[Snyk] Security upgrade aws-amplify from 3.4.3 to 6.0.0 #74
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate CMS Pull Request | |
on: | |
pull_request: | |
branches: | |
- main | |
paths: | |
- "packages/cms/**" | |
- "!**/**.md" | |
- "!docs/**" | |
workflow_dispatch: | |
jobs: | |
install: | |
name: Install dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: | | |
~/.npm | |
**/node_modules | |
~/.cache/Cypress | |
**/.serverless | |
**/.webpack | |
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-cms-${{ env.cache-name }}- | |
${{ runner.os }}-build-cms- | |
${{ runner.os }}- | |
- name: Use Node.js 12.x | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 12.x | |
- name: Install dependencies | |
working-directory: packages/cms | |
run: yarn | |
build-cms: | |
name: Build CMS | |
runs-on: ubuntu-latest | |
needs: install | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: | | |
~/.npm | |
**/node_modules | |
~/.cache/Cypress | |
**/.serverless | |
**/.webpack | |
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-cms-${{ env.cache-name }}- | |
${{ runner.os }}-build-cms- | |
${{ runner.os }}- | |
- name: Cache build | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-build | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: | | |
**/build | |
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ github.sha }} | |
- name: Use Node.js 12.x | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 12.x | |
- name: Lint | |
working-directory: packages/cms | |
run: yarn lint | |
env: | |
CI: true | |
- name: Build CMS | |
working-directory: packages/cms | |
run: yarn build | |
env: | |
REACT_APP_AUTH_AWS_REGION: ${{ secrets.TEST_AUTH_AWS_REGION }} | |
REACT_APP_AUTH_POOL_ID: ${{ secrets.TEST_AUTH_POOL_ID }} | |
REACT_APP_AUTH_CLIENT_ID: ${{ secrets.TEST_AUTH_CLIENT_ID }} | |
REACT_APP_AUTH_OAUTH_DOMAIN: ${{ secrets.TEST_AUTH_OAUTH_DOMAIN }} | |
REACT_APP_AUTH_OAUTH_SIGNIN: ${{ secrets.TEST_AUTH_OAUTH_SIGNIN }} | |
REACT_APP_AUTH_OAUTH_SIGNOUT: ${{ secrets.TEST_AUTH_OAUTH_SIGNOUT }} | |
REACT_APP_UPLOAD_ENDPOINT: ${{ secrets.TEST_UPLOAD_ENDPOINT }} | |
REACT_APP_API_ENDPOINT: ${{ secrets.TEST_API_ENDPOINT }} | |
- uses: actions/upload-artifact@v1 | |
with: | |
name: cms-build | |
path: packages/cms/build | |
validate-api: | |
name: Validate API | |
runs-on: ubuntu-latest | |
needs: install | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: | | |
~/.npm | |
**/node_modules | |
~/.cache/Cypress | |
**/.serverless | |
**/.webpack | |
key: ${{ runner.os }}-build-app-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-app-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-app-${{ env.cache-name }}- | |
${{ runner.os }}-build-app- | |
${{ runner.os }}- | |
- name: Use Node.js 12.x | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 12.x | |
- name: Cache DynamoDB docker images | |
uses: satackey/action-docker-layer-caching@v0.0.11 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-southeast-1 | |
- name: Setup DynamoDB Local | |
uses: rrainn/dynamodb-action@v2.0.0 | |
with: | |
port: 8062 | |
cors: "*" | |
- name: Create DynamoDB Table | |
working-directory: infra | |
run: yarn workspace infra ddb:init | |
- name: Smoke Test | |
run: yarn build:api | |
- name: Test API | |
run: yarn test:api | |
- name: Coverage Report | |
run: yarn coverage:api | |
- uses: actions/upload-artifact@v1 | |
with: | |
name: Coverage Report | |
path: coverage | |
validate-cms: | |
name: Validate CMS | |
