Skip to content

[Snyk] Security upgrade nanoid from 3.3.7 to 3.3.8 #7355

[Snyk] Security upgrade nanoid from 3.3.7 to 3.3.8

[Snyk] Security upgrade nanoid from 3.3.7 to 3.3.8 #7355

Workflow file for this run

# WARNING! Conditionals are set as variables to minimize repetitive checks.
# However, this results in the variables being the *string* values "true" or "false".
# As a result, you must always explicitly check for those strings. For example,
# ${{ env.DEVELOP }} will ALWAYS evaluate as true; to achieve the expected result
# you must check ${{ env.DEVELOP == 'true' }}. There's probably a better way to DRY,
# but this is what we have for now.
name: SalesforceCommerceCloud/pwa-kit/test
on:
# PRs from forks trigger `pull_request`, but do NOT have access to secrets.
# More info:
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflows-in-forked-repositories-1
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks
pull_request: # Default: opened, reopened, synchronize (head branch updated)
merge_group: # Trigger GA workflow when a pull request is added to a merge queue.
push:
branches:
- develop
# TODO: Should we run on all pushes to release branches, or should we run on GitHub releases?
- 'release-*'
schedule:
# Run every day at 12am (PST) - cron uses UTC times
- cron: '0 8 * * *'
env:
IS_NOT_FORK: ${{ github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository }}
DEVELOP: ${{ (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && (github.head_ref || github.ref_name) == 'develop' }}
RELEASE: ${{ (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && startsWith(github.head_ref || github.ref_name, 'release-') }}
jobs:
pwa-kit:
strategy:
fail-fast: false
matrix:
node: [16, 18, 20]
npm: [8, 9, 10]
exclude: # node 16 is not compatible with npm 10
- node: 16
npm: 10
runs-on: ubuntu-latest
env:
# The "default" npm is the one that ships with a given version of node.
# For more: https://nodejs.org/en/download/releases/
# (We also use this env var for making sure a step runs once for the current node version)
# Note: For node 18, the default was npm 9 until v18.19.0, when it became npm 10
IS_DEFAULT_NPM: ${{ (matrix.node == 16 && matrix.npm == 8) || (matrix.node == 18 && matrix.npm == 10) || (matrix.node == 20 && matrix.npm == 10) }}
# The current recommended version for Managed Runtime:
# https://developer.salesforce.com/docs/commerce/pwa-kit-managed-runtime/guide/upgrade-node-version.html
IS_MRT_NODE: ${{ matrix.node == 20 && matrix.npm == 10 }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
cache: npm
- name: Update NPM version
if: env.IS_DEFAULT_NPM == 'false'
run: |-
npm install -g npm@${{ matrix.npm }}
- name: Setup Ubuntu Machine
uses: "./.github/actions/setup_ubuntu"
- name: Run unit tests
uses: "./.github/actions/unit_tests"
- name: Run bundlesize test
uses: "./.github/actions/bundle_size_test"
- name: Smoke test scripts
if: env.IS_DEFAULT_NPM == 'true'
uses: "./.github/actions/smoke_tests"
- name: Create MRT credentials file
if: env.IS_NOT_FORK == 'true' && env.IS_MRT_NODE == 'true' && ( env.DEVELOP == 'true' || env.RELEASE == 'true' )
uses: "./.github/actions/create_mrt"
with:
mobify_user: ${{ secrets.MOBIFY_CLIENT_USER }}
mobify_api_key: ${{ secrets.MOBIFY_CLIENT_API_KEY }}
- name: Push Bundle to MRT (Development)
if: env.IS_NOT_FORK == 'true' && env.IS_MRT_NODE == 'true' && env.DEVELOP == 'true'
uses: "./.github/actions/push_to_mrt"
with:
CWD: "./packages/template-retail-react-app"
TARGET: staging
- name: Push Bundle to MRT (Production)
