[Snyk] Fix for 1 vulnerabilities #168
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["**"] | |
| paths-ignore: | |
| - "**.md" | |
| - "renovate.json" | |
| - ".all-contributorsrc" | |
| pull_request_target: | |
| branches: ["master", "release/*"] | |
| types: [opened, reopened] | |
| paths-ignore: | |
| - "**.md" | |
| - ".all-contributorsrc" | |
| jobs: | |
| changes: | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| packages: ${{ steps.build_list.outputs.package_build_list }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: get changed files (not pr) | |
| if: github.event_name != 'pull_request' | |
| id: changed-files-not-pr | |
| run: | | |
| changed_files=$(git diff --name-only `git merge-base origin/master HEAD`) | |
| while IFS= read -r changed_file ; do | |
| echo "changed_file: $changed_file" | |
| if [[ "$changed_file" == *"packages/"* || "$changed_file" == *"ee/packages/"* ]]; then | |
| all_changed_files=$all_changed_files",$changed_file" | |
| fi | |
| done <<< "$changed_files" | |
| all_changed_files="${all_changed_files:1}" | |
| echo "all_changed_files: $all_changed_files" | |
| echo "::set-output name=all_changed_files::$all_changed_files" | |
| - name: get changed files (pr) | |
| id: changed-files-pr | |
| if: github.event_name == 'pull_request' | |
| uses: tj-actions/changed-files@v22.1 | |
| with: | |
| separator: "," | |
| files_ignore: | | |
| .github/** | |
| files: | | |
| packages/** | |
| ee/packages/** | |
| - name: setup python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: 3.8 #install the python needed | |
| - name: create package list | |
| id: build_list | |
| env: | |
| CHANGED_FILES_PR: ${{ steps.changed-files-pr.outputs.all_changed_files }} | |
| CHANGED_FILES_NOT_PR: ${{ steps.changed-files-not-pr.outputs.all_changed_files }} | |
| run: | | |
| echo "GITHUB_WORKSPACE: $GITHUB_WORKSPACE" | |
| pip install checksumdir | |
| python .github/workflows/scripts/get-service-build-list.py | |
| package_build_list=$(cat $GITHUB_WORKSPACE/package_build_list.json | jq -r .) | |
| echo "package_build_list: $package_build_list" | |
| echo "::set-output name=package_build_list::$package_build_list" | |
| hashes: | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| hashes: ${{ steps.service-hashes.outputs.service_hashes }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: get services hash | |
| id: service-hashes | |
| uses: ./.github/actions/get-services-hash | |
| - name: Get the output time | |
| run: echo "The step output ${{ steps.service-hashes.outputs.service_hashes }}" | |
| docker-build: | |
| runs-on: ubuntu-20.04 | |
| needs: [hashes] | |
| if: ${{ needs.hashes.outputs.hashes != '[]' && needs.hashes.outputs.hashes != '' }} | |
| timeout-minutes: 45 | |
| strategy: | |
| matrix: | |
| service-hash-data: ${{ fromJson(needs.hashes.outputs.hashes) }} | |
| env: | |
| REPOSITORY_NAME: ${{ matrix.service-hash-data.folder }} | |
| IMAGE_HASH: ${{ matrix.service-hash-data.hash }} | |
| PACKAGE_NAME: ${{ matrix.service-hash-data.pkg }} | |
| SERVICE_FOLDER: ${{ matrix.service-hash-data.name }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Get the output time | |
| run: echo "The step output ${{ toJson(matrix.service-hash-data) }}" | |
| - name: Get the output time | |
| run: echo "The step output ${{ matrix.service-hash-data.folder }}" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Check if repo exist | |
| run: aws ecr describe-repositories --repository-names $REPOSITORY_NAME || aws ecr create-repository --repository-name $REPOSITORY_NAME | |
