Symfony flavor #586
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node.js CI | |
on: | |
pull_request: | |
branches: | |
- main | |
env: | |
MAX_HIGH: 0 | |
MAX_CRITICAL: 0 | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
# These versions match Upsun support | |
# Node.js: https://docs.upsun.com/languages/nodejs.html#supported-versions | |
node-version: [18.x, 20.x, 22.x] | |
steps: | |
################################################################################################ | |
# A. Setup workflow. | |
- name: "1. Retrieve local files." | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: "2. Set up Node.js." | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
################################################################################################ | |
# B. Prettify, lint, and test repo. | |
- name: "3. Preparing" | |
run: | | |
echo "::notice::Running react-scripts tests." | |
export CI=true | |
npm install cross-env npm-run-all -g | |
npm install | |
- name: "4. Verifying frontend code is pretty" | |
run: | | |
npm run prettier:frontend | |
- name: "5. Linting frontend" | |
run: npm run lint:frontend | |
- name: "6. Run Frontend tests" | |
run: npm run test:frontend | |
################################################################################################ | |
# C. Ensure no vulnerabilities. | |
- name: "7. Test: there should be no HIGH Node.js vulnerabilities." | |
run: | | |
echo "::notice::Checking for high vulnerabilities in frontend Node.js app dependencies." | |
cd frontend | |
export CI=true | |
HIGH_VULN_ALLOWED=${{ env.MAX_HIGH }} | |
HIGH_VULN=$(npm audit --json | jq '.metadata.vulnerabilities.high') | |
if [ "$HIGH_VULN" -gt "$HIGH_VULN_ALLOWED" ]; then | |
echo "::error::NPM HIGH vulnerabilities exceed allowed budget." | |
npm audit | |
exit 1 | |
else | |
echo "::notice::No HIGH vulnerabilities found on frontend app." | |
fi | |
- name: "8. Test: there should be no CRITICAL Node.js vulnerabilities." | |
run: | | |
echo "::notice::Checking for critical vulnerabilities in frontend Node.js app dependencies." | |
cd frontend | |
export CI=true | |
CRITICAL_VULN_ALLOWED=${{ env.MAX_CRITICAL }} | |
CRITICAL_VULN=$(npm audit --json | jq '.metadata.vulnerabilities.high') | |
if [ "$CRITICAL_VULN" -gt "$CRITICAL_VULN_ALLOWED" ]; then | |
echo "::error::NPM CRITICAL vulnerabilities exceed allowed budget." | |
npm audit | |
exit 1 | |
else | |
echo "::notice::No CRITICAL vulnerabilities found on frontend app." | |
fi |