Bump @types/node from 20.4.6 to 20.5.0 #977

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	- release
	tags:
	- "beta-v*"
	pull_request:
	branches:
	- main

	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:
	# Schedule
	schedule:
	- cron: "0 8 * * MON,THU" # Run every Monday and Thursday at 08:00 UTC

	jobs:
	ci:
	runs-on: ubuntu-latest
	outputs:
	NPM_VERSION: ${{ steps.version.outputs.NPM_VERSION }}
	PUBLISH_TAG: ${{ steps.version.outputs.PUBLISH_TAG }}
	IMAGE_SUFFIX: ${{ steps.version.outputs.IMAGE_SUFFIX }}
	strategy:
	matrix:
	node-version: [18]

	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	cache: "npm"
	check-latest: true
	- run: node -v
	- run: npm -v

	- name: Install Dependencies & check lint
	run: \|
	npm install
	npm run lint

	- id: version
	run: \|
	npm install -g json
	RETRACED_VERSION=$(echo $(cat ./package.json) \| json version)

	publishTag="latest"
	imageSuffix=""

	if [[ "$GITHUB_REF" == *\/release ]]
	then
	echo "Release branch"
	else
	echo "Dev branch"
	publishTag="beta"
	imageSuffix="-beta"
	RETRACED_VERSION="${RETRACED_VERSION}-beta.${GITHUB_RUN_NUMBER}"
	fi

	echo "NPM_VERSION=${RETRACED_VERSION}" >> $GITHUB_OUTPUT
	echo "PUBLISH_TAG=${publishTag}" >> $GITHUB_OUTPUT
	echo "IMAGE_SUFFIX=${imageSuffix}" >> $GITHUB_OUTPUT

	test:
	needs: ci
	runs-on: ubuntu-latest
	strategy:
	matrix:
	node-version: [18]

	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	cache: "npm"
	check-latest: true
	- run: node -v
	- run: npm -v

	- name: Run docker-compose up
	id: docker_compose
	uses: isbang/compose-action@v1.5.0
	with:
	compose-file: "./docker-compose.yaml"

	- name: Run tests
	run: \|
	npm install
	npm run build
	npm run cover:all

	test-pg-search:
	needs: ci
	runs-on: ubuntu-latest
	strategy:
	matrix:
	node-version: [18]

	steps:
	- uses: actions/checkout@v3
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	cache: "npm"
	check-latest: true
	- run: node -v
	- run: npm -v

	- name: Run docker-compose up
	id: docker_compose
	uses: isbang/compose-action@v1.5.0
	with:
	compose-file: "./docker-compose.yaml"
	env:
	PG_SEARCH: "true"

	- name: Run tests
	run: \|
	npm install
	npm run build
	npm run cover:all

	build:
	needs: [ci, test, test-pg-search]
	runs-on: ubuntu-latest
	strategy:
	matrix:
	node-version: [18]

	steps:
	- run: echo ${{ needs.ci.outputs.NPM_VERSION }}
	- run: echo ${{ needs.ci.outputs.PUBLISH_TAG }}
	- name: Check Out Repo
	uses: actions/checkout@v3

	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	cache: "npm"
	check-latest: true

	- name: Get short SHA
	id: slug
	run: \|
	echo "SHA7=$(echo ${GITHUB_SHA} \| cut -c1-7)" >> $GITHUB_OUTPUT
	imagePath="${{ secrets.DOCKER_HUB_USERNAME }}/retraced"

	if [[ "$GITHUB_REF" != *\/release ]]
	then
	imagePath="${{ secrets.DOCKER_HUB_USERNAME }}/retraced-beta"
	fi
	echo "${imagePath}"

	echo "IMAGE_PATH=${imagePath}" >> $GITHUB_OUTPUT

	- name: Set up Docker Buildx
	if: github.ref == 'refs/heads/release'
	id: buildx
	uses: docker/setup-buildx-action@v2

