[Snyk] Fix for 2 vulnerabilities #62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request | |
| on: pull_request | |
| env: | |
| node-version: 16.13 | |
| jobs: | |
| check: | |
| name: "Checks" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Use Node.js ${{ env.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ env.node-version }} | |
| cache: "npm" # cache ~/.npm in case 'npm ci' needs to run | |
| - name: ESlint and Typescript caching | |
| uses: actions/cache@v3 | |
| id: eslint-cache | |
| with: | |
| path: | | |
| .eslintcache | |
| tsconfig.tsbuildinfo | |
| key: ${{ runner.os }}-eslint-tsbuildinfo-${{ hashFiles('**/*.ts','**/*.js', 'package.json', 'tsconfig.json') }} | |
| - name: Install workerd Dependencies | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| export DEBIAN_FRONTEND=noninteractive | |
| sudo apt-get update | |
| sudo apt-get install -y libc++1 | |
| # Attempt to cache all the node_modules directories based on the OS and package lock. | |
| - name: Cache node_modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| env: | |
| cache-name: cache-node-modules | |
| with: | |
| key: ${{ runner.os }}-${{ env.node-version }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
| path: "**/node_modules" | |
| # If the cache missed then install using `npm ci` to follow package lock exactly | |
| - if: ${{ steps.npm-cache.outputs.cache-hit != 'true'}} | |
| name: Install NPM Dependencies | |
| run: npm ci | |
| - name: Build | |
| run: npm run build | |
| - name: Check for errors | |
| run: npm run check | |
| env: | |
| NODE_OPTIONS: "--max_old_space_size=8192" | |
| test: | |
| name: "Tests" | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Use Node.js ${{ env.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ env.node-version }} | |
| cache: "npm" # cache ~/.npm in case 'npm ci' needs to run | |
| - name: Install workerd Dependencies | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| export DEBIAN_FRONTEND=noninteractive | |
| sudo apt-get update | |
| sudo apt-get install -y libc++1 | |
| # Attempt to cache all the node_modules directories based on the OS and package lock. | |
| - name: Cache node_modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| env: | |
| cache-name: cache-node-modules | |
| with: | |
| key: ${{ runner.os }}-${{ env.node-version }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
| path: "**/node_modules" | |
| # If the cache missed then install using `npm ci` to follow package lock exactly | |
| - if: ${{ steps.npm-cache.outputs.cache-hit != 'true'}} | |
| name: Install NPM Dependencies | |
| run: npm ci | |
| - name: Run builds | |
| run: npm run build | |
| env: | |
| NODE_ENV: "production" | |
| - name: Run tests & collect coverage | |
| run: npm run test:ci | |
| env: | |
| TMP_CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| TMP_CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| NODE_OPTIONS: "--max_old_space_size=8192" | |
| - name: Report Code Coverage | |
| uses: codecov/codecov-action@v3 |