fix: vulnerable dependencies #1271
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: FE CI Gatekeeper | |
| on: | |
| push: | |
| paths: | |
| - "ui/**" | |
| - ".github/workflows/dev-fe-gatekeeper.yaml" | |
| - ".github/workflows/dev-fe-e2e.yaml" | |
| branches: | |
| - main | |
| pull_request: | |
| paths: | |
| - "ui/**" | |
| - ".github/workflows/dev-fe-gatekeeper.yaml" | |
| - ".github/workflows/dev-fe-e2e.yaml" | |
| types: [opened, synchronize] | |
| permissions: | |
| contents: write | |
| packages: write | |
| checks: write | |
| pull-requests: write | |
| repository-projects: read | |
| env: | |
| NODE_OPTIONS: "—-max_old_space_size=4096" | |
| jobs: | |
| cache_pnpm: | |
| name: Cache PNPM | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9.4.0 | |
| - name: Use Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| cache: "pnpm" | |
| cache-dependency-path: "ui/pnpm-lock.yaml" | |
| - name: Install dependencies | |
| run: cd ui && make init | |
| CI_checks: | |
| runs-on: ubuntu-latest | |
| needs: cache_pnpm | |
| strategy: | |
| matrix: | |
| action: ["lint", "format", "test", "build"] | |
| defaults: | |
| run: | |
| working-directory: ui | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9.4.0 | |
| - name: Use Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| cache: "pnpm" | |
| cache-dependency-path: "ui/pnpm-lock.yaml" | |
| - run: make init | |
| - name: lint | |
| if: matrix.action == 'lint' | |
| run: make lint | |
| - name: format | |
| if: matrix.action == 'format' | |
| run: make format | |
| - name: test | |
| if: matrix.action == 'test' | |
| run: make test | |
| - name: build | |
| if: matrix.action == 'build' | |
| run: make build | |
| - name: Check for changes | |
| id: check_changes | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "CI Bot" | |
| git diff --exit-code || echo "::set-output name=changes::true" | |
| - uses: stefanzweifel/git-auto-commit-action@v5 | |
| if: steps.check_changes.outputs.changes == 'true' && github.event_name == 'pull_request' | |
| with: | |
| commit_message: "chore: lint/format" | |
| permission_checks: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Get User Permission | |
| id: checkAccess | |
| uses: actions-cool/check-user-permission@v2 | |
| with: | |
| require: write | |
| username: ${{ github.triggering_actor }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check User Permission | |
| if: steps.checkAccess.outputs.require-result == 'false' | |
| run: | | |
| echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
| exit 1 | |
| E2E_tests_workflow: | |
| uses: ./.github/workflows/dev-fe-e2e.yaml | |
| secrets: | |
| CI_USER: everestadmin | |
| CI_PASSWORD: everestadmin | |
| merge-gatekeeper: | |
| needs: [CI_checks, permission_checks, E2E_tests_workflow] | |
| name: Merge Gatekeeper | |
| if: ${{ always() }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Run Merge Gatekeeper | |
| uses: upsidr/[email protected] | |
| with: | |
| self: Merge Gatekeeper | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| interval: 45 | |
| timeout: 300 | |
| ignored: "license/snyk (Percona Github Org), security/snyk (Percona Github Org)" | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} |