	- name: Set up QEMU
	if: github.ref == 'refs/heads/release'
	uses: docker/setup-qemu-action@v2

	- name: Login to Docker Hub
	if: github.ref == 'refs/heads/release'
	uses: docker/login-action@v2
	with:
	username: boxyhq
	password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

	- name: Build and push
	if: github.ref == 'refs/heads/release'
	id: docker_build
	uses: docker/build-push-action@v4
	with:
	context: ./
	file: ./deploy/Dockerfile-slim
	platforms: linux/amd64,linux/arm64
	push: true
	tags: ${{ steps.slug.outputs.IMAGE_PATH }}:${{ needs.ci.outputs.PUBLISH_TAG }},${{ steps.slug.outputs.IMAGE_PATH }}:${{ steps.slug.outputs.SHA7 }},${{ steps.slug.outputs.IMAGE_PATH }}:${{ needs.ci.outputs.NPM_VERSION }}

	- name: Image digest
	if: github.ref == 'refs/heads/release'
	run: echo ${{ steps.docker_build.outputs.digest }}

	- name: Login to GitHub Container Registry
	if: github.ref == 'refs/heads/release'
	run: \|
	echo "${{secrets.GITHUB_TOKEN}}" \| docker login ghcr.io -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin

	- name: Install Cosign
	if: github.ref == 'refs/heads/release'
	uses: sigstore/cosign-installer@main

	- name: Check install!
	if: github.ref == 'refs/heads/release'
	run: cosign version

	- name: place the cosign private key in a file
	if: github.ref == 'refs/heads/release'
	run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
	shell: bash
	env:
	COSIGN_KEY: ${{secrets.COSIGN_KEY}}

	- name: Sign the image
	if: github.ref == 'refs/heads/release'
	run: cosign sign --key /tmp/cosign.key -y ${{ steps.slug.outputs.IMAGE_PATH }}@${{ steps.docker_build.outputs.digest }}
	env:
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

	- name: Create SBOM Report [SPDX]
	uses: anchore/sbom-action@v0
	with:
	format: spdx
	artifact-name: retraced_sbom.spdx
	- name: Publish report [SPDX]
	uses: anchore/sbom-action/publish-sbom@v0
	with:
	sbom-artifact-match: ".*\\.spdx$"
	- name: Create SBOM Report [CycloneDx]
	uses: anchore/sbom-action@v0
	with:
	format: cyclonedx
	artifact-name: retraced_sbom.cyclonedx
	- name: Publish report [CycloneDx]
	uses: anchore/sbom-action/publish-sbom@v0
	with:
	sbom-artifact-match: ".*\\.cyclonedx$"
	- name: Download artifact for SPDX Report
	if: github.ref == 'refs/heads/release'
	uses: actions/download-artifact@v3
	with:
	name: retraced_sbom.spdx
	- name: Download artifact for CycloneDx Report
	if: github.ref == 'refs/heads/release'
	uses: actions/download-artifact@v3
	with:
	name: retraced_sbom.cyclonedx
	- name: Remove older SBOMs
	if: github.ref == 'refs/heads/release'
	run: rm -rf ./sbom. \|\| true
	- name: Move SPDX Report
	if: github.ref == 'refs/heads/release'
	run: mv retraced_sbom.spdx "./sbom.spdx"
	- name: Move CycloneDx Report
	if: github.ref == 'refs/heads/release'
	run: mv retraced_sbom.cyclonedx "./sbom.cyclonedx"

