[Snyk] Security upgrade axios from 1.7.2 to 1.7.4 #93
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request | |
on: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
build-lint-test: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node_version: | |
- 18 # end of life 2025-04-30 | |
- 20 # end of life 2025-04-30 # please update "Upload coverage file" step if you change this | |
name: build-lint-test - node ${{ matrix.node_version }} | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v3 | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node_version }} | |
- name: Get yarn cache | |
uses: actions/cache@v3 | |
id: yarn-cache | |
with: | |
path: | | |
**/node_modules | |
~/.cache | |
key: ${{ runner.os }}-repo-${{ github.event.pull_request.head.repo.full_name }}-node-${{ matrix.node_version }}-yarn-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('.github/workflows/**.yml') }} | |
- name: Install Node.js dependencies | |
# run when cache not found or PR is external (build fails for external PRs if dependencies are not installed) | |
if: steps.yarn-cache.outputs.cache-hit != 'true' || github.event.pull_request.head.repo.full_name != github.repository | |
run: yarn install --frozen-lockfile | |
- name: Build | |
run: yarn build | |
- name: Lint | |
run: yarn lint | |
- name: Unit tests | |
run: yarn test:unit --coverage | |
- name: Integration tests | |
run: (yarn server &) && sleep 1 && yarn test:integration --coverage | |
- name: Merge coverage reports and generate lcov.info | |
run: | | |
mkdir -p .nyc_output | |
npx nyc merge ./coverage | |
npx nyc report --reporter=lcov --temp-dir ./coverage | |
- name: Upload coverage file | |
uses: actions/upload-artifact@v4 | |
if: ${{ matrix.node_version == '20' }} | |
with: | |
name: coverage-report | |
path: ./coverage/lcov.info | |
retention-days: 1 | |
sonarcloud: | |
name: Test and Code Quality Report (SonarCloud) | |
needs: | |
- build-lint-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Download coverage file | |
uses: actions/download-artifact@v4 | |
with: | |
name: coverage-report | |
- name: Move the coverage file to a proper location | |
run: | | |
mkdir -p coverage | |
mv lcov.info coverage/lcov.info | |
- name: Verify coverage file ready | |
run: ls -lah ./coverage/lcov.info | |
- name: SonarCloud Scan | |
uses: SonarSource/sonarcloud-github-action@v2 | |
with: | |
args: > | |
-Dsonar.projectVersion=${{ github.run_id }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_TOKEN }} |