fix: security vulnerabilities RCE (#637) #571
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test and Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - beta | |
| - 7.x.x | |
| pull_request: | |
| env: | |
| NODE_VERSION: 14.17.6 | |
| jobs: | |
| lint: | |
| name: Linting | |
| runs-on: ubuntu-latest | |
| if: "!contains(github.event.head_commit.message, '[skip ci]')" | |
| steps: | |
| - name: Cancel previous running workflows | |
| uses: fkirc/skip-duplicate-actions@master | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Get yarn cache directory path | |
| id: yarn-cache-dir-path | |
| run: echo "::set-output name=dir::$(yarn config get cacheFolder)" | |
| - uses: actions/cache@v2 | |
| with: | |
| path: '**/node_modules' | |
| key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
| - name: install dependencies | |
| run: yarn | |
| - name: Lint commit message | |
| uses: wagoid/commitlint-github-action@v2 | |
| test: | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| if: "!contains(github.event.head_commit.message, '[skip ci]')" | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 2.7 | |
| - name: Cache gem | |
| uses: actions/cache@v2 | |
| with: | |
| path: vendor/bundle | |
| key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gems- | |
| - name: Bundle install | |
| run: | | |
| bundle config path vendor/bundle | |
| gem install bundler -v '2.1.4' | |
| bundle install | |
| - name: Test | |
| env: | |
| RAILS_ENV: test | |
| run: | | |
| bundle exec rake test | |
| bundle exec rake db:migrate && bundle exec rspec --color --format doc | |
| - name: Send coverage | |
| uses: paambaati/[email protected] | |
| env: | |
| CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
| deploy: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/beta') | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| persist-credentials: false # GITHUB_TOKEN must not be set for the semantic release | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - uses: actions/cache@v2 | |
| with: | |
| path: '**/node_modules' | |
| key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }} | |
| - name: Semantic Release | |
| uses: cycjimmy/semantic-release-action@v2 | |
| id: semantic | |
| with: | |
| semantic_version: 17.3.0 | |
| env: | |
| GEM_HOST_API_KEY: ${{ secrets.GEM_HOST_API_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} | |
| GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} | |
| GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} | |
| GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |