refactor: Security upgrade graphql from 16.6.0 to 16.8.1 (#2500) #2162
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [ release, alpha, beta, next-major ] | |
pull_request: | |
branches: | |
- '**' | |
env: | |
NODE_VERSION: 18.9.0 | |
jobs: | |
check-ci: | |
name: Node Engine Check | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ env.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- name: CI Node Engine Check | |
run: npm run ci:checkNodeEngine | |
check-lint: | |
name: Lint | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ env.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- run: npm run lint | |
check-circular: | |
name: Circular Dependencies | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js ${{ env.NODE_VERSION }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ env.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- name: Scan for circular dependencies | |
run: npm run madge:circular | |
check-docker: | |
strategy: | |
matrix: | |
include: | |
- name: Docker linux/amd64 | |
DOCKER_PLATFORM: linux/amd64 | |
# Building currently fails for the platforms below | |
# - name: Docker linux/arm/v6 | |
# DOCKER_PLATFORM: linux/arm/v6 | |
# - name: Docker linux/arm/v7 | |
# DOCKER_PLATFORM: linux/arm/v7 | |
# - name: Docker linux/arm64/v8 | |
# DOCKER_PLATFORM: linux/arm64/v8 | |
fail-fast: false | |
name: ${{ matrix.name }} | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Build docker image | |
uses: docker/build-push-action@v2 | |
with: | |
platforms: ${{ matrix.DOCKER_PLATFORM }} | |
check-lock-file-version: | |
name: NPM Lock File Version | |
timeout-minutes: 5 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Check NPM lock file version | |
uses: mansona/npm-lockfile-version@v1 | |
with: | |
version: 1 | |
check-build: | |
strategy: | |
matrix: | |
include: | |
- name: Node 14 | |
NODE_VERSION: 14.20.1 | |
- name: Node 16 | |
NODE_VERSION: 16.17.0 | |
- name: Node 18 | |
NODE_VERSION: 18.9.0 | |
fail-fast: false | |
name: ${{ matrix.name }} | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
env: | |
NODE_VERSION: ${{ matrix.NODE_VERSION }} | |
steps: | |
- name: Determine major node version | |
id: node | |
run: | | |
node_major=$(echo "${{ matrix.NODE_VERSION }}" | cut -d'.' -f1) | |
echo "::set-output name=node_major::$(echo $node_major)" | |
- name: Fix usage of insecure GitHub protocol | |
run: sudo git config --system url."https://github".insteadOf "git://github" | |
- uses: actions/checkout@v2 | |
- name: Use Node.js ${{ matrix.NODE_VERSION }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ matrix.NODE_VERSION }} | |
- name: Cache Node.js modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-${{ matrix.NODE_VERSION }}- | |
- name: Install dependencies | |
run: npm ci | |
- name: Tests | |
run: npm test | |
- name: Test bundles | |
run: ./scripts/before_script.sh | |
env: | |
CI: true | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true |