chore: resolve cypres/request package vulnerability issue #400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [develop, master] | |
pull_request: | |
branches: [develop, master] | |
env: | |
PGUSER: postgres | |
PROGRAM_DIRECTOR_NAME: director name | |
PROGRAM_DIRECTOR_EMAIL: director@email.com | |
jobs: | |
install-dev-tools: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: make stop_pg | |
- run: make install_asdf_tools | |
- run: cat .tool-versions | xargs -n2 asdf global | |
- run: make install_perl_tools | |
- run: make install_pgtap | |
- run: make stop_pg # cleanly stop the database, otherwise it will complain in the subsequent jobs | |
- run: yarn install --frozen-lockfile | |
working-directory: ./app | |
yarn-test: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout @v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: yarn test | |
working-directory: ./app | |
yarn-audit: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout @v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: yarn audit | |
working-directory: ./app | |
db-schema-is-up-to-date: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout @v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: pg_ctl start | |
- run: createdb `whoami` | |
- run: createdb ciip_portal_dev | |
- run: pushd schema && ./data/deploy-data.sh -prod && popd | |
- run: cd ../app && yarn build:schema | |
working-directory: ./schema | |
- run: git diff --exit-code || (echo 'The contents of the `schema` folder are out of sync with `app/server/schema.graphql`. Did you forget to \"yarn build:schema\"?' && false) | |
test-database: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout @v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: pg_ctl start | |
- run: make test | |
working-directory: ./schema | |
pre-commit: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout @v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- name: set pre-commit cache directory | |
run: | | |
echo "PRE_COMMIT_HOME=$GITHUB_WORKSPACE/.pre-commit-cache" >> $GITHUB_ENV | |
- name: set PY | |
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV | |
- name: create commitlint COMMIT_EDITMSG if not exists | |
run: | | |
if test -f ".git/COMMIT_EDITMSG"; then | |
echo "COMMIT_EDITMSG EXISTS, skipping" | |
else | |
touch .git/COMMIT_EDITMSG | |
fi | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
./.pre-commit-cache | |
key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v3 | |
- run: pre-commit run --all-files | |
docker-build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- image: ghcr.io/bcgov/cas-ciip-portal-app | |
context: . | |
dockerfile: app/Dockerfile | |
name: app | |
- image: ghcr.io/bcgov/cas-ciip-portal-schema | |
context: . | |
dockerfile: schema/Dockerfile | |
name: schema | |
- image: ghcr.io/bcgov/cas-ciip-portal-k6 | |
context: . | |
dockerfile: app/tests/perf/Dockerfile | |
name: k6 | |
name: Build ${{ matrix.name }} docker image | |
steps: | |
- uses: actions/checkout @v3 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
install: true | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: ${{ matrix.image }} | |
tags: | | |
type=sha,format=long,prefix= | |
latest | |
type=ref,event=pr | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Cache Docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ matrix.name }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx-${{ matrix.name }} | |
- name: Build image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ${{ matrix.context }} | |
builder: ${{ steps.buildx.outputs.name }} | |
push: true | |
file: ${{ matrix.dockerfile }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
# Temp fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
- name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
e2e: | |
needs: ["docker-build", "install-dev-tools"] | |
runs-on: ubuntu-latest | |
env: | |
CYPRESS_TEST_INTERNAL_USERNAME: ${{ secrets.TEST_INTERNAL_USERNAME }} | |
CYPRESS_TEST_INTERNAL_PASSWORD: ${{ secrets.TEST_INTERNAL_PASSWORD }} | |
CYPRESS_TEST_ADMIN_USERNAME: ${{ secrets.TEST_ADMIN_USERNAME }} | |
CYPRESS_TEST_ADMIN_PASSWORD: ${{ secrets.TEST_ADMIN_PASSWORD }} | |
CYPRESS_TEST_UNAUTHORIZED_USERNAME: ${{ secrets.TEST_UNAUTHORIZED_USERNAME }} | |
CYPRESS_TEST_UNAUTHORIZED_PASSWORD: ${{ secrets.TEST_UNAUTHORIZED_PASSWORD }} | |
HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} | |
HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} | |
SMTP_CONNECTION_STRING: smtp://@localhost:1025 | |
SENDER_EMAIL: example@cas.com | |
ADMIN_EMAIL: GHGRegulator@gov.bc.ca | |
SUPPORT_EMAIL: ggircs@gov.bc.ca | |
ENABLE_DB_MOCKS_COOKIES_ONLY: "true" # Allow cookies to be set by cypress | |
steps: | |
- uses: actions/checkout @v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: pg_ctl start | |
- run: createdb `whoami` | |
- run: createdb ciip_portal_dev | |
- run: pushd schema && ./data/deploy-data.sh -prod && popd | |
- run: cd ./app && yarn build:schema | |
- run: cd ./test_helper_schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy | |
- run: cd ./schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy | |
- run: docker run -d -p 1025:1025 -p 8025:8025 mailhog/mailhog | |
- run: cd ./app && yarn build:relay && yarn build:next | |
- run: cd ./app && yarn start AS_CYPRESS & yarn wait-on http://localhost:3004 || true | |
- run: yarn test:e2e-snapshots | |
env: | |
SMTP_CONNECTION_STRING: smtp://@localhost:1025 | |
ENABLE_DB_MOCKS: "true" | |
working-directory: ./app | |
smoke-test: | |
needs: ["docker-build", "install-dev-tools"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout @v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C5AD17C747E3415A3642D57D77C6C491D6AC1D69 | |
- run: echo "deb https://dl.k6.io/deb stable main" | sudo tee /etc/apt/sources.list.d/k6.list | |
- run: sudo apt-get update && sudo apt-get install k6 libdbd-pg-perl | |
- run: source ~/.bashrc | |
- run: pg_ctl start | |
- run: createdb `whoami` | |
- run: createdb ciip_portal_dev | |
- run: make generate_perf_files | |
- run: pushd schema && ./data/deploy-data.sh -dev && popd | |
- run: cd ./app && yarn build:schema | |
- run: cd ./test_helper_schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy | |
- run: cd ./schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy | |
- run: cd ./app && yarn build:relay-persist && yarn build:next | |
- run: cd ./app && yarn start AS_CYPRESS & yarn wait-on http://localhost:3004 || true | |
- run: cd ./app/tests/perf && psql -d ciip_portal_dev -f mutations-setup.sql | |
- run: pushd app/tests/perf && ./run_test.sh smoke |