chore(frontend): update dependency vite to v4.5.3 [security] #4164

Workflow file for this run

	name: Plural UI
	on:
	push:
	branches:
	- master
	- "renovate/frontend/*"
	paths:
	- ".github/workflows/www.yaml"
	- "www/**"
	pull_request:
	branches:
	- "**"
	paths:
	- ".github/workflows/www.yaml"
	- "www/**"
	jobs:
	build:
	name: Build image
	runs-on: ubuntu-20.04
	permissions:
	contents: 'read'
	id-token: 'write'
	packages: 'write'
	security-events: write
	actions: read
	steps:
	- uses: actions/checkout@v3
	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v4
	with:
	# list of Docker images to use as base name for tags
	images: \|
	ghcr.io/pluralsh/plural-www
	# generate Docker tags based on the following events/attributes
	tags: \|
	type=sha
	type=ref,event=pr
	type=ref,event=branch
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Login to GHCR
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- uses: docker/build-push-action@v3
	with:
	context: ./www
	file: ./www/Dockerfile
	push: true
	load: false
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	platforms: linux/amd64
	cache-from: type=gha
	cache-to: type=gha,mode=max
	- name: Run Trivy vulnerability scanner on frontend image
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'image'
	image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
	hide-progress: false
	format: 'sarif'
	output: 'trivy-results.sarif'
	security-checks: 'vuln,secret'
	ignore-unfixed: true
	#severity: 'CRITICAL,HIGH'
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'
	trivy-scan:
	name: Trivy fs scan
	runs-on: ubuntu-20.04
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	steps:
	- name: Checkout code
	uses: actions/checkout@v3
	- name: Run Trivy vulnerability scanner in fs mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	hide-progress: false
	skip-dirs: '.github,.stoat,apps,bin,config,plural,rel,testdata'
	format: 'sarif'
	output: 'trivy-results.sarif'
	security-checks: 'vuln,secret'
	ignore-unfixed: true
	#severity: 'CRITICAL,HIGH'
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'
	test:
	name: Unit test
	runs-on: ubuntu-20.04
	defaults:
	run:
	shell: bash
	working-directory: www
	steps:
	- name: 'Checkout'
	uses: actions/checkout@v3
	- name: Read Node.js version from package.json
	run: echo ::set-output name=nodeVersion::$(node -p "require('./package.json').engines.node")
	id: engines
	- name: 'Setup Node'
	uses: actions/setup-node@v3
	with:
	node-version: ${{ steps.engines.outputs.nodeVersion }}
	- run: yarn --immutable
	- run: yarn test
	lint:
	name: Lint
	runs-on: ubuntu-20.04
	defaults:
	run:
	shell: bash
	working-directory: www
	steps:
	- name: 'Checkout'
	uses: actions/checkout@v3
	- name: Read Node.js version from package.json
	run: echo ::set-output name=nodeVersion::$(node -p "require('./package.json').engines.node")
	id: engines
	- name: 'Setup Node'
	uses: actions/setup-node@v3
	with:
	node-version: ${{ steps.engines.outputs.nodeVersion }}
	- run: yarn --immutable
	- run: yarn lint
	e2e:
	name: End-to-end test
	runs-on: ubuntu-20.04
	env:
	CYPRESS_EMAIL: ${{ secrets.CYPRESS_EMAIL }}
	CYPRESS_PASSWORD: ${{ secrets.CYPRESS_PASSWORD }}
	defaults:
	run:
	shell: bash
	working-directory: www
	steps:
	- name: 'Checkout'
	uses: actions/checkout@v3
	- name: Read Node.js version from package.json
	run: echo ::set-output name=nodeVersion::$(node -p "require('./package.json').engines.node")
	id: engines
	- name: 'Setup Node'
	uses: actions/setup-node@v3
	with:
	node-version: ${{ steps.engines.outputs.nodeVersion }}
	- run: yarn # Should run the --immutable in the CI by default
	- run: cd e2e && yarn
	- run: yarn e2e
	- uses: 8398a7/action-slack@v3
	if: failure()
	with:
	status: ${{ job.status }}
	fields: workflow,repo,commit,author,pullRequest
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_CYPRESS_WEBHOOK }}
	- name: Upload Screenshots and Videos to Slack
	if: failure()
	uses: trymbill/cypress-slack-video-upload-action@v1.3.0
	with:
	token: ${{ secrets.SLACK_CYPRESS_TOKEN }}
	workdir: www/e2e/cypress
	channels: cypress-artifacts
	message-text: "See the attached videos and screenshots for more information."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(frontend): update dependency vite to v4.5.3 [security] #4164

Workflow file

chore(frontend): update dependency vite to v4.5.3 [security] #4164

Jobs

Run details

Workflow file for this run