	- name: Create SBOM Report [Docker][SPDX]
	if: github.ref == 'refs/heads/release'
	uses: anchore/sbom-action@v0
	with:
	image: ${{ steps.slug.outputs.IMAGE_PATH }}:${{ needs.ci.outputs.PUBLISH_TAG }}
	format: spdx
	artifact-name: docker_sbom.spdx
	- name: Publish report [Docker][SPDX]
	if: github.ref == 'refs/heads/release'
	uses: anchore/sbom-action/publish-sbom@v0
	with:
	sbom-artifact-match: ".*\\.spdx$"
	- name: Create SBOM Report [Docker][CycloneDx]
	if: github.ref == 'refs/heads/release'
	uses: anchore/sbom-action@v0
	with:
	image: ${{ steps.slug.outputs.IMAGE_PATH }}:${{ needs.ci.outputs.PUBLISH_TAG }}
	format: cyclonedx
	artifact-name: docker_sbom.cyclonedx
	- name: Publish report [Docker][CycloneDx]
	if: github.ref == 'refs/heads/release'
	uses: anchore/sbom-action/publish-sbom@v0
	with:
	sbom-artifact-match: ".*\\.cyclonedx$"
	- name: Download artifact for SPDX Report [Docker]
	if: github.ref == 'refs/heads/release'
	uses: actions/download-artifact@v3
	with:
	name: docker_sbom.spdx
	- name: Download artifact for CycloneDx Report [Docker]
	if: github.ref == 'refs/heads/release'
	uses: actions/download-artifact@v3
	with:
	name: docker_sbom.cyclonedx
	- name: Create/Clear folder [Docker]
	if: github.ref == 'refs/heads/release'
	run: mkdir -p ./_docker/ && rm -rf ./_docker/. \|\| true

	- name: Move Report & cleanup [Docker]
	if: github.ref == 'refs/heads/release'
	run: \|
	mv docker_sbom.spdx "./_docker/sbom.spdx" \|\| true
	mv docker_sbom.cyclonedx ./_docker/sbom.cyclonedx \|\| true
	- name: ORAS Setup
	if: github.ref == 'refs/heads/release'
	run: \|
	ORAS_VERSION="v0.8.1"
	ORAS_FILENAME="oras_0.8.1_linux_amd64.tar.gz"
	curl -LO "https://github.com/oras-project/oras/releases/download/${ORAS_VERSION}/${ORAS_FILENAME}"
	mkdir oras_install
	tar -xvf "${ORAS_FILENAME}" -C oras_install

	- name: Push SBOM reports to GitHub Container Registry & Sign the sbom images
	if: github.ref == 'refs/heads/release'
	run: \|
	result=$(./oras_install/oras push ghcr.io/${{ github.repository }}/sbom${{ needs.ci.outputs.IMAGE_SUFFIX }}:service-${{ needs.ci.outputs.NPM_VERSION }} ./sbom.*)
	ORAS_DIGEST=$(echo $result \| grep -oE 'sha256:[a-f0-9]{64}')
	if [ -z "$ORAS_DIGEST" ]; then
	echo "Error: ORAS_DIGEST is empty"
	exit 1
	fi
	cosign sign -y --key /tmp/cosign.key ghcr.io/${{ github.repository }}/sbom${{ needs.ci.outputs.IMAGE_SUFFIX }}@${ORAS_DIGEST}
	cd _docker \|\| true
	result=$(../oras_install/oras push ghcr.io/${{ github.repository }}/sbom${{ needs.ci.outputs.IMAGE_SUFFIX }}:docker-${{ needs.ci.outputs.NPM_VERSION }} ./sbom.*)
	ORAS_DIGEST=$(echo $result \| grep -oE 'sha256:[a-f0-9]{64}')
	if [ -z "$ORAS_DIGEST" ]; then
	echo "Error: ORAS_DIGEST is empty"
	exit 1
	fi
	cosign sign -y --key /tmp/cosign.key ghcr.io/${{ github.repository }}/sbom${{ needs.ci.outputs.IMAGE_SUFFIX }}@${ORAS_DIGEST}
	cd ..
	env:
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump @types/node from 20.4.6 to 20.5.0 #977

Workflow file

Bump @types/node from 20.4.6 to 20.5.0 #977

Jobs

Run details

Workflow file for this run