Skip to content

Merge pull request #3 from mtech-31-quemistry/snyk-upgrade-c9e0fec2d7… #46

Merge pull request #3 from mtech-31-quemistry/snyk-upgrade-c9e0fec2d7…

Merge pull request #3 from mtech-31-quemistry/snyk-upgrade-c9e0fec2d7… #46

Workflow file for this run

# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
name: Build and Deploy
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
#declare environment variables
env:
AWS_REGION: ap-southeast-1
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20.x]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Cache node modules
uses: actions/cache@v4
with:
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
path: |
~/.npm
${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
- name: Clean Install dependencies
run: npm ci
#Run sonar cloud scan
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Build
run: npm run build --if-present
env:
NEXT_PUBLIC_COGNITO_CLIENT_ID: ${{ secrets.COGNITO_CLIENT_ID }}
#Upload artifact
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: quemistry-web-client
path: dist/
overwrite: true
audit:
needs: build
name: Audit Packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Audit packages
run: npm audit --audit-level moderate
env:
CI: true
deploy_to_s3:
needs: [build, audit]
runs-on: ubuntu-latest
steps:
#Download artifact
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: quemistry-web-client
path: dist_s3/
- name: Deploy to S3
run: |
aws s3 sync dist_s3/ s3://quemisty-client-web --delete
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'ap-southeast-1'