[Snyk] Security upgrade @sentry/nextjs from 7.12.1 to 7.13.0 #4046
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous integration | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review, review_requested] | |
| jobs: | |
| # @see https://github.com/marketplace/actions/skip-duplicate-actions | |
| pre_job: | |
| # continue-on-error: true # Uncomment once integration is finished | |
| runs-on: ubuntu-latest | |
| # Map a step output to a job output | |
| outputs: | |
| should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
| steps: | |
| - id: skip_check | |
| uses: fkirc/skip-duplicate-actions@master | |
| with: | |
| # All of these options are optional, so you can remove them if you are happy with the defaults | |
| concurrent_skipping: 'never' # is the default [never, same_content, outdated_runs, always] | |
| skip_after_successful_duplicate: 'true' # is the default [true, false] | |
| cancel_others: true # default false | |
| # paths_ignore: '["**/README.md", "**/docs/**"]' | |
| # paths: '[]' | |
| # do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' # default ["workflow_dispatch", "schedule"] | |
| Source-Checks: | |
| name: Validate Source Code | |
| needs: pre_job | |
| if: ${{ needs.pre_job.outputs.should_skip != 'true' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [16.x] | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@main | |
| with: | |
| ref: ${{ github.event.client_payload.ref }} | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@master | |
| with: | |
| version: next-7 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@main | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| check-latest: true | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: | | |
| pnpm --version | |
| pnpm install --prefer-frozen-lockfile | |
| - name: Run prettier | |
| run: pnpm format | |
| - name: Run eslint | |
| run: pnpm lint | |
| - name: Run type-check | |
| run: pnpm type-check | |
| # TODO: would be better to run this once a day or so | |
| - name: Run audit | |
| run: | | |
| pnpm audit --production | |
| pnpm audit --audit-level=critical | |
| Build-Checks: | |
| name: Validate App Code | |
| needs: pre_job | |
| if: ${{ needs.pre_job.outputs.should_skip != 'true' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [16.x] | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@main | |
| with: | |
| ref: ${{ github.event.client_payload.ref }} | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@master | |
| with: | |
| version: v7.9.5 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@main | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| check-latest: true | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: | | |
| pnpm --version | |
| pnpm install --prefer-frozen-lockfile | |
| - name: 'Run tests' | |
| if: false # cypress headless is broken | |
| run: pnpm test | |
| env: | |
| CI: true | |
| FAUNADB_SECRET: ${{ secrets.FAUNADB_SECRET }} | |
| - name: Report Test Coverage | |
| if: false | |
| uses: romeovs/[email protected] | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| lcov-file: ./coverage/lcov.info |