[Snyk] Fix for 6 vulnerabilities #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
paths-ignore: | |
- 'microsite/**' | |
jobs: | |
verify: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [12.x, 14.x] | |
services: | |
postgres13: | |
image: postgres:13 | |
env: | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432/tcp | |
postgres9: | |
image: postgres:9 | |
env: | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432/tcp | |
mysql8: | |
image: mysql:8 | |
env: | |
MYSQL_ROOT_PASSWORD: root | |
options: >- | |
--health-cmd "mysqladmin ping -h localhost" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 3306/tcp | |
env: | |
CI: true | |
NODE_OPTIONS: --max-old-space-size=4096 | |
INTEGRATION_TEST_GITHUB_TOKEN: ${{ secrets.INTEGRATION_TEST_GITHUB_TOKEN }} | |
INTEGRATION_TEST_GITLAB_TOKEN: ${{ secrets.INTEGRATION_TEST_GITLAB_TOKEN }} | |
INTEGRATION_TEST_BITBUCKET_TOKEN: ${{ secrets.INTEGRATION_TEST_BITBUCKET_TOKEN }} | |
INTEGRATION_TEST_AZURE_TOKEN: ${{ secrets.INTEGRATION_TEST_AZURE_TOKEN }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: fetch branch master | |
run: git fetch origin master | |
# Beginning of yarn setup, keep in sync between all workflows. | |
# TODO(Rugvip): move this to composite action once all features we use are supported | |
- name: use node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ matrix.node-version }} | |
registry-url: https://registry.npmjs.org/ # Needed for auth | |
# Cache every node_modules folder inside the monorepo | |
- name: cache all node_modules | |
id: cache-modules | |
uses: actions/cache@v2 | |
with: | |
path: '**/node_modules' | |
# We use both yarn.lock and package.json as cache keys to ensure that | |
# changes to local monorepo packages bust the cache. | |
key: ${{ runner.os }}-v${{ matrix.node-version }}-node_modules-${{ hashFiles('yarn.lock', '**/package.json') }} | |
# If we get a cache hit for node_modules, there's no need to bring in the global | |
# yarn cache or run yarn install, as all dependencies will be installed already. | |
- name: find location of global yarn cache | |
id: yarn-cache | |
if: steps.cache-modules.outputs.cache-hit != 'true' | |
run: echo "::set-output name=dir::$(yarn cache dir)" | |
- name: cache global yarn cache | |
uses: actions/cache@v2 | |
if: steps.cache-modules.outputs.cache-hit != 'true' | |
with: | |
path: ${{ steps.yarn-cache.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn- | |
- name: yarn install | |
if: steps.cache-modules.outputs.cache-hit != 'true' | |
run: yarn install --frozen-lockfile | |
# End of yarn setup | |
- name: check for yarn.lock changes | |
id: yarn-lock | |
run: git diff --quiet origin/master HEAD -- yarn.lock | |
continue-on-error: true | |
- name: verify doc links | |
run: node scripts/verify-links.js | |
- name: prettier | |
run: yarn prettier:check '!ADOPTERS.md' | |
- name: lock | |
run: yarn lock:check | |
- name: validate config | |
run: yarn backstage-cli config:check --lax | |
- name: lint | |
run: yarn lerna -- run lint --since origin/master | |
- name: type checking and declarations | |
run: yarn tsc:full | |
- name: check api reports | |
run: yarn build:api-reports:only --ci | |
- name: build changed packages | |
if: ${{ steps.yarn-lock.outcome == 'success' }} | |
run: yarn lerna -- run build --since origin/master --include-dependencies | |
- name: build all packages | |
if: ${{ steps.yarn-lock.outcome == 'failure' }} | |
run: yarn lerna -- run build | |
- name: verify type dependencies | |
run: yarn lint:type-deps | |
- name: test changed packages | |
if: ${{ steps.yarn-lock.outcome == 'success' }} | |
run: yarn lerna -- run test --since origin/master -- --coverage | |
env: | |
BACKSTAGE_TEST_DATABASE_POSTGRES13_CONNECTION_STRING: postgresql://postgres:postgres@localhost:${{ job.services.postgres13.ports[5432] }} | |
BACKSTAGE_TEST_DATABASE_POSTGRES9_CONNECTION_STRING: postgresql://postgres:postgres@localhost:${{ job.services.postgres9.ports[5432] }} | |
BACKSTAGE_TEST_DATABASE_MYSQL8_CONNECTION_STRING: mysql://root:root@localhost:${{ job.services.mysql8.ports[3306] }}/ignored | |
- name: test all packages (and upload coverage) | |
if: ${{ steps.yarn-lock.outcome == 'failure' }} | |
run: | | |
yarn lerna -- run test -- --coverage | |
bash <(curl -s https://codecov.io/bash) -N $(git rev-parse FETCH_HEAD) | |
env: | |
BACKSTAGE_TEST_DATABASE_POSTGRES13_CONNECTION_STRING: postgresql://postgres:postgres@localhost:${{ job.services.postgres13.ports[5432] }} | |
BACKSTAGE_TEST_DATABASE_POSTGRES9_CONNECTION_STRING: postgresql://postgres:postgres@localhost:${{ job.services.postgres9.ports[5432] }} | |
BACKSTAGE_TEST_DATABASE_MYSQL8_CONNECTION_STRING: mysql://root:root@localhost:${{ job.services.mysql8.ports[3306] }}/ignored | |
- name: verify plugin template | |
run: yarn lerna -- run diff -- --check | |
- name: ensure clean working directory | |
run: | | |
if files=$(git ls-files --exclude-standard --others --modified) && [[ -z "$files" ]]; then | |
exit 0 | |
else | |
echo "" | |
echo "Working directory has been modified:" | |
echo "" | |
git status --short | |
echo "" | |
exit 1 | |
fi |