[Snyk] Security upgrade next from 9.5.5 to 10.0.6 #524
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: [canary] | |
pull_request: | |
types: [opened, synchronize] | |
name: Build, test, and deploy | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
NEXT_TELEMETRY_DISABLED: 1 | |
steps: | |
- uses: actions/checkout@v2 | |
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* | |
- run: yarn install --frozen-lockfile --check-files | |
- run: node run-tests.js --timings --write-timings -g 1/1 | |
- uses: actions/cache@v2 | |
id: cache-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
lint: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: yarn lint | |
checkPrecompiled: | |
name: Check Pre-compiled | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
NEXT_TELEMETRY_DISABLED: 1 | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: ./check-pre-compiled.sh | |
testUnit: | |
name: Test Unit | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
NEXT_TELEMETRY_DISABLED: 1 | |
NEXT_TEST_JOB: 1 | |
HEADLESS: true | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: node run-tests.js --timings --type unit -g 1/1 | |
testIntegration: | |
name: Test Integration | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
NEXT_TELEMETRY_DISABLED: 1 | |
NEXT_TEST_JOB: 1 | |
HEADLESS: true | |
strategy: | |
fail-fast: false | |
matrix: | |
group: [1, 2, 3, 4, 5, 6] | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
# TODO: remove after we fix watchpack watching too much | |
- run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p | |
- run: xvfb-run node run-tests.js --timings -g ${{ matrix.group }}/6 -c 3 | |
testElectron: | |
name: Test Electron | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
NEXT_TELEMETRY_DISABLED: 1 | |
NEXT_TEST_JOB: 1 | |
HEADLESS: true | |
TEST_ELECTRON: 1 | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
# TODO: remove after we fix watchpack watching too much | |
- run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p | |
- run: yarn add -W --dev spectron@7.0.0 electron@5.0.0 | |
- run: xvfb-run node run-tests.js test/integration/with-electron/test/index.test.js | |
testYarnPnP: | |
runs-on: ubuntu-latest | |
env: | |
NODE_OPTIONS: '--unhandled-rejections=strict' | |
steps: | |
- uses: actions/checkout@v2 | |
- run: yarn install --frozen-lockfile --check-files | |
- run: | | |
mkdir -p ./e2e-tests/next-pnp | |
cp -r ./examples/with-typescript/. ./e2e-tests/next-pnp | |
cd ./e2e-tests/next-pnp | |
touch yarn.lock | |
yarn set version berry | |
yarn config set pnpFallbackMode none | |
yarn link --all --private ../.. | |
yarn build | |
testsPass: | |
name: thank you, next | |
runs-on: ubuntu-latest | |
needs: [lint, checkPrecompiled, testIntegration, testUnit, testYarnPnP] | |
steps: | |
- run: exit 0 | |
testFutureDependencies: | |
name: React 17 + webpack 5 (Basic, Production, Acceptance) | |
runs-on: ubuntu-latest | |
env: | |
NEXT_TELEMETRY_DISABLED: 1 | |
NEXT_TEST_JOB: 1 | |
HEADLESS: true | |
steps: | |
- uses: actions/checkout@v2 | |
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* | |
- run: cat package.json | jq '.resolutions.webpack = "^5.0.0-beta.30"' > package.json.tmp && mv package.json.tmp package.json | |
- run: cat package.json | jq '.resolutions.react = "^17.0.1"' > package.json.tmp && mv package.json.tmp package.json | |
- run: cat package.json | jq '.resolutions."react-dom" = "^17.0.1"' > package.json.tmp && mv package.json.tmp package.json | |
- run: yarn install --check-files | |
- run: yarn list webpack react react-dom | |
- run: node run-tests.js test/integration/link-ref/test/index.test.js | |
- run: node run-tests.js test/integration/production/test/index.test.js | |
- run: node run-tests.js test/integration/basic/test/index.test.js | |
- run: node run-tests.js test/integration/async-modules/test/index.test.js | |
- run: node run-tests.js test/integration/font-optimization/test/index.test.js | |
- run: node run-tests.js test/acceptance/* | |
testFirefox: | |
name: Test Firefox (production) | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
HEADLESS: true | |
BROWSERNAME: 'firefox' | |
NEXT_TELEMETRY_DISABLED: 1 | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: node run-tests.js test/integration/production/test/index.test.js | |
testSafari: | |
name: Test Safari (production) | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
BROWSERSTACK: true | |
BROWSERNAME: 'safari' | |
NEXT_TELEMETRY_DISABLED: 1 | |
SKIP_LOCAL_SELENIUM_SERVER: true | |
BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }} | |
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: '[[ -z "$BROWSERSTACK_ACCESS_KEY" ]] && echo "Skipping for PR" || node run-tests.js test/integration/production/test/index.test.js' | |
testSafariOld: | |
name: Test Safari 10.1 (nav) | |
runs-on: ubuntu-latest | |
needs: [build, testSafari] | |
env: | |
BROWSERSTACK: true | |
LEGACY_SAFARI: true | |
BROWSERNAME: 'safari' | |
NEXT_TELEMETRY_DISABLED: 1 | |
SKIP_LOCAL_SELENIUM_SERVER: true | |
BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }} | |
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: '[[ -z "$BROWSERSTACK_ACCESS_KEY" ]] && echo "Skipping for PR" || node run-tests.js test/integration/production-nav/test/index.test.js' | |
publishRelease: | |
name: Potentially publish release | |
runs-on: ubuntu-latest | |
needs: [testsPass] | |
env: | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: ./publish-release.sh | |
prStats: | |
name: Release Stats | |
runs-on: ubuntu-latest | |
needs: [publishRelease] | |
steps: | |
- uses: actions/cache@v2 | |
id: restore-build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- run: ./release-stats.sh | |
- uses: ./.github/actions/next-stats-action | |
env: | |
PR_STATS_COMMENT_TOKEN: ${{ secrets.PR_STATS_COMMENT_TOKEN }} |