fix: package.json & package-lock.json to reduce vulnerabilities (#1474) #4866

Workflow file for this run

	name: ci
	on:
	push:
	pull_request:
	types: [opened, reopened]
	env:
	PRODUCTION_BRANCH: refs/heads/production
	STAGING_BRANCH: refs/heads/staging
	jobs:
	lint:
	name: Lint
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Use Node.js
	uses: actions/setup-node@v1
	with:
	node-version: '12.x'
	- name: Cache Node.js modules
	uses: actions/cache@v2
	with:
	# npm cache files are stored in `~/.npm` on Linux/macOS
	path: ~/.npm
	key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.OS }}-node-
	${{ runner.OS }}-
	- run: npm ci
	- run: npm run lint
	compile:
	name: Compile
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Use Node.js
	uses: actions/setup-node@v1
	with:
	node-version: '12.x'
	- name: Cache Node.js modules
	uses: actions/cache@v2
	with:
	# npm cache files are stored in `~/.npm` on Linux/macOS
	path: ~/.npm
	key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.OS }}-node-
	${{ runner.OS }}-
	- run: npm ci
	- run: npm run build
	test:
	name: Test
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Use Node.js
	uses: actions/setup-node@v1
	with:
	node-version: '12.x'
	- name: Cache Node.js modules
	uses: actions/cache@v2
	with:
	# npm cache files are stored in `~/.npm` on Linux/macOS
	path: ~/.npm
	key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.OS }}-node-
	${{ runner.OS }}-
	- run: npm ci
	- run: npm test
	gatekeep:
	name: Determine if Build & Deploy is needed
	outputs:
	proceed: ${{ steps.determine_proceed.outputs.proceed }}
	runs-on: ubuntu-latest
	if: github.event_name == 'push'
	steps:
	- id: determine_proceed
	run: \|
	if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
	echo '::set-output name=proceed::true';
	elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
	echo '::set-output name=proceed::true';
	else
	echo '::set-output name=proceed::false';
	fi

