fix(deps): update dependency ws to v8 [security] #2442
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Soak test | |
on: | |
pull_request: | |
paths: | |
- 'packages/sources/**' | |
- 'packages/composites/**' | |
- 'packages/targets/**' | |
- 'packages/core/**' | |
jobs: | |
run-soak-tests: | |
name: Run Soak Tests Against Changed Adapters | |
runs-on: ubuntu-latest-4cores-16GB | |
environment: QA | |
permissions: | |
id-token: write | |
contents: read | |
checks: write | |
pull-requests: write | |
concurrency: | |
group: qa-soaktest-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Setup GitHub Token | |
id: setup-github-token | |
uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # setup-github-token@0.1.2 | |
with: | |
aws-role-arn: ${{ secrets.AWS_ROLE_ARN_FOR_QA_GITHUB_TOKEN }} | |
aws-lambda-url: ${{ secrets.GATI_LAMBDA_DATA_FEEDS_URL }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
aws-role-duration-seconds: '1800' # this is optional and defaults to 900 | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 2 | |
- uses: jwalton/gh-find-current-pr@89ee5799558265a1e0e31fab792ebb4ee91c016b # v1.3.3 | |
id: findPr | |
with: | |
# Can be "open", "closed", or "all". Defaults to "open". | |
state: all | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
aws-region: ${{ secrets.QA_AWS_REGION }} | |
role-to-assume: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }} | |
role-duration-seconds: 3600 | |
mask-aws-account-id: true | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 | |
- name: Set Kubernetes Context | |
uses: azure/k8s-set-context@212a19233d93f03eceaac31ae5a1d1acf650b6ef # v4.0.1 | |
with: | |
method: kubeconfig | |
kubeconfig: ${{ secrets.QA_KUBECONFIG }} | |
- name: Set up and install dependencies | |
uses: ./.github/actions/setup | |
with: | |
build-all: true | |
base-branch: ${{ github.base_ref }} | |
- name: Check AWS CLI version | |
run: aws --version | |
- name: Check kubectl version | |
run: kubectl version | |
- name: Check helm version | |
run: helm version | |
- name: Install SOPS | |
run: | | |
TEMP_DEB="temp-sops_3.7.1_amd64.deb" && | |
wget -O "$TEMP_DEB" https://github.com/mozilla/sops/releases/download/v3.7.1/sops_3.7.1_amd64.deb && | |
sudo dpkg -i "$TEMP_DEB" && | |
rm -f "$TEMP_DEB" | |
- name: Install Helm Secrets | |
run: helm plugin install https://github.com/jkroepke/helm-secrets --version v3.12.0 | |
- name: Use GH CLI to get pr info | |
id: get-pr-info | |
env: | |
GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} | |
PR_NUMBER: ${{ steps.findPr.outputs.pr }} | |
run: | | |
CHANGED_FILES_NAME=./changedFiles.txt | |
gh pr view ${PR_NUMBER} --json files --jq '.files.[].path' | xargs -I {} sh -c 'if [ -e "$1" ]; then echo "$1"; fi' _ {} > ${CHANGED_FILES_NAME} | |
TEST_ADAPTERS="$(yarn get-changed-adapters "${CHANGED_FILES_NAME}")" | |
echo "::set-output name=TEST_ADAPTERS::${TEST_ADAPTERS}" | |
- name: Clone adapter-secrets repo | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
env: | |
GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} | |
run: git clone https://oauth2:${GITHUB_TOKEN}@github.com/smartcontractkit/adapter-secrets.git | |
- name: Build the k6 payloads and images | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
id: k6-payloads | |
env: | |
PR_NUMBER: ${{ steps.findPr.outputs.pr }} | |
TEST_ADAPTERS: ${{ steps.get-pr-info.outputs.TEST_ADAPTERS }} | |
IMAGE_PREFIX: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/k6 | |
run: | | |
if [ -n "$TEST_ADAPTERS" ]; then | |
for adapter in ${TEST_ADAPTERS}; do | |
yarn qa:flux:configure k6payload ${adapter} ${PR_NUMBER} || exit 1 | |
cd ./packages/k6 | |
echo "" >> ./.env | |
echo "PAYLOAD_GENERATED=true" >> ./.env | |
echo "CI_ADAPTER_NAME=${adapter}" >> ./.env | |
echo "QA_RELEASE_TAG=${PR_NUMBER}" >> ./.env | |
echo "PR_NUMBER=${PR_NUMBER}" >> ./.env | |
echo "TEST_DURATION=10m" >> ./.env | |
cat ./.env | |
yarn build | |
docker build -t ${IMAGE_PREFIX}:pr${PR_NUMBER}-${adapter} . | |
docker push ${IMAGE_PREFIX}:pr${PR_NUMBER}-${adapter} | |
