[Snyk] Upgrade glob from 10.3.12 to 10.3.14 #6871
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
pull_request: | |
types: [opened, reopened] | |
env: | |
PRODUCTION_BRANCH: refs/heads/master | |
STAGING_BRANCH: refs/heads/staging | |
EB_APP: isomer-cms | |
EB_ENV_PRODUCTION: cms-backend-prod-node18 | |
EB_ENV_STAGING: cms-backend-staging-node18 | |
COMMIT_MESSAGE: ${{ github.event.head_commit.message }} | |
jobs: | |
install: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18.x" | |
- name: Cache Node.js modules | |
uses: actions/cache@v2 | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.OS }}-node- | |
${{ runner.OS }}- | |
- run: npm ci | |
lint: | |
needs: install | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18.x" | |
- name: Load Node.js modules | |
uses: actions/cache@v2 | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
- run: npm ci | |
- run: npm run lint-fix | |
- run: npm run format-fix | |
build: | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18.x" | |
- name: Load Node.js modules | |
uses: actions/cache@v2 | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
- run: npm ci | |
- run: npm run build | |
test: | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18.x" | |
- name: Load Node.js modules | |
uses: actions/cache@v2 | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
- run: npm ci | |
- run: npm run test:docker | |
- run: . .env.test && npx jest --runInBand | |
gatekeep: | |
name: Determine if Build & Deploy is needed | |
outputs: | |
proceed: ${{ steps.determine_proceed.outputs.proceed }} | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' | |
steps: | |
- shell: python | |
id: determine_proceed | |
run: | | |
import os | |
ref = os.environ['GITHUB_REF'] | |
prod = os.environ['PRODUCTION_BRANCH'] | |
if ref == prod: | |
print('::set-output name=proceed::true') | |
else: | |
print('::set-output name=proceed::false') | |
deploy_eb: | |
name: Build and deploy to EB | |
runs-on: ubuntu-latest | |
needs: [gatekeep] | |
if: needs.gatekeep.outputs.proceed == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '18.x' | |
- name: Cache Node.js modules | |
uses: actions/cache@v2 | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.OS }}-node- | |
${{ runner.OS }}- | |
- name: Inject DataDog API key | |
env: | |
DD_API_KEY: ${{ secrets.DD_API_KEY }} | |
run: sed -i -e "s#@DD_API_KEY#$DD_API_KEY#g" .ebextensions/99datadog.config | |
- name: Install NPM | |
run: npm ci | |
- name: Build application | |
run: npm run build | |
- name: Zip application | |
run: zip -r "deploy.zip" * .platform .ebextensions -x .env-example .gitignore package-lock.json | |
- name: Get timestamp | |
shell: bash | |
run: echo "##[set-output name=timestamp;]$(env TZ=Asia/Singapore date '+%Y%m%d%H%M%S')" | |
id: get_timestamp | |
- name: Get Elastic Beanstalk label | |
shell: bash | |
run: echo "##[set-output name=label;]$(echo github-${GITHUB_SHA}-${TIMESTAMP})" | |
id: get_label | |
env: | |
TIMESTAMP: ${{ steps.get_timestamp.outputs.timestamp }} | |
- name: Get truncated version_description | |
id: get_desc | |
shell: python | |
run: | | |
import os | |
commit_message = os.environ['COMMIT_MESSAGE'] | |
description = commit_message[0:100].replace('(', '').replace(')', '').replace('\'', '') | |
print('::set-output name=desc::' + description) | |
- name: Select Elastic Beanstalk variables | |
shell: python | |
run: | | |
import os | |
branch = os.environ['GITHUB_REF'] | |
production = os.environ['PRODUCTION_BRANCH'] | |
eb_app = os.environ['EB_APP'] | |
eb_env_production = os.environ['EB_ENV_PRODUCTION'] | |
if branch == production: | |
print('::set-output name=eb_app::' + eb_app) | |
print('::set-output name=eb_env::' + eb_env_production) | |
id: select_eb_vars | |
- name: Deploy to EB | |
uses: opengovsg/beanstalk-deploy@v11 | |
with: | |
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID_FOR_CICD }} | |
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_FOR_CICD }} | |
application_name: ${{ steps.select_eb_vars.outputs.eb_app }} | |
environment_name: ${{ steps.select_eb_vars.outputs.eb_env }} | |
version_description: ${{ steps.get_desc.output.desc }} | |
version_label: ${{ steps.get_label.outputs.label }} | |
region: ap-southeast-1 | |
deployment_package: deploy.zip | |
wait_for_deployment: true | |
wait_for_environment_recovery: true | |
# NOTE: Not combining with above workflow to allow parallel execution | |
deploy_ecs: | |
name: Build and deploy to ECS | |
needs: [gatekeep] | |
if: needs.gatekeep.outputs.proceed == 'true' | |
uses: ./.github/workflows/deploy_prod.yml | |
secrets: inherit | |