if: env.IS_NOT_FORK == 'true' && env.IS_MRT_NODE == 'true' && env.RELEASE == 'true'
uses: "./.github/actions/push_to_mrt"
with:
CWD: "./packages/template-retail-react-app"
TARGET: production
- name: Push Bundle to MRT (Commerce SDK React)
if: env.IS_NOT_FORK == 'true' && env.IS_MRT_NODE == 'true' && env.DEVELOP == 'true'
uses: "./.github/actions/push_to_mrt"
with:
CWD: "./packages/test-commerce-sdk-react"
TARGET: commerce-sdk-react
- name: Check Repository Clean
if: env.IS_NOT_FORK == 'true' && env.IS_DEFAULT_NPM == 'true'
uses: "./.github/actions/check_clean"
- name: Publish to NPM
if: env.IS_NOT_FORK == 'true' && env.IS_MRT_NODE == 'true' && env.RELEASE == 'true'
uses: "./.github/actions/publish_to_npm"
with:
NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
- name: Send GitHub Action data to Slack workflow (PWA Kit)
id: slack
if: env.IS_NOT_FORK == 'true' && env.IS_DEFAULT_NPM == 'true' && env.DEVELOP == 'true' && failure()
uses: slackapi/[email protected]
with:
payload: |
{
"test": "A 'testNode${{ matrix.node }}' task has failed."
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
pwa-kit-windows:
strategy:
fail-fast: false
matrix:
node: [16, 18, 20]
npm: [8, 9, 10]
exclude: # node 16 is not compatible with npm 10
- node: 16
npm: 10
env:
# The "default" npm is the one that ships with a given version of node.
# For more: https://nodejs.org/en/download/releases/
# (We also use this env var for making sure a step runs once for the current node version)
# Note: For node 18, the default was npm 9 until v18.19.0, when it became npm 10
IS_DEFAULT_NPM: ${{ (matrix.node == 16 && matrix.npm == 8) || (matrix.node == 18 && matrix.npm == 10) || (matrix.node == 20 && matrix.npm == 10) }}
# The current recommended version for Managed Runtime:
# https://developer.salesforce.com/docs/commerce/pwa-kit-managed-runtime/guide/upgrade-node-version.html
IS_MRT_NODE: ${{ matrix.node == 20 && matrix.npm == 10 }}
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
cache: npm
- name: Update NPM version
if: env.IS_DEFAULT_NPM == 'false'
run: |-
npm install -g npm@${{ matrix.npm }}
- name: Setup Windows Machine
uses: "./.github/actions/setup_windows"
- name: Run tests
uses: "./.github/actions/unit_tests"
# TODO: The generated workflow is identical to the generated-windows workflow,
# with a few extra steps. Can the workflows be merged? (Add `os` to the matrix?)
generated:
strategy:
fail-fast: false
matrix:
template: [retail-react-app-test-project, retail-react-app-demo, express-minimal-test-project, typescript-minimal-test-project]
runs-on: ubuntu-latest
env:
IS_TEMPLATE_FROM_RETAIL_REACT_APP: ${{ matrix.template == 'retail-react-app-test-project' || matrix.template == 'retail-react-app-demo' }}
PROJECT_DIR: generated-${{ matrix.template }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup Ubuntu Machine
uses: "./.github/actions/setup_ubuntu"
- name: Generate ${{ matrix.template }} project
run: |-
node packages/pwa-kit-create-app/scripts/create-mobify-app-dev.js --outputDir ${{ env.PROJECT_DIR }}
env:
GENERATOR_PRESET: ${{ matrix.template }}
timeout-minutes: 8
- name: Lint the generated project
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/linting"
with:
cwd: ${{ env.PROJECT_DIR }}
- name: Run unit tests
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/unit_tests"
with:
cwd: ${{ env.PROJECT_DIR }}
- name: Run smoke tests
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/smoke_tests"
with:
dir: ${{ env.PROJECT_DIR }}
- name: Count Generated Project Dependencies
id: count_deps