cd ../.. | |
done | |
fi | |
- name: Build adapters | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
id: build-adapters | |
env: | |
TEST_ADAPTERS: ${{ steps.get-pr-info.outputs.TEST_ADAPTERS }} | |
IMAGE_TAG: pr${{ steps.findPr.outputs.pr }} | |
IMAGE_PREFIX: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/adapters/ | |
run: | | |
GITHUB_WORKSPACE= IMAGE_TAG=${IMAGE_TAG} IMAGE_PREFIX=${IMAGE_PREFIX} yarn generate:docker-compose | |
BUILD_ADAPTERS= | |
if [ -n "$TEST_ADAPTERS" ]; then | |
yarn qa:dependencies $TEST_ADAPTERS | |
DEP=$(cat ./packages/scripts/src/adapter-dependencies/dependencies.txt) | |
BUILD_ADAPTERS="${TEST_ADAPTERS} ${DEP}" | |
fi | |
BUILD_NAMES= | |
if [ -n "$BUILD_ADAPTERS" ]; then | |
for adapter in ${BUILD_ADAPTERS}; do | |
BUILD_NAMES="${BUILD_NAMES} ${adapter}-adapter" | |
done | |
echo $BUILD_NAMES | |
docker compose -f docker-compose.generated.yaml build ${BUILD_NAMES} | |
for adapter in ${BUILD_NAMES}; do | |
aws ecr create-repository --repository-name adapters/${adapter} || true | |
docker push ${IMAGE_PREFIX}${adapter}:${IMAGE_TAG} | |
done | |
fi | |
echo "::set-output name=BUILD_ADAPTERS::${BUILD_ADAPTERS}" | |
- uses: webiny/action-post-run@2a0e96f0e55f0e698cf2a3d85670e3577ae30a30 # 3.1.0 | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
name: Clean up deployments | |
env: | |
PR_NUMBER: ${{ steps.findPr.outputs.pr }} | |
ADAPTER_NAMES: ${{ steps.build-adapters.outputs.BUILD_ADAPTERS }} | |
with: | |
run: ./packages/scripts/src/ephemeral-adapters/cleanup.sh | |
- name: Deploy adapters | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
env: | |
PR_NUMBER: ${{ steps.findPr.outputs.pr }} | |
IMAGE_TAG: pr${{ steps.findPr.outputs.pr }} | |
ADAPTER_NAMES: ${{ steps.build-adapters.outputs.BUILD_ADAPTERS }} | |
IMAGE_PREFIX: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/adapters/ | |
GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} | |
run: | | |
helm repo add chainlink https://raw.githubusercontent.com/smartcontractkit/charts/gh-pages/ --password ${GITHUB_TOKEN} --username dummy | |
if [ -n "$ADAPTER_NAMES" ]; then | |
for adapter in ${ADAPTER_NAMES}; do | |
HELM_SECRETS_PATH=./adapter-secrets/secure-sdlc/secrets.${adapter/-test/}.yaml | |
if test -f "$HELM_SECRETS_PATH" | |
then | |
HELM_SECRETS_PATH=${HELM_SECRETS_PATH} yarn qa:adapter start ${adapter} ${PR_NUMBER} ${IMAGE_TAG} | |
else | |
yarn qa:adapter start ${adapter} ${PR_NUMBER} ${IMAGE_TAG} | |
fi | |
done | |
fi | |
- name: Deploy k6 | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
env: | |
PR_NUMBER: ${{ steps.findPr.outputs.pr }} | |
IMAGE_TAG: pr${{ steps.findPr.outputs.pr }} | |
TEST_ADAPTERS: ${{ steps.get-pr-info.outputs.TEST_ADAPTERS }} | |
run: | | |
cd ./packages/k6 | |
if [ -n "$TEST_ADAPTERS" ]; then | |
for adapter in ${TEST_ADAPTERS}; do | |
helm upgrade k6-${PR_NUMBER}-${adapter} ./k8s \ | |
--install \ | |
--namespace adapters \ | |
--create-namespace \ | |
-f ./k8s/values.yaml \ | |
--set image.tag=${IMAGE_TAG}-${adapter} \ | |
--set name=k6-${PR_NUMBER}-${adapter} \ | |
--wait | |
done | |
fi | |
- name: Wait 15 Minutes for tests to run | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
uses: jakejarvis/wait-action@919fc193e07906705e5b7a50f90ea9e74d20b2b0 # v0.1.1 | |
with: | |
time: '15m' | |
- name: Assert tests passed | |
if: steps.get-pr-info.outputs.TEST_ADAPTERS != '' | |
env: | |
GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} | |
PR_NUMBER: ${{ steps.findPr.outputs.pr }} | |
TEST_ADAPTERS: ${{ steps.get-pr-info.outputs.TEST_ADAPTERS }} | |
run: | | |
TEST_RESULTS="./test_results.txt" | |
set -e | |
if [ -n "$TEST_ADAPTERS" ]; then | |
for adapter in ${TEST_ADAPTERS}; do | |
# verify last comment has no failures for each adapter, otherwise exit with error | |
gh pr view $PR_NUMBER --json comments --jq '.comments | map(select(.body | contains("'$adapter'"))) | last' | cat >> ${TEST_RESULTS} | |
done | |
fi | |
cat $TEST_RESULTS | grep -q "Soak test failed" && exit 1 || echo "All tests passed" |