[Snyk] Security upgrade axios from 0.24.0 to 1.6.4 #3367
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Storybook | |
| env: | |
| AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET_MYCRYPTOBUILDS }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_MYCRYPTOBUILDS }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_MYCRYPTOBUILDS }} | |
| AWS_REGION: 'us-east-2' | |
| on: | |
| pull_request: | |
| branches: | |
| - '*' | |
| push: | |
| branches: | |
| - master | |
| repository_dispatch: | |
| types: [ok-to-test-command] | |
| jobs: | |
| storybook-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Fetch the PR number to use it with AWS | |
| - name: Set PR_NUMBER | |
| run: | | |
| PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }') | |
| echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV | |
| - uses: actions/checkout@v2 | |
| if: github.event_name != 'repository_dispatch' | |
| - uses: actions/checkout@v2 | |
| if: github.event_name == 'repository_dispatch' | |
| with: | |
| ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' | |
| - name: Retrieve node version from .nvmrc | |
| run: echo "##[set-output name=NVMRC;]$(cat package.json | grep '\"node\":' | sed 's/^ *//;s/ *$//;s/\"node\":\ \"//;s/\",//')" | |
| id: nvm | |
| - name: Setup node ${{ steps.nvm.outputs.NVMRC }} | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: '${{ steps.nvm.outputs.NVMRC }}' | |
| - name: Cache node modules | |
| id: cache | |
| uses: actions/cache@v2 | |
| with: | |
| path: node_modules | |
| ## Check cache based on yarn.lock hashfile | |
| key: ${{ runner.OS }}-build-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install Dependencies | |
| ## If no cache is found, install dependencies | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: yarn install --frozen-lockfile | |
| - name: yarn build:storybook | |
| if: github.ref == 'refs/heads/master' || github.event_name == 'pull_request' | |
| run: yarn build:storybook | |
| - name: S3 Sync - Storybook SHA | |
| uses: jakejarvis/s3-sync-action@v0.5.1 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| args: --acl public-read --cache-control max-age=0 --follow-symlinks --exclude '.git/*' | |
| env: | |
| DEST_DIR: 'storybook/${GITHUB_SHA}' | |
| SOURCE_DIR: 'storybook-static' | |
| - name: S3 Sync - Storybook SHA - repository_dispatch | |
| uses: jakejarvis/s3-sync-action@v0.5.1 | |
| if: github.event_name == 'repository_dispatch' | |
| with: | |
| args: --acl public-read --cache-control max-age=0 --follow-symlinks --exclude '.git/*' | |
| env: | |
| DEST_DIR: 'storybook/${{ github.event.client_payload.pull_request.head.sha }}' | |
| SOURCE_DIR: 'storybook-static' | |
| - name: S3 Sync - Storybook Branch - push | |
| uses: jakejarvis/s3-sync-action@v0.5.1 | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| with: | |
| args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
| env: | |
| DEST_DIR: 'storybook/${GITHUB_REF##*/}' | |
| SOURCE_DIR: 'storybook-static' | |
| - name: S3 Sync - Storybook Branch - pull_request | |
| uses: jakejarvis/s3-sync-action@v0.5.1 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
| env: | |
| DEST_DIR: 'storybook/${{ github.head_ref }}' | |
| SOURCE_DIR: 'storybook-static' | |
| - name: S3 Sync - Storybook Branch - repository_dispatch | |
| uses: jakejarvis/s3-sync-action@v0.5.1 | |
| if: github.event_name == 'repository_dispatch' | |
| with: | |
| args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
| env: | |
| DEST_DIR: 'storybook/${{ github.event.client_payload.pull_request.head.ref }}' | |
| SOURCE_DIR: 'storybook-static' | |
| - name: S3 Sync - Storybook - PR Number - pull_request | |
| uses: jakejarvis/s3-sync-action@v0.5.1 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
| env: | |
| DEST_DIR: 'storybook/pr/${PR_NUMBER}' | |
| SOURCE_DIR: 'storybook-static' | |
| - name: S3 Sync - Storybook - PR Number - repository_dispatch | |
| uses: jakejarvis/s3-sync-action@v0.5.1 | |
| if: github.event_name == 'repository_dispatch' | |
| with: | |
| args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
| env: | |
| DEST_DIR: 'storybook/pr/${{ github.event.client_payload.pull_request.number }}' | |
| SOURCE_DIR: 'storybook-static' | |
| - name: Update PR status | |
| uses: actions/github-script@v1 | |
| id: update-check-run | |
| if: github.event_name == 'repository_dispatch' | |
| env: | |
| number: ${{ github.event.client_payload.pull_request.number }} | |
| job: ${{ github.job }} | |
| # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run | |
| conclusion: ${{ job.status }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const { data: pull } = await github.pulls.get({ | |
| ...context.repo, | |
| pull_number: process.env.number | |
| }); | |
| const ref = pull.head.sha; | |
| const { data: checks } = await github.checks.listForRef({ | |
| ...context.repo, | |
| ref | |
| }); | |
| const check = checks.check_runs.filter(c => c.name === process.env.job); | |
| const { data: result } = await github.checks.update({ | |
| ...context.repo, | |
| check_run_id: check[0].id, | |
| status: 'completed', | |
| conclusion: process.env.conclusion | |
| }); | |
| return result; |