Skip to content

fix: package.json & package-lock.json to reduce vulnerabilities #314

fix: package.json & package-lock.json to reduce vulnerabilities

fix: package.json & package-lock.json to reduce vulnerabilities #314

Workflow file for this run

name: Bmore-Responsive
on:
push:
pull_request:
env:
NODE_ENV: development
DATABASE_PASSWORD: password
JWT_KEY: fortestsonly
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Cache node modules
uses: actions/cache@v2
env:
cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Install npm packages
run: npm install
- name: Audit npm packages
run: npm audit
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Restore node modules
uses: actions/cache@v2
env:
cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: install eslint
run: npm install eslint
- name: Lint JS
run: npm run lint
- name: install hadolint
run: docker pull hadolint/hadolint
- name: Lint Dockerfile
run: |
docker run --rm -i hadolint/hadolint < Dockerfile
build:
runs-on: ubuntu-latest
needs:
- audit
- lint
steps:
- uses: actions/checkout@v2
- name: Build docker stack
run: docker-compose up -d --build
- name: Save docker images
run: |
docker save -o /tmp/containers.tar bmore-responsive_api:latest postgres:latest
- name: Cache API docker image
uses: actions/upload-artifact@v2
with:
name: containers
path: /tmp/containers.tar
test:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v2
- name: Download docker images
uses: actions/download-artifact@v3
with:
name: containers
path: /tmp
- name: Extract docker images
run: |
docker load -i /tmp/containers.tar
- name: Compose docker images
run: docker compose up -d
- name: Test
run: |
sleep 10 # wait for containers to set up
docker exec bmore-responsive-api-1 npm test