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/count_deps"
- name: Store Verdaccio logfile artifact
uses: actions/upload-artifact@v3
with:
path: packages/pwa-kit-create-app/local-npm-repo/verdaccio.log
# TODO: Ticket W-12425059. Revisit Snyk CLI integration to monitor manifest files on generated projects.
# TODO: Update the SNYK_TOKEN stored in GitHub with a token generated from the proper Snyk org.
# - name: Audit Generated Project
# if: env.IS_NOT_FORK == 'true' && env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true' && env.DEVELOP == 'true'
# uses: "./.github/actions/snyk"
# with:
# snyk_token: ${{ secrets.SNYK_TOKEN }}
- name: Send metrics to Datadog
if: env.IS_NOT_FORK == 'true' && env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/datadog"
with:
datadog_api_key: ${{ secrets.DATADOG_API_KEY }}
# TODO: The way this is set is a little bit magic - can it be cleaned up?
TOTAL_PACKAGES: $TOTAL_PACKAGES
- name: Create MRT credentials file
if: env.IS_NOT_FORK == 'true' && env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true' && env.DEVELOP == 'true'
uses: "./.github/actions/create_mrt"
with:
mobify_user: ${{ secrets.MOBIFY_CLIENT_USER }}
mobify_api_key: ${{ secrets.MOBIFY_CLIENT_API_KEY }}
- name: Push Bundle to MRT
if: env.IS_NOT_FORK == 'true' && env.DEVELOP == 'true' && matrix.template == 'retail-react-app-test-project'
uses: "./.github/actions/push_to_mrt"
with:
CWD: ${{ env.PROJECT_DIR }}
TARGET: generated-pwa
- name: Send GitHub Action data to Slack workflow (Generated)
id: slack
if: env.IS_NOT_FORK == 'true' && env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true' && env.DEVELOP == 'true' && failure()
uses: slackapi/[email protected]
with:
payload: |
{
"message": "A 'generated ${{ matrix.template }}' task has failed."
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
generated-windows:
strategy:
fail-fast: false
matrix:
template: [retail-react-app-test-project, retail-react-app-demo, express-minimal-test-project, typescript-minimal-test-project]
runs-on: windows-latest
env:
IS_TEMPLATE_FROM_RETAIL_REACT_APP: ${{ matrix.template == 'retail-react-app-test-project' || matrix.template == 'retail-react-app-demo' }}
PROJECT_DIR: generated-${{ matrix.template }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 20
- name: Setup Windows Machine
uses: "./.github/actions/setup_windows"
- name: Generate ${{ matrix.template }} project
run: |-
node packages/pwa-kit-create-app/scripts/create-mobify-app-dev.js --outputDir ${{ env.PROJECT_DIR }}
env:
GENERATOR_PRESET: ${{ matrix.template }}
timeout-minutes: 7
- name: Lint the generated project
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/linting"
with:
cwd: ${{ env.PROJECT_DIR }}
- name: Run unit tests
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/unit_tests"
with:
cwd: ${{ env.PROJECT_DIR }}
- name: Run smoke tests
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/smoke_tests"
with:
dir: ${{ env.PROJECT_DIR }}
- name: Count Generated Project Dependencies
if: env.IS_TEMPLATE_FROM_RETAIL_REACT_APP == 'true'
uses: "./.github/actions/count_deps"
- name: Store Verdaccio logfile artifact
uses: actions/upload-artifact@v3
with:
path: packages/pwa-kit-create-app/local-npm-repo/verdaccio.log
lighthouse:
strategy:
fail-fast: false
matrix:
node: [18] # Should match node version supported by MRT.
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
cache: npm
- name: Setup Ubuntu Machine
uses: "./.github/actions/setup_ubuntu"
- name: Run Lighthouse CI on the PWA
uses: "./.github/actions/lighthouse_ci"