fix: vulnerability in 3rd party package and fixed breakage of IT tests #129
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Stage | |
| env: | |
| # 🖊️ EDIT to change the image build settings. | |
| IMAGE_NAME: exhort-javascript-api | |
| IMAGE_REGISTRY: quay.io/ecosystem-appeng | |
| DOCKERFILE_PATH: ./docker-image/Dockerfiles/Dockerfile | |
| on: | |
| pull_request_target: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| paths: | |
| - "generated/**" | |
| - "src/**" | |
| - "package-lock.json" | |
| - "package.json" | |
| - "tsconfig.json" | |
| - ".github/workflows/stage.yml" | |
| - "docker-image/**" | |
| jobs: | |
| stage: | |
| runs-on: ubuntu-latest | |
| # Branches that starts with `release/` shouldn't trigger this workflow, as these are triggering the release workflow. | |
| if: github.repository_owner == 'RHEcosystemAppEng' && github.event.pull_request.merged == true && !startsWith(github.head_ref, 'release/') | |
| environment: staging | |
| name: Stage the project | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v3 | |
| with: | |
| ssh-key: ${{ secrets.DEPLOY_KEY }} | |
| - name: Install node 18 | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| cache: npm | |
| registry-url: 'https://npm.pkg.github.com' | |
| - name: Configure git | |
| run: | | |
| git config user.name "${{ github.actor }}" | |
| git config user.email "${{ github.actor }}@users.noreply.github.com" | |
| - name: Update package with new version | |
| id: bump | |
| run: | | |
| echo "version=$(npm version prerelease --no-git-tag-version --preid ea)" >> "$GITHUB_OUTPUT" | |
| - name: Install project modules | |
| run: npm ci | |
| - name: Compile project | |
| run: npm run compile | |
| - name: Publish package | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_MAVEN_TOKEN }} | |
| run: npm publish | |
| - name: Commit and push package modifications | |
| run: | | |
| git add package.json | |
| git add package-lock.json | |
| git commit -m "build: updated package with ${{ steps.bump.outputs.version }} [skip ci]" | |
| git push | |
| - name: Create and push new tag | |
| run: | | |
| git tag ${{ steps.bump.outputs.version }} -m "${{ steps.bump.outputs.version }}" | |
| git push origin ${{ steps.bump.outputs.version }} | |
| - name: Create a release | |
| uses: actions/github-script@v6.4.1 | |
| with: | |
| github-token: ${{ secrets.STAGING_PAT }} | |
| script: | | |
| const repo_name = context.payload.repository.full_name | |
| const response = await github.request('POST /repos/' + repo_name + '/releases', { | |
| tag_name: '${{ steps.bump.outputs.version }}', | |
| name: '${{ steps.bump.outputs.version }}', | |
| prerelease: true, | |
| generate_release_notes: true | |
| }) | |
| - name: Build Image With buildah | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: ${{ env.IMAGE_NAME }} | |
| tags: ${{ steps.bump.outputs.version }} | |
| dockerfiles: | | |
| ${{ env.DOCKERFILE_PATH }} | |
| build-args: | | |
| PACKAGE_REGISTRY_ACCESS_TOKEN=${{ secrets.PACKAGE_REGISTRY_ACCESS_TOKEN }} | |
| context: docker-image | |
| - name: Push Image To Registry | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.IMAGE_REGISTRY }} | |
| username: ${{ secrets.IMAGE_REGISTRY_USER }} | |
| password: ${{ secrets.IMAGE_REGISTRY_PASSWORD }} |