| - name: set branch-name | |
| run: echo "BRANCH_NAME=$(echo $GITHUB_REF_NAME | sed "s/[^a-zA-Z0-9]/-/g")" >> $GITHUB_ENV | |
| - name: Check if image hash tag is already exist in ECR image repository | |
| id: hash-tag-exist | |
| run: | | |
| set +e | |
| cmd="$(aws ecr describe-images --repository-name=$REPOSITORY_NAME --image-ids=imageTag=$IMAGE_HASH)" | |
| if [[ ! -z "$cmd" ]] | |
| then | |
| echo "tag already exist" | |
| echo "::set-output name=tag_exist::true" | |
| else | |
| echo "tag doesn't exist" | |
| echo "::set-output name=tag_exist::false" | |
| fi | |
| - name: Build, tag, and push image to Amazon ECR | |
| if: ${{ steps.hash-tag-exist.outputs.tag_exist == 'false' }} | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| TAG_LIST: "${{ github.run_id }},${{ github.sha }},${{ env.BRANCH_NAME }}" | |
| run: | | |
| echo "Will work from: $SERVICE_FOLDER" | |
| Docker_image=$ECR_REGISTRY/$REPOSITORY_NAME:$IMAGE_HASH | |
| echo "Docker_image: $Docker_image" | |
| command="docker build -f $SERVICE_FOLDER/Dockerfile . -t $Docker_image" | |
| echo "$command" | |
| $command | |
| docker push $Docker_image | |
| - name: Retag | |
| env: | |
| HASH_TAG_EXIST: ${{ steps.hash-tag-exist.outputs.tag_exist }} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| TAG_LIST_SHORT: "${{ env.BRANCH_NAME }}" | |
| TAG_LIST_FULL: "${{ env.BRANCH_NAME }},${{ github.run_id }}" | |
| ECR_REPOSITORY: "${{ env.REPOSITORY_NAME }}" | |
| run: | | |
| if [[ "$HASH_TAG_EXIST" == 'true' ]] | |
| then | |
| echo "tag already exist" | |
| export TAG_LIST=$TAG_LIST_SHORT | |
| else | |
| echo "tag doesn't exist" | |
| export TAG_LIST=$TAG_LIST_FULL | |
| fi | |
| echo $TAG_LIST | |
| export MANIFEST=$(aws ecr batch-get-image --repository-name $REPOSITORY_NAME --image-ids imageTag=$IMAGE_HASH --output json | jq --raw-output --join-output '.images[0].imageManifest') | |
| echo "MANIFEST: $MANIFEST" | |
| sh .github/workflows/scripts/ecr_retag.sh | |
| tests: | |
| runs-on: ubuntu-20.04 | |
| needs: [changes] | |
| if: ${{ needs.changes.outputs.packages != '[]' && needs.changes.outputs.packages != '' }} | |
| timeout-minutes: 45 | |
| strategy: | |
| matrix: | |
| package: ${{ fromJson(needs.changes.outputs.packages) }} | |
| node-version: [16.x] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Cache node modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| ~/.npm | |
| node_modules | |
| */*/node_modules | |
| key: PUSH-${{ runner.os }}-${{matrix.node-version}}-${{matrix.package}}-${{ hashFiles(format('{0}/package-lock.json',matrix.package.path)) }} | |
| restore-keys: | | |
| PUSH-${{ runner.os }}-${{matrix.node-version}}-${{matrix.package}}- | |
| PUSH-${{ runner.os }}-${{matrix.node-version}}- | |
| PUSH-${{ runner.os }}- | |
| - name: Install Node.js dependencies | |
| run: npm ci --cache ~/.npm --prefer-offline --only=production | |
| - name: Install package dependencies | |
| id: install | |
| run: lerna bootstrap --scope=${{matrix.package}} --include-dependencies | |
| - name: Build Prisma client | |
| id: prisma | |
| run: lerna run --scope=${{matrix.package}} prisma:generate | |
| - name: Build code | |
| id: build | |
| run: lerna run --scope=${{matrix.package}} build --include-dependencies | |
| - name: Format code | |
| id: format | |
| run: lerna run --scope=${{matrix.package}} check-format | |
| - name: Lint code | |
| id: lint | |
| run: lerna run --scope=${{matrix.package}} lint | |
| - name: Run tests | |
| id: test | |
| run: lerna run --scope=${{matrix.package}} test |