Skip to content

chore: resolve cypres/request package vulnerability issue #400

chore: resolve cypres/request package vulnerability issue

chore: resolve cypres/request package vulnerability issue #400

Workflow file for this run

name: CI
on:
push:
branches: [develop, master]
pull_request:
branches: [develop, master]
env:
PGUSER: postgres
PROGRAM_DIRECTOR_NAME: director name
PROGRAM_DIRECTOR_EMAIL: director@email.com
jobs:
install-dev-tools:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make stop_pg
- run: make install_asdf_tools
- run: cat .tool-versions | xargs -n2 asdf global
- run: make install_perl_tools
- run: make install_pgtap
- run: make stop_pg # cleanly stop the database, otherwise it will complain in the subsequent jobs
- run: yarn install --frozen-lockfile
working-directory: ./app
yarn-test:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout @v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn test
working-directory: ./app
yarn-audit:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout @v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn audit
working-directory: ./app
db-schema-is-up-to-date:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout @v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: pg_ctl start
- run: createdb `whoami`
- run: createdb ciip_portal_dev
- run: pushd schema && ./data/deploy-data.sh -prod && popd
- run: cd ../app && yarn build:schema
working-directory: ./schema
- run: git diff --exit-code || (echo 'The contents of the `schema` folder are out of sync with `app/server/schema.graphql`. Did you forget to \"yarn build:schema\"?' && false)
test-database:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout @v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: pg_ctl start
- run: make test
working-directory: ./schema
pre-commit:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout @v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: set pre-commit cache directory
run: |
echo "PRE_COMMIT_HOME=$GITHUB_WORKSPACE/.pre-commit-cache" >> $GITHUB_ENV
- name: set PY
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- name: create commitlint COMMIT_EDITMSG if not exists
run: |
if test -f ".git/COMMIT_EDITMSG"; then
echo "COMMIT_EDITMSG EXISTS, skipping"
else
touch .git/COMMIT_EDITMSG
fi
- uses: actions/cache@v2
with:
path: |
./.pre-commit-cache
key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v3
- run: pre-commit run --all-files
docker-build:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- image: ghcr.io/bcgov/cas-ciip-portal-app
context: .
dockerfile: app/Dockerfile
name: app
- image: ghcr.io/bcgov/cas-ciip-portal-schema
context: .
dockerfile: schema/Dockerfile
name: schema
- image: ghcr.io/bcgov/cas-ciip-portal-k6
context: .
dockerfile: app/tests/perf/Dockerfile
name: k6
name: Build ${{ matrix.name }} docker image
steps:
- uses: actions/checkout @v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
install: true
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: ${{ matrix.image }}
tags: |
type=sha,format=long,prefix=
latest
type=ref,event=pr
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ matrix.name }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-${{ matrix.name }}
- name: Build image
uses: docker/build-push-action@v3
with:
context: ${{ matrix.context }}
builder: ${{ steps.buildx.outputs.name }}
push: true
file: ${{ matrix.dockerfile }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
e2e:
needs: ["docker-build", "install-dev-tools"]
runs-on: ubuntu-latest
env:
CYPRESS_TEST_INTERNAL_USERNAME: ${{ secrets.TEST_INTERNAL_USERNAME }}
CYPRESS_TEST_INTERNAL_PASSWORD: ${{ secrets.TEST_INTERNAL_PASSWORD }}
CYPRESS_TEST_ADMIN_USERNAME: ${{ secrets.TEST_ADMIN_USERNAME }}
CYPRESS_TEST_ADMIN_PASSWORD: ${{ secrets.TEST_ADMIN_PASSWORD }}
CYPRESS_TEST_UNAUTHORIZED_USERNAME: ${{ secrets.TEST_UNAUTHORIZED_USERNAME }}
CYPRESS_TEST_UNAUTHORIZED_PASSWORD: ${{ secrets.TEST_UNAUTHORIZED_PASSWORD }}
HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }}
HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }}
SMTP_CONNECTION_STRING: smtp://@localhost:1025
SENDER_EMAIL: example@cas.com
ADMIN_EMAIL: GHGRegulator@gov.bc.ca
SUPPORT_EMAIL: ggircs@gov.bc.ca
ENABLE_DB_MOCKS_COOKIES_ONLY: "true" # Allow cookies to be set by cypress
steps:
- uses: actions/checkout @v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: pg_ctl start
- run: createdb `whoami`
- run: createdb ciip_portal_dev
- run: pushd schema && ./data/deploy-data.sh -prod && popd
- run: cd ./app && yarn build:schema
- run: cd ./test_helper_schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy
- run: cd ./schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy
- run: docker run -d -p 1025:1025 -p 8025:8025 mailhog/mailhog
- run: cd ./app && yarn build:relay && yarn build:next
- run: cd ./app && yarn start AS_CYPRESS & yarn wait-on http://localhost:3004 || true
- run: yarn test:e2e-snapshots
env:
SMTP_CONNECTION_STRING: smtp://@localhost:1025
ENABLE_DB_MOCKS: "true"
working-directory: ./app
smoke-test:
needs: ["docker-build", "install-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout @v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C5AD17C747E3415A3642D57D77C6C491D6AC1D69
- run: echo "deb https://dl.k6.io/deb stable main" | sudo tee /etc/apt/sources.list.d/k6.list
- run: sudo apt-get update && sudo apt-get install k6 libdbd-pg-perl
- run: source ~/.bashrc
- run: pg_ctl start
- run: createdb `whoami`
- run: createdb ciip_portal_dev
- run: make generate_perf_files
- run: pushd schema && ./data/deploy-data.sh -dev && popd
- run: cd ./app && yarn build:schema
- run: cd ./test_helper_schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy
- run: cd ./schema && SQITCH_TARGET="ciip_portal_dev" sqitch deploy
- run: cd ./app && yarn build:relay-persist && yarn build:next
- run: cd ./app && yarn start AS_CYPRESS & yarn wait-on http://localhost:3004 || true
- run: cd ./app/tests/perf && psql -d ciip_portal_dev -f mutations-setup.sql
- run: pushd app/tests/perf && ./run_test.sh smoke