From 9e24b8b4bef015427165ba4d82431491dd6a4ab8 Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Wed, 12 Jun 2024 14:22:30 +0300 Subject: [PATCH 1/8] Add audit-fix script & workflow --- .github/workflows/audit_fix.yml | 31 +++++++++++++++++++++++++++++++ package.json | 3 ++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/audit_fix.yml diff --git a/.github/workflows/audit_fix.yml b/.github/workflows/audit_fix.yml new file mode 100644 index 0000000000..cbf4eb3f6d --- /dev/null +++ b/.github/workflows/audit_fix.yml @@ -0,0 +1,31 @@ +# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node +# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions + +name: Full Clients Audit Fix + +on: + push: + branches: [development, development_2.6] + pull_request: + branches: [development, development_2.6] + +jobs: + lint: + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [18.x] + # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v2 + with: + node-version: ${{ matrix.node-version }} + cache: "yarn" + + - name: Install + run: yarn + - name: Audit Fix + run: npm run audit-fix diff --git a/package.json b/package.json index 1231ab92c2..d332fcf4e2 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,8 @@ "prepare": "husky install", "lint": "eslint -c .eslintrc.json . --fix", "check-eslint": "eslint -c .eslintrc.json .", - "check-prettier": "prettier .prettierrc ." + "check-prettier": "prettier .prettierrc .", + "audit-fix": "npm audit fix" }, "lint-staged": { "*.{js,jsx,ts,tsx,css,scss,svelte,vue}": "eslint -c .eslintrc.json --fix", From 26f5287caa52c5f20b21f1944c467e94bbed63df Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Wed, 12 Jun 2024 14:52:27 +0300 Subject: [PATCH 2/8] Edit workflow --- .github/workflows/audit_fix.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/audit_fix.yml b/.github/workflows/audit_fix.yml index cbf4eb3f6d..ebb4f22f75 100644 --- a/.github/workflows/audit_fix.yml +++ b/.github/workflows/audit_fix.yml @@ -10,7 +10,7 @@ on: branches: [development, development_2.6] jobs: - lint: + audit: runs-on: ubuntu-latest strategy: matrix: @@ -23,9 +23,9 @@ jobs: uses: actions/setup-node@v2 with: node-version: ${{ matrix.node-version }} - cache: "yarn" + cache: "npm" - - name: Install - run: yarn + - name: Install Dependencies + run: npm install - name: Audit Fix run: npm run audit-fix From b79b3fcadba94a98c82d4bdc1e9902daf7c718f1 Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Wed, 12 Jun 2024 14:55:50 +0300 Subject: [PATCH 3/8] Rename workflow --- .github/workflows/audit_fix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/audit_fix.yml b/.github/workflows/audit_fix.yml index ebb4f22f75..a0dfc7ba82 100644 --- a/.github/workflows/audit_fix.yml +++ b/.github/workflows/audit_fix.yml @@ -1,7 +1,7 @@ # This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions -name: Full Clients Audit Fix +name: Full Clients Audit on: push: From 354edac8f9be35e791b5934635d5c97105e3e291 Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Thu, 13 Jun 2024 02:22:30 +0300 Subject: [PATCH 4/8] Remove script, edit workflow --- .github/workflows/audit_fix.yml | 7 ++----- package.json | 3 +-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/audit_fix.yml b/.github/workflows/audit_fix.yml index a0dfc7ba82..f0a9fddb98 100644 --- a/.github/workflows/audit_fix.yml +++ b/.github/workflows/audit_fix.yml @@ -1,6 +1,4 @@ -# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node -# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions - +# This workflow will do a clean install of node dependencies, cache/restore them & audit the source code. name: Full Clients Audit on: @@ -15,7 +13,6 @@ jobs: strategy: matrix: node-version: [18.x] - # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - uses: actions/checkout@v2 @@ -28,4 +25,4 @@ jobs: - name: Install Dependencies run: npm install - name: Audit Fix - run: npm run audit-fix + run: npm audit fix diff --git a/package.json b/package.json index d332fcf4e2..1231ab92c2 100644 --- a/package.json +++ b/package.json @@ -26,8 +26,7 @@ "prepare": "husky install", "lint": "eslint -c .eslintrc.json . --fix", "check-eslint": "eslint -c .eslintrc.json .", - "check-prettier": "prettier .prettierrc .", - "audit-fix": "npm audit fix" + "check-prettier": "prettier .prettierrc ." }, "lint-staged": { "*.