runs-on: ubuntu-latest | |
needs: | |
- build-cms | |
- validate-api | |
strategy: | |
# when one test fails, DO NOT cancel the other | |
# containers, because this will kill Cypress processes | |
# leaving the Dashboard hanging ... | |
# https://github.com/cypress-io/github-action/issues/48 | |
fail-fast: false | |
matrix: | |
# run 3 copies of the current job in parallel | |
containers: [1, 2, 3] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: | | |
~/.npm | |
**/node_modules | |
~/.cache/Cypress | |
**/.serverless | |
**/.webpack | |
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-cms-${{ env.cache-name }}- | |
${{ runner.os }}-build-cms- | |
${{ runner.os }}- | |
- name: Cache build | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-build | |
with: | |
path: | | |
**/build | |
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ github.sha }} | |
- name: Cache docker images | |
uses: satackey/action-docker-layer-caching@v0.0.11 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-southeast-1 | |
- name: Setup DynamoDB Local | |
uses: rrainn/dynamodb-action@v2.0.0 | |
with: | |
port: 8062 | |
cors: "*" | |
- name: Create DynamoDB Table | |
working-directory: infra | |
run: yarn workspace infra ddb:init | |
- name: Start API | |
run: yarn start:api & | |
env: | |
DEBUG: "lambda:*" | |
- name: Integration tests | |
uses: cypress-io/github-action@v2 | |
env: | |
CYPRESS_username: ${{ secrets.CYPRESS_USERNAME }} | |
CYPRESS_password: ${{ secrets.CYPRESS_PASSWORD }} | |
CYPRESS_mailUrl: ${{ secrets.CYPRESS_MAIL_URL }} | |
CYPRESS_mailApiKey: ${{ secrets.CYPRESS_MAIL_API_KEY }} | |
CYPRESS_cognitoPoolId: ${{ secrets.TEST_AUTH_POOL_ID }} | |
CYPRESS_cognitoRegion: ${{ secrets.TEST_AUTH_AWS_REGION }} | |
CYPRESS_awsAccessKeyId: ${{ secrets.TEST_COG_ACCESS_KEY_ID }} | |
CYPRESS_awsSecretAccessKey: ${{ secrets.TEST_COG_SECRET_ACCESS_KEY }} | |
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DDB_ENDPOINT: http://localhost:8062 | |
DDB_TABLE: abu-local | |
DEBUG: "" | |
with: | |
record: true | |
parallel: true | |
group: Tests on container | |
working-directory: packages/cms | |
start: yarn serve | |
wait-on: "http://localhost:8060, http://localhost:8061/content" | |
# - uses: actions/upload-artifact@v1 | |
# if: failure() | |
# with: | |
# name: cypress-screenshots | |
# path: packages/cms/cypress/screenshots | |
# # Test run video was always captured, so this action uses "always()" condition | |
# - uses: actions/upload-artifact@v1 | |
# if: always() | |
# with: | |
# name: cypress-videos | |
# path: packages/cms/cypress/videos | |
lighthouse: | |
name: Lighthouse | |
runs-on: ubuntu-latest | |
needs: build-cms | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: | | |
~/.npm | |
**/node_modules | |
~/.cache/Cypress | |
**/.serverless | |
**/.webpack | |
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-cms-${{ env.cache-name }}- | |
${{ runner.os }}-build-cms- | |
${{ runner.os }}- | |
- name: Cache build | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-build | |
with: | |
path: | | |
**/build | |
key: ${{ runner.os }}-build-cms-${{ env.cache-name }}-${{ github.sha }} | |
- name: Run Lighthouse against a static build dir | |
uses: treosh/lighthouse-ci-action@v3 | |
with: | |
configPath: "./packages/cms/lighthouserc.json" | |
runs: 1 | |
uploadArtifacts: true # save results as an action artifacts | |
temporaryPublicStorage: true # upload lighthouse report to the temporary storage |