Skip to content

[Snyk] Security upgrade electron from 12.2.3 to 32.2.3 #14337

[Snyk] Security upgrade electron from 12.2.3 to 32.2.3

[Snyk] Security upgrade electron from 12.2.3 to 32.2.3 #14337

on:
pull_request:
types: [opened, synchronize]
name: Generate Pull Request Stats
env:
NAPI_CLI_VERSION: 2.14.7
TURBO_VERSION: 1.9.6
RUST_TOOLCHAIN: nightly-2023-03-09
PNPM_VERSION: 7.24.3
jobs:
build-native-dev:
name: Build dev binary for tests
runs-on: ubuntu-latest
steps:
# https://github.com/actions/virtual-environments/issues/1187
- name: tune linux network
run: sudo ethtool -K eth0 tx off rx off
- uses: actions/checkout@v3
with:
fetch-depth: 25
- name: Check non-docs only change
run: echo "DOCS_CHANGE<<EOF" >> $GITHUB_OUTPUT; echo "$(node scripts/run-for-change.js --not --type docs --exec echo 'nope')" >> $GITHUB_OUTPUT; echo 'EOF' >> $GITHUB_OUTPUT
id: docs-change
- name: Cache cargo registry
uses: actions/cache@v3
timeout-minutes: 5
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}
with:
path: ~/.cargo/registry
key: stable-ubuntu-latest-node@14-cargo-registry-trimmed-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v3
timeout-minutes: 5
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}
with:
path: ~/.cargo/git
key: stable-ubuntu-latest-node@14-cargo-index-trimmed-${{ hashFiles('**/Cargo.lock') }}
# We use week in the turbo cache key to keep the cache from infinitely growing
- id: get-week
run: echo "WEEK=$(date +%U)" >> $GITHUB_OUTPUT
- name: Turbo Cache
id: turbo-cache
uses: actions/cache@v3
timeout-minutes: 5
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}
with:
path: .turbo
key: turbo-${{ github.job }}-${{ github.ref_name }}-${{ steps.get-week.outputs.WEEK }}-${{ github.sha }}
restore-keys: |
turbo-${{ github.job }}-${{ github.ref_name }}-${{ steps.get-week.outputs.WEEK }}-
turbo-${{ github.job }}-canary-${{ steps.get-week.outputs.WEEK }}-
- name: Make more disk space
continue-on-error: true
run: sudo rm -rf /usr/local/lib/android
- name: Build in docker
uses: addnab/docker-run-action@v3
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}
with:
image: ghcr.io/napi-rs/napi-rs/nodejs-rust:stable-2022-10-24-x64
options: -e RUST_TOOLCHAIN=${{ env.RUST_TOOLCHAIN }} -e NAPI_CLI_VERSION=${{ env.NAPI_CLI_VERSION }} -e TURBO_VERSION=${{ env.TURBO_VERSION }} -v ${{ env.HOME }}/.cargo/git:/root/.cargo/git -v ${{ env.HOME }}/.cargo/registry:/root/.cargo/registry -v ${{ github.workspace }}:/build -w /build
run: |
set -e &&
rustup toolchain install "${RUST_TOOLCHAIN}" &&
rustup default "${RUST_TOOLCHAIN}" &&
rustup target add x86_64-unknown-linux-gnu &&
npm i -g "@napi-rs/cli@${NAPI_CLI_VERSION}" "turbo@${TURBO_VERSION}" && if [ ! -f $(dirname $(which yarn))/pnpm ]; then ln -s $(which yarn) $(dirname $(which yarn))/pnpm;fi &&
unset CC_x86_64_unknown_linux_gnu && unset CC &&
turbo run build-native --cache-dir=".turbo" -- --target x86_64-unknown-linux-gnu &&
strip packages/next-swc/native/next-swc.*.node
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: next-swc-dev-binary
path: packages/next-swc/native/next-swc.linux-x64-gnu.node
- name: Clear the cargo caches
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}
run: |
cargo install cargo-cache --no-default-features --features ci-autoclean
cargo-cache
stats:
name: PR Stats
needs: build-native-dev
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 25
- name: Check non-docs only change
run: echo "DOCS_CHANGE<<EOF" >> $GITHUB_OUTPUT; echo "$(node scripts/run-for-change.js --not --type docs --exec echo 'nope')" >> $GITHUB_OUTPUT; echo 'EOF' >> $GITHUB_OUTPUT
id: docs-change
- uses: actions/download-artifact@v3
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}
with:
name: next-swc-dev-binary
path: packages/next-swc/native
- run: cp -r packages/next-swc/native .github/actions/next-stats-action/native
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}
- uses: ./.github/actions/next-stats-action
if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }}