Merge pull request #1432 from tubone24/renovate-npm-axios-vulnerability #844
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: DeployToNetlifyPRD | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
env: | |
cache-version: v2 | |
jobs: | |
create-cache: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.17.0 | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}" | |
- name: Cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache | |
${{ steps.yarn-cache-dir-path.outputs.dir }} | |
node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-${{ env.cache-version }}- | |
- name: yarn install | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: yarn install --frozen-lockfile | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.17.0 | |
registry-url: https://npm.pkg.github.com/ | |
scope: '@tubone24' | |
- uses: denoland/setup-deno@v1 | |
with: | |
deno-version: 'v1.x' | |
- name: install noto font | |
run: | | |
sudo apt-get update | |
sudo apt-get install fonts-noto | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}" | |
- name: Cache | |
uses: actions/cache/restore@v3 | |
with: | |
path: | | |
~/.cache | |
${{ steps.yarn-cache-dir-path.outputs.dir }} | |
node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-${{ env.cache-version }}- | |
- name: yarn install | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: yarn install --frozen-lockfile | |
- name: Test | |
env: | |
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
GATSBY_GITHUB_SHA: ${{ github.sha }} | |
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
NETLIFY_ENV: deploy-preview | |
run: yarn test:cov | |
- name: Use Coveralls | |
uses: coverallsapp/github-action@master | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
path-to-lcov: ./coverage/lcov.info | |
flag-name: Unit | |
- name: Test E2E | |
env: | |
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
GATSBY_GITHUB_SHA: ${{ github.sha }} | |
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
NETLIFY_ENV: deploy-preview | |
run: yarn test:e2e:ci | |
# - name: Use Coveralls | |
# uses: coverallsapp/github-action@master | |
# with: | |
# github-token: ${{ secrets.GITHUB_TOKEN }} | |
# path-to-lcov: ./coverage-e2e/lcov.info | |
# flag-name: e2e | |
- name: Test Storybook Snapshot | |
env: | |
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
GATSBY_GITHUB_SHA: ${{ github.sha }} | |
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
NETLIFY_ENV: deploy-preview | |
run: yarn test:storybook | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: main.spec.ts.mp4 | |
path: ./cypress/videos/main.cy.ts.mp4 | |
- name: Upload video for screenshot branch | |
env: | |
FILE_PATH: ./cypress/videos/main.cy.ts.mp4 | |
FILE_NAME: main.spec.ts.mp4 | |
HEAD_REF: "master" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_REPOSITORY: "tubone24/blog" | |
GITHUB_PULL_REQUEST_NUMBER: "" | |
BRANCH_NAME: "screenshot" | |
run: deno run --allow-env --allow-read --allow-net scripts/uploadScreenShot.ts | |
- name: Upload Test Coverage | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./coverage | |
destination_dir: cov | |
keep_files: true | |
- name: Upload e2e Test Coverage | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./coverage-e2e/lcov-report | |
destination_dir: e2e-cov | |
keep_files: true | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.17.0 | |
registry-url: https://npm.pkg.github.com/ | |
scope: '@tubone24' | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}" | |
- name: Cache | |
uses: actions/cache/restore@v3 | |
with: | |
path: | | |
~/.cache | |
${{ steps.yarn-cache-dir-path.outputs.dir }} | |
node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-${{ env.cache-version }}- | |
- name: yarn install | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: yarn install --frozen-lockfile | |
- name: Type check | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: yarn typecheck | |
- name: Code Lint Check | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: yarn format | |
- name: Style Lint Check | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: yarn format-style | |
- name: Yaml Lint Check | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: yarn format-yml | |
build: | |
runs-on: ubuntu-latest | |
needs: ['test', 'lint'] | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v3 | |
- uses: chrnorm/deployment-action@v2 | |
name: Create GitHub deployment | |
id: deployment-prod | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
environment: production | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.17.0 | |
registry-url: https://npm.pkg.github.com/ | |
scope: '@tubone24' | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}" | |
- name: Cache | |
uses: actions/cache/restore@v3 | |
with: | |
path: | | |
~/.cache | |
${{ steps.yarn-cache-dir-path.outputs.dir }} | |
node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-${{ env.cache-version }}- | |
- name: yarn install | |
env: | |
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
GATSBY_GITHUB_SHA: ${{ github.sha }} | |
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
NETLIFY_ENV: production | |
PERCY_TOKEN: ${{secrets.PERCY_TOKEN}} | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: | | |
yarn install --frozen-lockfile | |
cd functions/src | |
npm install --os=linux --cpu=x64 --prefix ./ sharp | |
ls node_modules/ | |
- name: yarn build | |
env: | |
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
GATSBY_GITHUB_SHA: ${{ github.sha }} | |
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
NETLIFY_ENV: production | |
PERCY_TOKEN: ${{secrets.PERCY_TOKEN}} | |
run: yarn build:nocache | |
- name: Push Bundle Analyze | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./public/webpack-bundle-analyser/ | |
destination_dir: ba | |
keep_files: true | |
- name: Remove Bundle Analyze | |
run: rm ./public/webpack-bundle-analyser/index.html | |
- name: Deploy to netlify | |
run: npx netlify-cli deploy --prod --dir=./public --functions=./functions/src | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
- uses: chrnorm/deployment-status@v2 | |
if: success() | |
name: Create GitHub deploy (Success) | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
environment: production | |
environment-url: "https://blog.tubone-project24.xyz" | |
deployment-id: ${{ steps.deployment-prod.outputs.deployment_id }} | |
state: "success" | |
- uses: chrnorm/deployment-status@v2 | |
if: failure() | |
name: Create GitHub deploy (Failure) | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
environment: production | |
environment-url: "https://blog.tubone-project24.xyz" | |
deployment-id: ${{ steps.deployment-prod.outputs.deployment_id }} | |
state: "failure" | |
- name: Sentry Release | |
uses: getsentry/[email protected] | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }} | |
SENTRY_ORG: tubone-project24 | |
SENTRY_PROJECT: blog | |
with: | |
environment: production | |
version: tubone-boyaki@${{ github.sha }} | |
sourcemaps: "./public" | |
storybook: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v3 | |
- uses: chrnorm/deployment-action@v2 | |
name: Create GitHub deployment | |
id: deployment-prod-storybook | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
environment: production-storybook | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}" | |
- name: Cache | |
uses: actions/cache/restore@v3 | |
with: | |
path: | | |
~/.cache | |
${{ steps.yarn-cache-dir-path.outputs.dir }} | |
node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
${{ runner.os }}-build-${{ env.cache-version }}- | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.17.0 | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: yarn build | |
env: | |
GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
GATSBY_GITHUB_SHA: ${{ github.sha }} | |
FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
NETLIFY_ENV: deploy-preview | |
run: yarn build | |
- name: build storybook | |
run: yarn build-storybook | |
env: | |
STORYBOOK_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
STORYBOOK_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
STORYBOOK_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
GATSBY_GITHUB_SHA: ${{ github.sha }} | |
NETLIFY_ENV: deploy-preview | |
- name: Deploy to netlify | |
run: npx netlify-cli deploy --prod --dir=./storybook-static | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_STORYBOOK_AUTH_TOKEN }} | |
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_STORYBOOK_SITE_ID }} | |
- uses: chrnorm/deployment-status@v2 | |
if: success() | |
name: Create GitHub deploy (Success) | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
environment: production-storybook | |
environment-url: "https://blog-storybook.netlify.app" | |
deployment-id: ${{ steps.deployment-prod-storybook.outputs.deployment_id }} | |
state: "success" | |
- uses: chrnorm/deployment-status@v2 | |
if: failure() | |
name: Create GitHub deploy (Failure) | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
environment: production-storybook | |
environment-url: "https://blog-storybook.netlify.app" | |
deployment-id: ${{ steps.deployment-prod-storybook.outputs.deployment_id }} | |
state: "failure" | |
lighthouse: | |
runs-on: macos-latest | |
needs: ['build'] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.17.0 | |
registry-url: https://npm.pkg.github.com/ | |
scope: '@tubone24' | |
- name: Install lighthouse | |
run: sudo npm i -g lighthouse | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
- name: make public dir | |
run: mkdir -p ./public | |
- name: Run lighthouse | |
run: | | |
lighthouse \ | |
--chrome-flags="--headless" \ | |
--output html --output-path /tmp/report.html \ | |
'https://blog.tubone-project24.xyz' | |
cp /tmp/report.html ./public/report.html | |
- name: Deploy | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./public | |
destination_dir: lh | |
keep_files: true | |
webscreenshot: | |
needs: | |
- build | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
width: [1920, 1200, 768, 400] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: denoland/setup-deno@v1 | |
with: | |
deno-version: 'v1.x' | |
- name: install noto font | |
run: | | |
sudo apt-get update | |
sudo apt-get install fonts-noto | |
- name: Capture Webpage Screenshot | |
uses: swinton/[email protected] | |
with: | |
source: "https://blog.tubone-project24.xyz" | |
destination: screenshot-${{ matrix.os }}-${{ matrix.width }}.png | |
width: ${{ matrix.width }} | |
delay: 10 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: screenshot-${{ matrix.os }}-${{ matrix.width }} | |
- name: Upload screenshot to screenshot branch | |
env: | |
FILE_PATH: screenshot-${{ matrix.os }}-${{ matrix.width }}.png | |
FILE_NAME: screenshot-${{ matrix.os }}-${{ matrix.width }}.png | |
HEAD_REF: "master" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_REPOSITORY: "tubone24/blog" | |
GITHUB_PULL_REQUEST_NUMBER: "" | |
BRANCH_NAME: "screenshot" | |
run: deno run --allow-env --allow-read --allow-net scripts/uploadScreenShot.ts |