[Snyk] Fix for 3 vulnerabilities #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: MyCryptoBuilds PR | |
env: | |
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: 'us-east-1' | |
on: | |
pull_request: | |
branches: | |
- '*' | |
jobs: | |
Sha: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
## Set sha in env for pathPrefix | |
- name: Set SHA number | |
run: echo "GITHUB_SHA=$GITHUB_SHA" >> $GITHUB_ENV | |
shell: bash | |
- name: Retrieve engines' versions from package.json to env variables | |
id: engines | |
run: echo "##[set-output name=NVMRC;]$(cat package.json | grep '\"node\":' | sed 's/^ *//;s/ *$//;s/\"node\":\ \"//;s/\",//' )" | |
- name: Setup node ${{ steps.engines.outputs.NODE_VERSION }} | |
uses: actions/setup-node@main | |
with: | |
node-version: ${{ steps.engines.outputs.NODE_VERSION }} | |
- name: Cache depedendencies | |
id: cache | |
uses: actions/cache@v1 | |
with: | |
path: node_modules | |
## Check cache based on yarn.lock hashfile | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn-${{ env.cache-name }}- | |
${{ runner.os }}-yarn- | |
${{ runner.os }}- | |
- name: Install dependencies | |
## If no cache is found, install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: yarn | |
- name: yarn build sha-build - pr | |
if: github.event_name == 'pull_request' | |
run: yarn build:staging | |
env: | |
PATH_PREFIX: '/${{ github.event.pull_request.head.sha }}' | |
- name: yarn build sha-build - push | |
if: github.event_name == 'push' | |
run: yarn build:staging | |
env: | |
PATH_PREFIX: '/${{ env.GITHUB_SHA }}' | |
- name: S3 Sync - SHA Push | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'push' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --exclude '.git/*' | |
env: | |
DEST_DIR: ${{ env.GITHUB_SHA }} | |
SOURCE_DIR: 'public' | |
- name: S3 Sync - SHA PR | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --exclude '.git/*' | |
env: | |
DEST_DIR: ${{ github.event.pull_request.head.sha }} | |
SOURCE_DIR: 'public' | |
Pr: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
# Fetch the PR number to use it with AWS | |
- name: Set PR_NUMBER | |
run: | | |
PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }') | |
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV | |
- name: Set E2E_BASE_URL | |
if: github.ref != 'refs/heads/master' | |
run: | | |
E2E_BASE_URL=$( echo https://landing.mycryptobuilds.com/pr/${PR_NUMBER}/# ) | |
echo $E2E_BASE_URL | |
echo "E2E_BASE_URL=$E2E_BASE_URL" >> $GITHUB_ENV | |
- name: Retrieve engines' versions from package.json to env variables | |
id: engines | |
run: echo "##[set-output name=NVMRC;]$(cat package.json | grep '\"node\":' | sed 's/^ *//;s/ *$//;s/\"node\":\ \"//;s/\",//' )" | |
- name: Setup node ${{ steps.engines.outputs.NODE_VERSION }} | |
uses: actions/setup-node@main | |
with: | |
node-version: ${{ steps.engines.outputs.NODE_VERSION }} | |
- name: Cache depedendencies | |
id: cache | |
uses: actions/cache@v1 | |
with: | |
path: node_modules | |
## Check cache based on yarn.lock hashfile | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn-${{ env.cache-name }}- | |
${{ runner.os }}-yarn- | |
${{ runner.os }}- | |
- name: Install dependencies | |
## If no cache is found, install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: yarn | |
- name: yarn build pr | |
if: github.event_name == 'pull_request' | |
run: yarn build:staging | |
env: | |
PATH_PREFIX: '/pr/${{ env.PR_NUMBER }}' | |
- name: S3 Sync - PR Number | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
env: | |
DEST_DIR: 'pr/${{ env.PR_NUMBER }}' | |
SOURCE_DIR: 'public' | |
- name: Mycrypto-bot trigger | |
if: github.event_name == 'pull_request' | |
run: aws sns publish --topic-arn ${{ secrets.SNS_TOPIC_MYCRYPTO_BOT }} --region us-east-2 --message $(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }') | |
# Launch E2E tests. When in pull request it runs against the PR's mycryptobuilds url. | |
- name: E2E - run | |
if: github.event_name == 'pull_request' | |
run: yarn test:e2e |