Skip to content

[Snyk] Security upgrade next-auth from 4.24.7 to 4.24.9 #25

[Snyk] Security upgrade next-auth from 4.24.7 to 4.24.9

[Snyk] Security upgrade next-auth from 4.24.7 to 4.24.9 #25

name: Deployment Pipeline
on:
# Runs on pushes targeting the default branch
push:
branches: ["main"]
pull_request:
branches: ["main"]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Detect package manager
id: detect-package-manager
run: |
if [ -f "${{ github.workspace }}/yarn.lock" ]; then
echo "manager=yarn" >> $GITHUB_OUTPUT
echo "command=install" >> $GITHUB_OUTPUT
echo "runner=yarn" >> $GITHUB_OUTPUT
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "manager=npm" >> $GITHUB_OUTPUT
echo "command=ci" >> $GITHUB_OUTPUT
echo "runner=npx --no-install" >> $GITHUB_OUTPUT
exit 0
else
echo "Unable to determine package manager"
exit 1
fi
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: "20"
cache: ${{ steps.detect-package-manager.outputs.manager }}
- name: Restore cache
uses: actions/cache@v4
with:
path: |
.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-
- name: Install dependencies
run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
- name: Build with Next.js
run: ${{ steps.detect-package-manager.outputs.runner }} next build
push-image:
name: Push to ACR
runs-on: ubuntu-latest
needs: [build]
env:
NEXT_PUBLIC_MUSIC_API_URL: ${{ secrets.AKS_HOST_NAME }}
NEXT_PUBLIC_SESSION_API_URL: ${{ secrets.AKS_HOST_NAME }}
steps:
- uses: actions/checkout@v4
- name: Create .env.docker file
run: |
echo "NEXT_PUBLIC_MUSIC_API_URL=${{ env.NEXT_PUBLIC_MUSIC_API_URL }}" >> .env.docker
echo "NEXT_PUBLIC_MUSIC_API_URL=${{ env.NEXT_PUBLIC_MUSIC_API_URL }}" >> .env.docker
cat .env.docker
- uses: azure/docker-login@v2
with:
login-server: ${{ secrets.ACR_LOGIN_SERVER }}
username: ${{ secrets.ACR_USERNAME }}
password: ${{ secrets.ACR_PASSWORD }}
- name: build image
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ secrets.ACR_LOGIN_SERVER }}/frontend/spoticloud
deploy-image:
name: Deploy update
needs: [push-image]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Login via Azure CLI
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Get AKS credentials
run: az aks get-credentials -g ${{ secrets.AZURE_RESOURCE_GROUP }} -n ${{ secrets.AZURE_CLUSTER_NAME }}
- name: Restart deployment
run: kubectl rollout restart deployment/frontend -n ${{ secrets.AKS_NAMESPACE }}
continue-on-error: true # If AKS cluster is not available, pipeline should not fail