🚨 [security] Update express 4.21.1 → 4.21.2 (patch) #679
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test & Release | |
on: | |
push: | |
branches-ignore: | |
- 'gh-pages' | |
- 'depfu/**' | |
- 'dependabot/**' | |
- 'template-updater/**' | |
pull_request: null | |
jobs: | |
tests: | |
name: Unit Tests | |
runs-on: ubuntu-latest | |
if: github.repository != 'sebbo2002/js-template' && (contains(toJson(github.event.commits.*.message), '[skip ci]') == false || github.ref == 'refs/heads/main') | |
strategy: | |
matrix: | |
node: [18.x, 20.x, 22.x, current] | |
steps: | |
- name: ☁️ Checkout Project | |
uses: actions/checkout@v4 | |
- name: 🔧 Setup node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: 'npm' | |
- name: 📦 Install dependencies | |
run: npm ci | |
- name: ⏳ Run tests | |
run: npm run test | |
coverage: | |
name: Code Coverage / Lint | |
runs-on: ubuntu-latest | |
if: github.repository != 'sebbo2002/js-template' && (contains(toJson(github.event.commits.*.message), '[skip ci]') == false || github.ref == 'refs/heads/main') | |
steps: | |
- name: ☁️ Checkout Project | |
uses: actions/checkout@v4 | |
- name: 🔧 Setup node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 22.x | |
cache: 'npm' | |
- name: 📦 Install dependencies | |
run: npm ci | |
- name: 🔍 Run linter | |
run: npm run lint | |
- name: ⚙️ Build project | |
run: npm run build-all | |
license-checker: | |
name: License Checker | |
runs-on: ubuntu-latest | |
if: contains(toJson(github.event.commits.*.message), '[skip ci]') == false || github.ref == 'refs/heads/main' | |
steps: | |
- name: ☁️ Checkout Project | |
uses: actions/checkout@v4 | |
- name: 🔧 Setup node.js | |
uses: actions/setup-node@v4 | |
with: | |
cache: 'npm' | |
- name: 📦 Install dependencies | |
run: npm ci | |
- name: 🕵️♀️ Run license checker | |
run: npm run license-check | |
docker-image: | |
name: Build Docker Image | |
runs-on: ubuntu-latest | |
env: | |
PUSH_TO_DOCKERHUB: ${{ (github.repository != 'sebbo2002/js-template') && (secrets.DOCKERHUB_TOKEN != null) }} | |
steps: | |
- name: ☁️ Checkout | |
uses: actions/checkout@v4 | |
- name: 🔧 Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: 🔧 Set up Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@master | |
- name: 🔐 Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: 🔐 Login to DockerHub | |
uses: docker/login-action@v3 | |
if: ${{ env.PUSH_TO_DOCKERHUB == 'true' }} | |
with: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: ℹ️ Set Build Variables | |
id: buildVars | |
run: echo "date=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_OUTPUT | |
- name: 🔧 Setup node.js | |
uses: actions/setup-node@v4 | |
with: | |
cache: 'npm' | |
- name: 📦 Install dependencies | |
run: npm ci | |
- name: ⚙️ Build project | |
run: npm run build | |
- name: 🪄 Build and push | |
uses: docker/build-push-action@v6 | |
continue-on-error: true | |
id: docker-build-1 | |
with: | |
context: . | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
builder: ${{ steps.buildx.outputs.name }} | |
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 | |
pull: true | |
push: true | |
tags: | | |
ghcr.io/${{ github.repository }}:${{ github.sha }} | |
ghcr.io/${{ github.repository }}:cache-${{ hashFiles('package*.json') }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.repository_owner }} | |
org.opencontainers.image.created=${{ steps.buildVars.outputs.date }} | |
org.opencontainers.image.ref.name=${{ github.ref }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
cache-from: | | |
ghcr.io/${{ github.repository }}:cache-${{ hashFiles('package*.json') }} | |
ghcr.io/${{ github.repository }}:next | |
- name: 🪄 Build and push (second try) | |
uses: docker/build-push-action@v6 | |
continue-on-error: true | |
if: steps.docker-build-1.outcome=='failure' | |
id: docker-build-2 | |
with: | |
context: . | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
builder: ${{ steps.buildx.outputs.name }} | |
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 | |
pull: true | |
push: true | |
tags: | | |
ghcr.io/${{ github.repository }}:${{ github.sha }} | |
ghcr.io/${{ github.repository }}:cache-${{ hashFiles('package*.json') }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.repository_owner }} | |
org.opencontainers.image.created=${{ steps.buildVars.outputs.date }} | |
org.opencontainers.image.ref.name=${{ github.ref }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
cache-from: | | |
ghcr.io/${{ github.repository }}:cache-${{ hashFiles('package*.json') }} | |
ghcr.io/${{ github.repository }}:next | |
- name: 🪄 Build and push (third try) | |
uses: docker/build-push-action@v6 | |