{js,jsx,ts,tsx,css,scss,svelte,vue}": "eslint -c .eslintrc.json --fix", From 0aa05773ad899d1f292912bba03f3af8c05aa689 Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Thu, 13 Jun 2024 11:47:31 +0300 Subject: [PATCH 5/8] Use yarn audit workflow --- .github/workflows/audit_fix.yml | 28 ---------------------------- .github/workflows/yarn_audit.yml | 24 ++++++++++++++++++++++++ 2 files changed, 24 insertions(+), 28 deletions(-) delete mode 100644 .github/workflows/audit_fix.yml create mode 100644 .github/workflows/yarn_audit.yml diff --git a/.github/workflows/audit_fix.yml b/.github/workflows/audit_fix.yml deleted file mode 100644 index f0a9fddb98..0000000000 --- a/.github/workflows/audit_fix.yml +++ /dev/null @@ -1,28 +0,0 @@ -# This workflow will do a clean install of node dependencies, cache/restore them & audit the source code. -name: Full Clients Audit - -on: - push: - branches: [development, development_2.6] - pull_request: - branches: [development, development_2.6] - -jobs: - audit: - runs-on: ubuntu-latest - strategy: - matrix: - node-version: [18.x] - - steps: - - uses: actions/checkout@v2 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v2 - with: - node-version: ${{ matrix.node-version }} - cache: "npm" - - - name: Install Dependencies - run: npm install - - name: Audit Fix - run: npm audit fix diff --git a/.github/workflows/yarn_audit.yml b/.github/workflows/yarn_audit.yml new file mode 100644 index 0000000000..cfa1221046 --- /dev/null +++ b/.github/workflows/yarn_audit.yml @@ -0,0 +1,24 @@ +# When the action is executed, it runs yarn audit command in all the paths that is mentioned in the input. The exit codes of the commands are compared and if it is greater than 7 (only high severity as of now), the action will try to fetch the open issues in the repo with the label provided in the input. The label is mandatory to prevent from creating duplicate issues. If there are no open issues with the given label in open state, the action will try to create a Github Issue with the details provided in the input. + +name: Full Clients Audit + +on: + push: + branches: [development, development_2.6] + pull_request: + branches: [development, development_2.6] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Yarn Audit + uses: pragatheeswarans/yarn-audit-action@v1.0.0 + with: + token: ${{ github.token }} + label: 'type_bug' + title: ${{ github.workflow }} failed during ${{ github.event }} + description: 'High severity issues are identified in the repo.' + paths: | + . From 3a9fdb93f25b7f78d22149a5dd21325709ca3e32 Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Thu, 13 Jun 2024 11:54:56 +0300 Subject: [PATCH 6/8] Change label --- .github/workflows/yarn_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yarn_audit.yml b/.github/workflows/yarn_audit.yml index cfa1221046..f4f9064c57 100644 --- a/.github/workflows/yarn_audit.yml +++ b/.github/workflows/yarn_audit.yml @@ -17,7 +17,7 @@ jobs: uses: pragatheeswarans/yarn-audit-action@v1.0.0 with: token: ${{ github.token }} - label: 'type_bug' + label: 'audit' title: ${{ github.workflow }} failed during ${{ github.event }} description: 'High severity issues are identified in the repo.' paths: | From 98e4198e70d84c1614bc5fc4ff95c867517906d8 Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Thu, 13 Jun 2024 12:00:45 +0300 Subject: [PATCH 7/8] Edit issue title --- .github/workflows/yarn_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yarn_audit.yml b/.github/workflows/yarn_audit.yml index f4f9064c57..d5da973f53 100644 --- a/.github/workflows/yarn_audit.yml +++ b/.github/workflows/yarn_audit.yml @@ -18,7 +18,7 @@ jobs: with: token: ${{ github.token }} label: 'audit' - title: ${{ github.workflow }} failed during ${{ github.event }} + title: "${{ github.workflow }}: Critical Security Vulnerability Identified" description: 'High severity issues are identified in the repo.' paths: | . From 0cd773f0c96d5b4b1fae1f944ac369d04b774b17 Mon Sep 17 00:00:00 2001 From: zaelgohary Date: Thu, 13 Jun 2024 12:13:03 +0300 Subject: [PATCH 8/8] Change job name --- .github/workflows/yarn_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yarn_audit.yml b/.github/workflows/yarn_audit.yml index d5da973f53..4996ba7bae 100644 --- a/.github/workflows/yarn_audit.yml +++ b/.github/workflows/yarn_audit.yml @@ -9,7 +9,7 @@ on: branches: [development, development_2.6] jobs: - build: + audit-and-open-issue: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2