Skip to content
Tests

[Snyk] Security upgrade cookie from 0.5.0 to 0.7.0 #271

Sign in to view logs

[Snyk] Security upgrade cookie from 0.5.0 to 0.7.0

[Snyk] Security upgrade cookie from 0.5.0 to 0.7.0 #271

Workflow file for this run

.github/workflows/integration-tests.yml at b0d7b06
name: Tests
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
integration:
name: Integration
runs-on: ${{ matrix.os }}
timeout-minutes: 15
strategy:
matrix:
os: [ubuntu-latest, macOS-latest, windows-latest]
node-version: [14.x, '*']
shard: ['1/2', '2/2']
exclude:
- os: macOS-latest
node-version: '14.x'
- os: windows-latest
node-version: '14.x'
fail-fast: false
steps:
# Sets an output parameter if this is a release PR
- name: Check for release
id: release-check
# For windows we have to use $env:
run: |-
echo "IS_RELEASE=true" >> $GITHUB_OUTPUT
echo "IS_RELEASE=true" >> $env:GITHUB_OUTPUT
if: "${{ startsWith(github.head_ref, 'release-') }}"
# This improves Windows network performance, we need this since we open many ports in our tests
- name: Increase Windows port limit and reduce time wait delay
run: |
netsh int ipv4 set dynamicport tcp start=1025 num=64511
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters /v TcpTimedWaitDelay /t REG_DWORD /d 30 /f
if: "${{ matrix.os == 'windows-latest' && !steps.release-check.outputs.IS_RELEASE }}"
- name: Git checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache-dependency-path: 'npm-shrinkwrap.json'
check-latest: true
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
- name: Setup Deno
uses: denoland/setup-deno@v1
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
with:
deno-version: v1.x
- name: Install core dependencies
run: npm ci --no-audit
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
- name: Determine which tests to run
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
uses: haya14busa/action-cond@v1
id: changed
with:
cond: ${{ github.event_name == 'pull_request' }}
if_true: '--changed=${{ github.event.pull_request.base.sha }}' # on pull requests test with the project graph only the affected tests
if_false: '' # on the base branch run all the tests as security measure
- name: Generate self-signed certificates
run: npm run certs
if: '${{!steps.release-check.outputs.IS_RELEASE}}'
shell: bash
- name: Prepare tests
run: npm run test:init
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
- name: Tests
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
run: npm run test:ci:vitest:integration -- --shard=${{ matrix.shard }} ${{ steps.changed.outputs.value }}
env:
# GitHub secrets are not available when running on PR from forks
# We set a flag so we can skip tests that access Netlify API
NETLIFY_TEST_DISABLE_LIVE:
${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
# NETLIFY_TEST_GITHUB_TOKEN is used to avoid reaching GitHub API limits in exec-fetcher.js
NETLIFY_TEST_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Changes the polling interval used by the file watcher
CHOKIDAR_INTERVAL: 20
CHOKIDAR_USEPOLLING: 1
- name: Get test coverage flags
id: test-coverage-flags
# For windows we have to use $env:
run: |-
os=${{ matrix.os }}
node=$(node --version)
echo "os=${os/-latest/}" >> $GITHUB_OUTPUT
echo "os=${os/-latest/}" >> $env:GITHUB_OUTPUT
echo "node=node_${node/.*.*/}" >> $GITHUB_OUTPUT
echo "node=node_${node/.*.*/}" >> $env:GITHUB_OUTPUT
shell: bash
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'
- uses: codecov/codecov-action@v3
continue-on-error: true
with:
flags: ${{ steps.test-coverage-flags.outputs.os }},${{ steps.test-coverage-flags.outputs.node }}
if: '${{ !steps.release-check.outputs.IS_RELEASE }}'