Skip to content
Build React App (front end)

Update GCP_GKE.yml #48

Sign in to view logs

Update GCP_GKE.yml

Update GCP_GKE.yml #48

Workflow file for this run

.github/workflows/reactFrontEnd.yml at eacf642
name: Build React App (front end)
on:
push:
branches:
- featureReact
- main
workflow_dispatch: # Allow manual workflow dispatches
jobs:
build-and-upload:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Node.js and npm
uses: actions/setup-node@v2
with:
node-version: '14' # Use a valid Node.js version here
- name: Install dependencies
run: npm install
- name: Set CI to false
run: echo 'CI=false' >> $GITHUB_ENV #used this action since react script is considering warning as error
- name: Build
run: npm run build
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: demo_upload_artifact
path: ReactFrontEnd/public/
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ~/.npm # or wherever your dependencies are stored
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
static-code-analysis:
runs-on: ubuntu-latest
needs: build-and-upload
steps:
- name: Static Code Analysis
uses: sonarsource/sonarqube-scan-action@v2
with:
projectBaseDir: .
args: >
-Dsonar.organization=pocalmpracrice
-Dsonar.projectKey=pocalmpracrice_reactdocker
-Dsonar.sources=.
-Dsonar.host.url=https://sonarcloud.io
env:
SONAR_TOKEN: ${{ secrets.SONARCLOUDSECRET_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONARCLOUD_URL }}
notify-slack-success:
runs-on: ubuntu-latest
needs: [build-and-upload, static-code-analysis]
if: ${{ success() }}
steps:
- name: Send notification on Slack using Webhooks - Success
uses: slackapi/slack-github-action@v1.24.0
with:
payload: |
{
"text": "React JS FrontEnd(client) project built successfully."
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOKEN }}
notify-slack-failure:
runs-on: ubuntu-latest
needs: [build-and-upload, static-code-analysis]
if: ${{ failure() }}
steps:
- name: Send notification on Slack using Webhooks - Failure
uses: slackapi/slack-github-action@v1.24.0
with:
payload: |
{
"text": "React JS FrontEnd(client) build failed. Please check the build logs for details."
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOKEN }}
snyk:
name: Snyk Security Check
runs-on: ubuntu-latest
needs: build-and-upload
steps:
# - name: Checkout Repository
# uses: actions/checkout@v2
- name: Install Snyk
run: npm install -g snyk
- name: Authenticate Snyk
run: snyk auth ${{ secrets.SNYK_TOKEN }}
- name: Test and Monitor Dependencies
run: snyk test
continue-on-error: true
- name: Generate Snyk Report
run: snyk test --json > snyk-report.json || true
- name: Install snyk-to-html
run: npm install snyk-to-html
- name: Convert JSON report to HTML
run: ./node_modules/.bin/snyk-to-html -i snyk-report.json -o snyk-report.html
- name: Upload HTML report
uses: actions/upload-artifact@v3
with:
name: snyk-report
path: snyk-report.html
- name: Fix vulnerabilities
run: npx snyk wizard --fail-on patchable
trivy-scan:
name: Trivy Vulnerability Scan
runs-on: ubuntu-latest
needs: build-and-upload
steps:
# - name: Checkout Repository
# uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'
- name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'github'
output: 'dependency-results.sbom.json'
image-ref: '.'
github-pat: ${{ secrets.GH_TOKEN }}
- name: Upload Trivy SBOM
uses: actions/upload-artifact@v3
with:
name: trivy result
path: dependency-results.sbom.json