fix(deps): update dependencies (renov): dependency nanoid to v5.0.9 [security] #4671
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################################## | |
############################################################################## | |
# | |
# NOTE! | |
# | |
# Please read the README.md file in this directory that defines what should | |
# be placed in this file. | |
# | |
############################################################################## | |
############################################################################## | |
name: PR Workflow | |
on: | |
pull_request: | |
branches: | |
- '**' | |
env: | |
CODECOV_UNIQUE_NAME: CODECOV_UNIQUE_NAME-${{ github.run_id }}-${{ github.run_number }} | |
jobs: | |
Code-Quality-Checks: | |
name: Check for linting, formatting, and type errors | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository content | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
persist-crendetials: true | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '22.x' | |
- name: Count number of lines | |
run: | | |
chmod +x ./.github/workflows/countline.py | |
./.github/workflows/countline.py --lines 600 --exclude_files src/types/generatedGraphQLTypes.ts tests src/typeDefs/types.ts src/constants.ts src/typeDefs/inputs.ts | |
- name: Check for TSDoc comments | |
run: npm run check-tsdoc # Run the TSDoc check script | |
- name: Restore node_modules from cache | |
id: cache-npm | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: | | |
~/.npm | |
node_modules | |
key: ${{ runner.os }}-code-quality-checks-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-code-quality-checks-${{ env.cache-name }}- | |
${{ runner.os }}-code-quality-checks- | |
${{ runner.os }}- | |
- name: Install Dependencies | |
run: npm ci | |
# Lint, but exclude typescript files in the .eslintignore file | |
# or else we'll get failures | |
- name: Get changed files | |
id: changed_files | |
uses: tj-actions/changed-files@v44 | |
with: | |
files: | | |
**.ts | |
'!src/types/**.ts' | |
- name: Run ESLint to check for linting errors in modified files | |
if: steps.changed_files.outputs.any_changed == 'true' | |
env: | |
CHANGED_FILES: ${{ steps.changed_files.outputs.all_changed_files }} | |
run: npx eslint ${CHANGED_FILES} --max-warnings=1500 && python .github/workflows/eslint_disable_check.py | |
- name: Check for formatting errors | |
run: npm run format:check | |
- name: Run Typescript Type-Checker | |
run: npm run typecheck | |
- name: Check if the source and target branches are different | |
if: ${{ github.event.pull_request.base.ref == github.event.pull_request.head.ref }} | |
run: | | |
echo "Source Branch ${{ github.event.pull_request.head.ref }}" | |
echo "Target Branch ${{ github.event.pull_request.base.ref }}" | |
echo "Error: Source and Target Branches are the same. Please ensure they are different." | |
exit 1 | |
Check-Sensitive-Files: | |
if: ${{ github.actor != 'dependabot[bot]' && !contains(github.event.pull_request.labels.*.name, 'ignore-sensitive-files-pr') }} | |
name: Checks if sensitive files have been changed without authorization | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
persist-crendetials: true | |
- name: Get Changed Unauthorized files | |
id: changed-unauth-files | |
uses: tj-actions/changed-files@v44 | |
with: | |
files: | | |
.github/** | |
.husky/** | |
scripts/** | |
.env.sample | |
.dockerignore | |
.node-version | |
tsconfig.json | |
.gitignore | |
.eslintrc.json | |
.eslintignore | |
.prettierrc.json | |
.prettierignore | |
vite.config.ts | |
CODEOWNERS | |
LICENSE | |
docker-compose.dev.yaml | |
docker-compose.prod.yaml | |
setup.ts | |
schema.graphql | |
.coderabbit.yaml | |
CODE_OF_CONDUCT.md | |
CONTRIBUTING.md | |
DOCUMENTATION.md | |
INSTALLATION.md | |
ISSUE_GUIDELINES.md | |
PR_GUIDELINES.md | |
README.md | |
- name: List all changed unauthorized files | |
if: steps.changed-unauth-files.outputs.any_changed == 'true' || steps.changed-unauth-files.outputs.any_deleted == 'true' | |
env: | |
CHANGED_UNAUTH_FILES: ${{ steps.changed-unauth-files.outputs.all_changed_files }} | |
run: | | |
for file in ${CHANGED_UNAUTH_FILES}; do | |
echo "$file is unauthorized to change/delete" | |
done | |
exit 1 | |
File-count-check: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
name: Checks if number of files changed is acceptable | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
persist-crendetials: true | |
- name: Get changed files | |