	deploy:
	name: Build & Deploy
	runs-on: ubuntu-latest
	needs: [test, lint, compile, gatekeep]
	if: needs.gatekeep.outputs.proceed == 'true'
	steps:
	- uses: actions/checkout@v2
	- name: Use Node.js 16.x
	uses: actions/setup-node@v1
	with:
	node-version: '16.x'
	- name: Cache Node.js modules
	uses: actions/cache@v2
	with:
	# npm cache files are stored in `~/.npm` on Linux/macOS
	path: ~/.npm
	key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.OS }}-node-
	${{ runner.OS }}-
	- run: npm ci
	- run: \|
	if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
	echo LAMBDA_NODE_ENV=staging >> $GITHUB_ENV;
	echo VPC_SUBNET_A=${{ secrets.VPC_SUBNET_A_STAGING }} >> $GITHUB_ENV;
	echo VPC_SUBNET_B=${{ secrets.VPC_SUBNET_B_STAGING }} >> $GITHUB_ENV;
	echo VPC_SUBNET_C=${{ secrets.VPC_SUBNET_C_STAGING }} >> $GITHUB_ENV;
	echo VPC_SECURITY_GROUP_API=${{ secrets.VPC_SECURITY_GROUP_API_STAGING }} >> $GITHUB_ENV;
	echo VPC_SECURITY_GROUP_STATIC=${{ secrets.VPC_SECURITY_GROUP_STATIC_STAGING }} >> $GITHUB_ENV;
	echo DATABASE_URL=${{ secrets.DATABASE_URL_STAGING }} >> $GITHUB_ENV;
	echo SESSION_SECRET=${{ secrets.SESSION_SECRET_STAGING }} >> $GITHUB_ENV;
	echo OTP_SECRET=${{ secrets.OTP_SECRET_STAGING }} >> $GITHUB_ENV;
	echo GA_TRACKING_ID=${{ secrets.GA_TRACKING_ID_STAGING }} >> $GITHUB_ENV;
	echo "MAIL_SUFFIX=${{ secrets.MAIL_SUFFIX_STAGING }}" >> $GITHUB_ENV;
	echo APP_HOST=staging.checkfirst.gov.sg >> $GITHUB_ENV;
	echo DEPLOY_TIMESTAMP=$(date) >> $GITHUB_ENV;
	elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
	echo LAMBDA_NODE_ENV=production >> $GITHUB_ENV;
	echo VPC_SUBNET_A=${{ secrets.VPC_SUBNET_A_PRODUCTION }} >> $GITHUB_ENV;
	echo VPC_SUBNET_B=${{ secrets.VPC_SUBNET_B_PRODUCTION }} >> $GITHUB_ENV;
	echo VPC_SUBNET_C=${{ secrets.VPC_SUBNET_C_PRODUCTION }} >> $GITHUB_ENV;
	echo VPC_SECURITY_GROUP_API=${{ secrets.VPC_SECURITY_GROUP_API_PRODUCTION }} >> $GITHUB_ENV;
	echo VPC_SECURITY_GROUP_STATIC=${{ secrets.VPC_SECURITY_GROUP_STATIC_PRODUCTION }} >> $GITHUB_ENV;
	echo DATABASE_URL=${{ secrets.DATABASE_URL_PRODUCTION }} >> $GITHUB_ENV;
	echo SESSION_SECRET=${{ secrets.SESSION_SECRET_PRODUCTION }} >> $GITHUB_ENV;
	echo OTP_SECRET=${{ secrets.OTP_SECRET_PRODUCTION }} >> $GITHUB_ENV;
	echo GA_TRACKING_ID=${{ secrets.GA_TRACKING_ID_PRODUCTION }} >> $GITHUB_ENV;
	echo "MAIL_SUFFIX=${{ secrets.MAIL_SUFFIX_PRODUCTION }}" >> $GITHUB_ENV;
	echo APP_HOST=checkfirst.gov.sg >> $GITHUB_ENV;
	echo DEPLOY_TIMESTAMP=$(date) >> $GITHUB_ENV
	fi
	- run: npm run build
	env:
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
	FRONTEND_SENTRY_DSN: ${{ secrets.FRONTEND_SENTRY_DSN }}
	SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
	SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
	- name: serverless deploy
	uses: opengovsg/serverless-github-action@v2.1.0
	with:
	args: -c "serverless plugin install --name serverless-plugin-custom-binary && serverless deploy --conceal"
	entrypoint: /bin/bash
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	LAMBDA_NODE_ENV: ${{ env.LAMBDA_NODE_ENV }}
	VPC_SUBNET_A: ${{ env.VPC_SUBNET_A }}
	VPC_SUBNET_B: ${{ env.VPC_SUBNET_B }}
	VPC_SUBNET_C: ${{ env.VPC_SUBNET_C }}
	VPC_SECURITY_GROUP_API: ${{ env.VPC_SECURITY_GROUP_API }}
	VPC_SECURITY_GROUP_STATIC: ${{ env.VPC_SECURITY_GROUP_STATIC }}
	DATABASE_URL: ${{ env.DATABASE_URL }}
	SESSION_SECRET: ${{ env.SESSION_SECRET }}
	OTP_SECRET: ${{ env.OTP_SECRET }}
	OTP_EXPIRY: ${{ secrets.OTP_EXPIRY }}
	APP_HOST: ${{ env.APP_HOST }}
	FRONTEND_SENTRY_DSN: ${{ secrets.FRONTEND_SENTRY_DSN }}
	BACKEND_SENTRY_DSN: ${{ secrets.BACKEND_SENTRY_DSN }}
	CSP_REPORT_URI: ${{ secrets.CSP_REPORT_URI }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: package.json & package-lock.json to reduce vulnerabilities (#1474) #4866

Workflow file

fix: package.json & package-lock.json to reduce vulnerabilities (#1474) #4866

Jobs

Run details

Workflow file for this run