Skip to content

Commit

Permalink
Address code vulnerabilities (#1688)
Browse files Browse the repository at this point in the history 
Optimized pipelines to support node module caching when run multiple times
Swapped over package manager from yarn to npm
Fixed npm audit problems to bring down prod build to only 2 vulnerabilities
Reshuffled erroneously labelled devDeps which were listed in prod deps to their correct place 
Update some modules according to Snyk suggestions
  • Loading branch information
@SorsOps
SorsOps authored Mar 15, 2023
1 parent ef10af1 commit f9e32a2
Show file tree
Hide file tree
Showing 8 changed files with 93,578 additions and 21,549 deletions.
82 changes: 66 additions & 16 deletions .github/workflows/node.js.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,24 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# 3: Install dependencies
- name: Install dependencies
run: yarn --frozen-lockfile

if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci
# 5: Build package
- name: Build Package
run: yarn build
run: npm run build

# 6: Store artifact
- name: Store Artifact
Expand All @@ -53,13 +64,26 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

# 3: Install dependencies
# 3: Install dependencies.
- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# This is very unlikely to happen, but we include it anyway in case some cache flushing happens
- name: Install dependencies
run: yarn --frozen-lockfile
if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci

# 4: Run tests
- name: Run test command
run: yarn test
run: npm run test
coverage:
name: Test coverage
runs-on: ubuntu-latest
Expand All @@ -73,9 +97,22 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

# 3: Install dependencies
# 3: Install dependencies.
- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# This is very unlikely to happen, but we include it anyway in case some cache flushing happens
- name: Install dependencies
run: yarn --frozen-lockfile
if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci

# 4: Run test coverage report
- name: Run test coverage report
Expand All @@ -86,7 +123,7 @@ jobs:
runCommand: 'LAUNCHDARKLY_FLAGS=tokenThemes,gitBranchSelector,multiFileSync,tokenFlowButton npx jest --collectCoverageFrom=''["src/**/*.{js,jsx,ts,tsx}"]'' --coverage --collectCoverage=true --coverageDirectory=''./'' --coverageReporters=''json-summary'' --forceExit --detectOpenHandles'
total_delta: 1
delta: 1
afterSwitchCommand: yarn --frozen-lockfile
afterSwitchCommand: npm ci
useSameComment: true
test-transform:
name: Transformer Tests
Expand All @@ -101,21 +138,34 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

# 3: Install dependencies
# 3: Install dependencies.
- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# This is very unlikely to happen, but we include it anyway in case some cache flushing happens
- name: Install dependencies
run: yarn --frozen-lockfile
if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci

# 4: Build package
- name: build:transform
run: yarn build-transform
run: npm run build-transform

# 5: Install dependencies
- name: Install dependencies - transformer
run: cd token-transformer && yarn --frozen-lockfile
run: cd token-transformer && npm ci

# 6: Run tests
- name: Run test command
run: cd token-transformer && yarn test
run: cd token-transformer && npm run test
cypress-run:
name: Cypress
runs-on: ubuntu-latest
Expand All @@ -128,5 +178,5 @@ jobs:
- name: Cypress run
uses: cypress-io/github-action@v2
with:
build: yarn build:cy
start: yarn serve
build: npm run build:cy
start: npm run serve
2 changes: 2 additions & 0 deletions .npmrc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
strict-peer-deps=false
legacy-peer-deps=true
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ Whenever you apply a token to a layer, the plugin will store hidden information
Most information can be found in the [docs](https://docs.tokens.studio) or [our website](https://tokens.studio).

# Contribute
* Run `yarn` to install dependencies.
* Run `yarn start` to start webpack in watch mode or `yarn build` to build once.
* Run `npm ci` to install dependencies.
* Run `npm run start` to start webpack in watch mode or `npm run build` to build once.
* Open `Figma` -> `Plugins` -> `Development` -> `New Plugin...` and choose `manifest.json` file from this repo.
* Create a Pull request for your branch

Expand Down
Loading

0 comments on commit f9e32a2

Please sign in to comment.