id: changed-files | |
uses: tj-actions/changed-files@v44 | |
- name: Echo number of changed files | |
env: | |
CHANGED_FILES_COUNT: ${{ steps.changed-files.outputs.all_changed_files_count }} | |
run: | | |
echo "Number of files changed: $CHANGED_FILES_COUNT" | |
- name: Check if the number of changed files is less than 100 | |
if: steps.changed-files.outputs.all_changed_files_count > 100 | |
env: | |
CHANGED_FILES_COUNT: ${{ steps.changed-files.outputs.all_changed_files_count }} | |
run: | | |
echo "Error: Too many files (greater than 100) changed in the pull request." | |
echo "Possible issues:" | |
echo "- Contributor may be merging into an incorrect branch." | |
echo "- Source branch may be incorrect please use develop as source branch." | |
exit 1 | |
Test-Application: | |
name: Testing Application | |
runs-on: ubuntu-latest | |
needs: [Code-Quality-Checks] | |
strategy: | |
matrix: | |
node-version: [22.x] | |
services: | |
mongo: | |
image: mongo:4.4 | |
options: >- | |
--health-cmd mongo | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 10 | |
ports: | |
- 27017:27017 | |
redis: | |
image: redis:6.0 | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 10 | |
ports: | |
- 6379:6379 | |
env: | |
MONGO_DB_URL: mongodb://localhost:27017/talawa-test-db | |
REDIS_HOST: localhost | |
REDIS_PORT: 6379 | |
RECAPTCHA_SITE_KEY: ${{secrets.RECAPTCHA_SITE_KEY}} | |
RECAPTCHA_SECRET_KEY: ${{secrets.RECAPTCHA_SECRET_KEY}} | |
MAIL_USERNAME: ${{secrets.MAIL_USERNAME}} | |
MAIL_PASSWORD: ${{secrets.MAIL_PASSWORD}} | |
IS_SMTP: "" | |
SMTP_HOST: "" | |
SMTP_PASSWORD: "" | |
SMTP_USERNAME: "" | |
LAST_RESORT_SUPERADMIN_EMAIL: "[email protected]" | |
COLORIZE_LOGS: "true" | |
LOG_LEVEL: "info" | |
# ACCESS_TOKEN_SECRET: ${{ secrets.ACCESS_TOKEN_SECRET }} | |
# REFRESH_TOKEN_SECRET: ${{ secrets.REFRESH_TOKEN_SECRET }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '22.x' | |
- name: Generate Access Token Secret | |
run: echo "ACCESS_TOKEN_SECRET=$(openssl rand -hex 32)" >> $GITHUB_ENV | |
- name: Generate Refresh Token Secret | |
run: echo "REFRESH_TOKEN_SECRET=$(openssl rand -hex 32)" >> $GITHUB_ENV | |
- name: Set up SERVER_PORT env | |
run: echo "SERVER_PORT=4000" >> $GITHUB_ENV | |
- name: Set up Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
- name: Install dependencies | |
run: npm ci | |
- name: Sleep for 10s | |
uses: juliangruber/sleep-action@v2 | |
with: | |
time: 10s | |
- name: Create a videos directory | |
run: mkdir -p videos | |
- name: Run the tests | |
run: npm run test | |
- name: Start the development server | |
run: | | |
npm run dev & | |
echo "Development server started..." | |
- name: Check server status | |
run: | | |
if curl -f 'http://localhost:4000' | jq -e '. == {"talawa-version":"v1","status":"healthy"}' > /dev/null; then | |
echo "Server is up and healthy" | |
else | |
echo "Server is down" | |
exit 1 | |
fi | |
- name: Check Apollo Server status | |
run: | | |
if curl -f 'http://localhost:4000/graphql?query=%7B__typename%7D' \ | |
-H 'Apollo-Require-Preflight: true' | jq -e '. == {"data":{"__typename":"Query"}}' > /dev/null; then | |
echo "Apollo Server is up" | |
else | |
echo "Server is down" | |
exit 1 | |
fi | |
- name: Import Sample Data | |
run: npm run import:sample-data | |
- name: Present and upload coverage to Codecov as ${{env.CODECOV_UNIQUE_NAME}} | |
uses: codecov/codecov-action@v4 | |
with: | |
verbose: true | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: false | |
name: '${{env.CODECOV_UNIQUE_NAME}}' | |
- name: Test acceptable level of code coverage | |
uses: VeryGoodOpenSource/very_good_coverage@v2 | |
with: | |
path: './coverage/lcov.info' | |
min_coverage: 95.0 | |
JSDocs: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
name: 'JSDocs comments and pipeline' | |
runs-on: ubuntu-latest | |
needs: Test-Application | |
steps: | |
- uses: actions/checkout@v4 | |
- name: 'Check whether comments exists for JSDocs' | |
run: | | |
chmod +x ./.github/workflows/check-jsdocs-comment.py | |
./.github/workflows/check-jsdocs-comment.py | |
- name: 'Run JSDocs' | |
if: env.RUN_JSDOCS == 'True' | |
run: echo "Run JSdocs :${{ env.RUN_JSDOCS }}" | |
Branch-check: | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
name: "Base branch check" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Check if base branch is develop" | |
if: github.event.pull_request.base.ref != 'develop' | |
run: | | |
echo "PR is not against develop branch. Please refer PR_GUIDELINES.md" | |
exit 1 |