Skip to content

Backport a fix for CVE-2024-47764 to the 4.x branch #1479

Backport a fix for CVE-2024-47764 to the 4.x branch

Backport a fix for CVE-2024-47764 to the 4.x branch #1479

Workflow file for this run

name: ci
on:
push:
branches:
- master
- develop
- '4.x'
- '5.x'
paths-ignore:
- '*.md'
pull_request:
paths-ignore:
- '*.md'
# Cancel in progress workflows
# in the scenario where we already had a run going for that PR/branch/tag but then triggered a new run
concurrency:
group: "${{ github.workflow }} ✨ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js {{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: 'lts/*'
persist-credentials: false
- name: Install dependencies
run: npm install --ignore-scripts --only=dev
- name: Run lint
run: npm run lint
test:
name: Run tests
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
node-version:
- "0.10"
- "0.12"
- "4"
- "5"
- "6"
- "7"
- "8"
- "9"
- "10"
- "11"
- "12"
- "13"
- "14"
- "15"
- "16"
- "17"
- "18"
- "19"
- "20"
- "21"
- "22"
# Use supported versions of our testing tools under older versions of Node
# Install npm in some specific cases where we need to
include:
- node-version: "0.10"
npm-i: "mocha@3.5.3 nyc@10.3.2 supertest@2.0.0"
# Npm isn't being installed on windows w/ setup-node for
# 0.10 and 0.12, which will end up choking when npm uses es6
npm-version: "npm@2.15.1"
- node-version: "0.12"
npm-i: "mocha@3.5.3 nyc@10.3.2 supertest@2.0.0"
npm-version: "npm@2.15.11"
- node-version: "4"
npm-i: "mocha@5.2.0 nyc@11.9.0 supertest@3.4.2"
- node-version: "5"
npm-i: "mocha@5.2.0 nyc@11.9.0 supertest@3.4.2"
# fixes https://github.com/npm/cli/issues/681
npm-version: "npm@3.10.10"
- node-version: "6"
npm-i: "mocha@6.2.2 nyc@14.1.1 supertest@3.4.2"
- node-version: "7"
npm-i: "mocha@6.2.2 nyc@14.1.1 supertest@6.1.6"
- node-version: "8"
npm-i: "mocha@7.2.0 nyc@14.1.1"
- node-version: "9"
npm-i: "mocha@7.2.0 nyc@14.1.1"
- node-version: "10"
npm-i: "mocha@8.4.0"
- node-version: "11"
npm-i: "mocha@8.4.0"
- node-version: "12"
npm-i: "mocha@9.2.2"
- node-version: "13"
npm-i: "mocha@9.2.2"
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Npm version fixes
if: ${{matrix.npm-version != ''}}
run: npm install -g ${{ matrix.npm-version }}
- name: Configure npm loglevel
run: |
npm config set loglevel error
shell: bash
- name: Install dependencies
run: npm install
- name: Install Node version specific dev deps
if: ${{ matrix.npm-i != '' }}
run: npm install --save-dev ${{ matrix.npm-i }}
- name: Remove non-test dependencies
run: npm rm --silent --save-dev connect-redis
- name: Output Node and NPM versions
run: |
echo "Node.js version: $(node -v)"
echo "NPM version: $(npm -v)"
- name: Run tests
shell: bash
run: |
npm run test-ci
cp coverage/lcov.info "coverage/${{ matrix.node-version }}.lcov"
- name: Collect code coverage
run: |
mv ./coverage "./${{ matrix.node-version }}"
mkdir ./coverage
mv "./${{ matrix.node-version }}" "./coverage/${{ matrix.node-version }}"
- name: Upload code coverage
uses: actions/upload-artifact@v3
with:
name: coverage
path: ./coverage
retention-days: 1
coverage:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install lcov
shell: bash
run: sudo apt-get -y install lcov
- name: Collect coverage reports
uses: actions/download-artifact@v3
with:
name: coverage
path: ./coverage
- name: Merge coverage reports
shell: bash
run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./coverage/lcov.info
- name: Upload coverage report
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}