fix vulnerabilities in ui deps #233
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: rekisterointi | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [master] | |
| pull_request: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "18.x" | |
| cache: "npm" | |
| cache-dependency-path: rekisterointi-ui/package-lock.json | |
| - name: Install app dependencies | |
| run: npm ci | |
| working-directory: rekisterointi-ui | |
| - name: Build react app | |
| run: npm run build | |
| working-directory: rekisterointi-ui | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "corretto" | |
| cache: "maven" | |
| - name: Build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: mvn clean package -B -Dbranch=$GITHUB_REF_NAME -Drevision=$GITHUB_SHA -DbuildNumber=$GITHUB_RUN_NUMBER/$GITHUB_RUN_ATTEMPT | |
| - name: Upload rekisterointi-jar | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: rekisterointi-jar | |
| path: target/rekisterointi.jar | |
| sonarcloud: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "corretto" | |
| cache: "maven" | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Build and analyze | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=Opetushallitus_rekisterointi | |
| test: | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download rekisterointi-jar | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: rekisterointi-jar | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "18.x" | |
| cache: "npm" | |
| cache-dependency-path: rekisterointi-ui/package-lock.json | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "corretto" | |
| cache: "maven" | |
| - name: Install app dependencies | |
| run: npm ci | |
| working-directory: rekisterointi-ui | |
| - name: Install Playwright dependencies | |
| run: npx playwright install-deps chromium | |
| working-directory: rekisterointi-ui | |
| - name: Run playwright tests | |
| run: | | |
| docker compose up & | |
| java -jar -Dspring.profiles.active=dev rekisterointi.jar & | |
| cd mock-api | |
| npm install | |
| npm start & | |
| cd ../rekisterointi-ui | |
| ./scripts/ci-wait-for-frontend.sh | |
| HEADLESS=true npm run playwright:test | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: playwright-results | |
| path: rekisterointi-ui/playwright-results | |
| retention-days: 10 | |
| deploy-container: | |
| needs: [build, test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Download rekisterointi-jar | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: rekisterointi-jar | |
| - name: Build Docker Conainer | |
| shell: bash | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| run: | | |
| git clone https://github.com/Opetushallitus/ci-tools.git | |
| source ci-tools/common/setup-tools.sh | |
| export BASE_IMAGE="baseimage-fatjar-openjdk21:master" | |
| export ARTIFACT_NAME="rekisterointi" | |
| cp rekisterointi.jar $DOCKER_BUILD_DIR/artifact/$ARTIFACT_NAME.jar | |
| cp -vr oph-configuration $DOCKER_BUILD_DIR/config/ | |
| ./ci-tools/common/pull-image.sh | |
| ./ci-tools/github-build/build-fatjar.sh $ARTIFACT_NAME | |
| ./ci-tools/github-build/upload-image.sh $ARTIFACT_NAME |