if: steps.docker-build-2.outcome=='failure' | |
continue-on-error: true | |
id: docker-build-3 | |
with: | |
context: . | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
builder: ${{ steps.buildx.outputs.name }} | |
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 | |
pull: true | |
push: true | |
tags: | | |
ghcr.io/${{ github.repository }}:${{ github.sha }} | |
ghcr.io/${{ github.repository }}:cache-${{ hashFiles('package*.json') }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.repository_owner }} | |
org.opencontainers.image.created=${{ steps.buildVars.outputs.date }} | |
org.opencontainers.image.ref.name=${{ github.ref }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
cache-from: | | |
ghcr.io/${{ github.repository }}:cache-${{ hashFiles('package*.json') }} | |
ghcr.io/${{ github.repository }}:next | |
cache-to: type=inline | |
- name: 🪄 Build and push (Summary) | |
if: always() | |
id: docker-build | |
run: | | |
if ${{ steps.docker-build-1.outcome=='success' }}; then | |
echo "🎉 Whoop whoop, that worked (first try)" | |
echo "digest=${{ steps.docker-build-1.outputs.digest }}" >> $GITHUB_OUTPUT | |
elif ${{ steps.docker-build-2.outcome=='success' }}; then | |
echo "🎉 Whoop whoop, that worked (second try)" | |
echo "digest=${{ steps.docker-build-2.outputs.digest }}" >> $GITHUB_OUTPUT | |
elif ${{ steps.docker-build-3.outcome=='success' }}; then | |
echo "🎉 Whoop whoop, that worked (third try)" | |
echo "digest=${{ steps.docker-build-3.outputs.digest }}" >> $GITHUB_OUTPUT | |
else | |
exit 1 | |
fi | |
- name: 🔄 Push container to DockerHub | |
id: docker-build-dh | |
if: ${{ env.PUSH_TO_DOCKERHUB == 'true' }} | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
builder: ${{ steps.buildx.outputs.name }} | |
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 | |
push: true | |
tags: | | |
${{ github.repository }}:${{ github.sha }} | |
labels: | | |
org.opencontainers.image.authors=${{ github.repository_owner }} | |
org.opencontainers.image.created=${{ steps.buildVars.outputs.date }} | |
org.opencontainers.image.ref.name=${{ github.ref }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
cache-from: | | |
ghcr.io/${{ github.repository }}:${{ github.sha }} | |
ghcr.io/${{ github.repository }}:cache-${{ hashFiles('package*.json') }} | |
cache-to: type=inline | |
- name: 🏁 Boot-up Check | |
if: github.repository != 'sebbo2002/js-template' | |
run: | | |
docker run --name "app" -d $IMAGE | |
sleep 5 | |
docker logs app | |
docker exec app echo "Ok." | |
docker stop app | |
docker rm app | |
env: | |
IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }} | |
outputs: | |
digest-gh: ${{ steps.docker-build.outputs.digest }} | |
digest-dh: ${{ steps.docker-build-dh.outputs.digest }} | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
concurrency: release | |
env: | |
PUSH_TO_DOCKERHUB: ${{ (github.repository != 'sebbo2002/js-template') && (secrets.DOCKERHUB_TOKEN != null) }} | |
permissions: | |
contents: write | |
issues: write | |
packages: write | |
pull-requests: write | |
id-token: write | |
needs: | |
- coverage | |
- tests | |
- license-checker | |
- docker-image | |
if: ${{ github.repository != 'sebbo2002/js-template' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') }} | |
steps: | |
- name: ☁️ Checkout Project | |
uses: actions/checkout@v4 | |
- name: 🔧 Setup node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 22.x | |
cache: 'npm' | |
- name: 🔧 Setup regclient | |
run: | | |
mkdir -p "$HOME/.local/bin" | |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 > "$HOME/.local/bin/regctl" | |
chmod +x "$HOME/.local/bin/regctl" | |
echo "$HOME/.local/bin" >> $GITHUB_PATH | |
- name: 📦 Install dependencies | |
run: npm ci | |
- name: 📂 Create docs folder | |
run: mkdir ./docs | |
- name: 🔐 Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: 🔐 Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: 🪄 Run semantic-release | |
run: BRANCH=${GITHUB_REF#refs/heads/} npx semantic-release | |
env: | |
GH_REPO: ${{ github.repository }} | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
GH_OWNER: ${{ github.repository_owner }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_CONFIG_PROVENANCE: true | |
DOCKER_LOCAL_IMAGE_GH: ghcr.io/${{ github.repository }}:${{ github.sha }} | |
DOCKER_LOCAL_IMAGE_DH: ${{ github.repository }}:${{ github.sha }} | |
- name: 🔃 Merge main back into develop | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: everlytic/[email protected] | |
with: | |
github_token: ${{ secrets.GH_TOKEN }} | |
source_ref: 'main' | |
target_branch: 'develop' | |
commit_message_template: 'Merge branch {source_ref} into {target_branch} [skip ci]' |