fix: src/package.json & src/package-lock.json to reduce vulnerabilities #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Leave the powered by Sauce Labs bit in as this means we get additional concurrency | |
name: "Frontend tests powered by Sauce Labs" | |
on: [push] | |
jobs: | |
withoutplugins: | |
name: without plugins | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Fail if Dependabot | |
if: github.actor == 'dependabot[bot]' | |
run: | | |
cat <<EOF >&2 | |
Frontend tests skipped because Dependabot can't access secrets. | |
Manually re-run the jobs to run the frontend tests. | |
For more information, see: | |
https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ | |
EOF | |
exit 1 | |
- | |
name: Generate Sauce Labs strings | |
id: sauce_strings | |
run: | | |
printf %s\\n '::set-output name=name::${{ github.workflow }} - ${{ github.job }}' | |
printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}' | |
- | |
name: Checkout repository | |
uses: actions/checkout@v3 | |
- | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 14 | |
cache: 'npm' | |
cache-dependency-path: | | |
src/package-lock.json | |
src/bin/doc/package-lock.json | |
- | |
name: Install all dependencies and symlink for ep_etherpad-lite | |
run: src/bin/installDeps.sh | |
- | |
name: export GIT_HASH to env | |
id: environment | |
run: echo "::set-output name=sha_short::$(git rev-parse --short ${{ github.sha }})" | |
- | |
name: Create settings.json | |
run: cp settings.json.template settings.json | |
- | |
name: Disable import/export rate limiting | |
run: | | |
sed -e '/^ *"importExportRateLimiting":/,/^ *\}/ s/"max":.*/"max": 0/' -i settings.json | |
- | |
uses: saucelabs/[email protected] | |
with: | |
username: ${{ secrets.SAUCE_USERNAME }} | |
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} | |
tunnelIdentifier: ${{ steps.sauce_strings.outputs.tunnel_id }} | |
- | |
name: Run the frontend tests | |
shell: bash | |
env: | |
SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} | |
SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} | |
SAUCE_NAME: ${{ steps.sauce_strings.outputs.name }} | |
TRAVIS_JOB_NUMBER: ${{ steps.sauce_strings.outputs.tunnel_id }} | |
GIT_HASH: ${{ steps.environment.outputs.sha_short }} | |
run: | | |
src/tests/frontend/travis/runner.sh | |
withplugins: | |
name: with plugins | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Fail if Dependabot | |
if: github.actor == 'dependabot[bot]' | |
run: | | |
cat <<EOF >&2 | |
Frontend tests skipped because Dependabot can't access secrets. | |
Manually re-run the jobs to run the frontend tests. | |
For more information, see: | |
https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ | |
EOF | |
exit 1 | |
- | |
name: Generate Sauce Labs strings | |
id: sauce_strings | |
run: | | |
printf %s\\n '::set-output name=name::${{ github.workflow }} - ${{ github.job }}' | |
printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}' | |
- | |
name: Checkout repository | |
uses: actions/checkout@v3 | |
- | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 14 | |
cache: 'npm' | |
cache-dependency-path: | | |
src/package-lock.json | |
src/bin/doc/package-lock.json | |
- | |
name: Install Etherpad plugins | |
# The --legacy-peer-deps flag is required to work around a bug in npm v7: | |
# https://github.com/npm/cli/issues/2199 | |
run: > | |
npm install --no-save --legacy-peer-deps | |
ep_align | |
ep_author_hover | |
ep_cursortrace | |
ep_embedmedia | |
ep_font_size | |
ep_hash_auth | |
ep_headings2 | |
ep_image_upload | |
ep_markdown | |
ep_readonly_guest | |
ep_set_title_on_pad | |
ep_spellcheck | |
ep_subscript_and_superscript | |
ep_table_of_contents | |
# Etherpad core dependencies must be installed after installing the | |
# plugin's dependencies, otherwise npm will try to hoist common | |
# dependencies by removing them from src/node_modules and installing them | |
# in the top-level node_modules. As of v6.14.10, npm's hoist logic appears | |
# to be buggy, because it sometimes removes dependencies from | |
# src/node_modules but fails to add them to the top-level node_modules. | |
# Even if npm correctly hoists the dependencies, the hoisting seems to | |
# confuse tools such as `npm outdated`, `npm update`, and some ESLint | |
# rules. | |
- | |
name: Install all dependencies and symlink for ep_etherpad-lite | |
run: src/bin/installDeps.sh | |
- | |
name: export GIT_HASH to env | |
id: environment | |
run: echo "::set-output name=sha_short::$(git rev-parse --short ${{ github.sha }})" | |
- | |
name: Create settings.json | |
run: cp settings.json.template settings.json | |
- | |
name: Disable import/export rate limiting | |
run: | | |
sed -e '/^ *"importExportRateLimiting":/,/^ *\}/ s/"max":.*/"max": 0/' -i settings.json | |
# XXX we should probably run all tests, because plugins could effect their results | |
- | |
name: Remove standard frontend test files, so only plugin tests are run | |
run: rm src/tests/frontend/specs/* | |
- | |
uses: saucelabs/[email protected] | |
with: | |
username: ${{ secrets.SAUCE_USERNAME }} | |
accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} | |
tunnelIdentifier: ${{ steps.sauce_strings.outputs.tunnel_id }} | |
- | |
name: Run the frontend tests | |
shell: bash | |
env: | |
SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} | |
SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} | |
SAUCE_NAME: ${{ steps.sauce_strings.outputs.name }} | |
TRAVIS_JOB_NUMBER: ${{ steps.sauce_strings.outputs.tunnel_id }} | |
GIT_HASH: ${{ steps.environment.outputs.sha_short }} | |
run: | | |
src/tests/frontend/travis/runner.sh |