysis-production,
deployment-development,
verify-development,
deployment-production,
verify-production,
]
if: failure()
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ./.github/actions/slack/
with:
message: 'Build failed on master branch!'
webhook: ${{ secrets.SLACK_WEBHOOK }}
status: failure
master-pipeline-success:
runs-on: ubuntu-latest
needs: [verify-production, build-images]
if: success()
environment:
name: Development
url: ${{ steps.setup.outputs.crn-app-url }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup
id: setup
uses: ./.github/actions/setup-environment
with:
environment-name: Production
- name: Print success
run: |
echo "Pipeline development and production successful."