Skip to content

fix: security advisory #1040

fix: security advisory

fix: security advisory #1040

Workflow file for this run

name: Continuous Integration
on:
workflow_dispatch:
pull_request:
branches:
- "main"
- "release/*"
paths-ignore:
- "**/*.md"
- ".github/workflows/release.yaml"
- "docs"
push:
branches:
- "main"
- "release/*"
paths-ignore:
- "**/*.md"
- ".github/workflows/release.yaml"
- "docs"
env:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
NX_BRANCH: ${{ github.head_ref || github.ref_name }}
BASE: ${{ github.base_ref || github.event.repository.default_branch }}
jobs:
ci:
name: Continuous Integration
runs-on: ubuntu-22.04
permissions:
packages: write
steps:
- name: Set variables
id: variables
run: echo "::set-output name=short_sha::$(echo ${{ github.sha }} | cut -c1-7)"
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache node modules
id: cache
uses: actions/cache@v3
with:
path: |
node_modules
key: cache-node-modules-${{ hashFiles('**/package-lock.json') }}
- uses: actions/setup-node@v3
if: steps.cache.outputs.cache-hit != 'true'
with:
node-version: 18.x
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: npm ci
- name: Check Formatting
run: npx nx format:check --all --verbose
- name: Lint
run: npx nx run-many --target=lint --all --parallel --maxParallel=3
- name: Test
run: npx nx run-many --target=test --all --parallel --maxParallel=3
- name: Build
run: |
npx nx graphql:generate --skip-nx-cache
npx nx run-many --target=build --all --parallel --maxParallel=3
- name: Upload dist artifact
uses: actions/upload-artifact@v2
with:
name: dist-artifact
path: ./dist
dockerize:
name: Dockerize
needs: ci
runs-on: ubuntu-20.04
strategy:
matrix:
project: ["server", "console", "proxy"]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download 'dist' folder
uses: actions/download-artifact@v2
with:
name: dist-artifact
path: ./dist
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: |
ghcr.io/pezzolabs/pezzo/${{ matrix.project }}
tags: |
type=raw,value=${{ github.run_id }},prefix=gh-
type=ref,event=branch,prefix=branch-
type=ref,event=pr,prefix=pr-
type=ref,event=tag
type=sha,format=short
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
file: ./apps/${{ matrix.project }}/Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
# only push if the branch is main or a release branch
push: true
# push: ${{ startsWith(github.ref, 'refs/heads/main') || startsWith(github.ref, 'refs/heads/release/') }}
provenance: false