build(NPM): update next due to cve #2545
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Music Analytics Project CI/CD | |
# CI_ENVIRONMENT_CONTENT - Environment file content for the ci environment | |
# STAGE_ENVIRONMENT_CONTENT - Environment file content for the ci environment | |
# STAGE_VERCEL_CONFIG - Identify the Vercel Project and Organization | |
# PRODUCTION_ENVIRONMENT_CONTENT - Environment file content for the ci environment | |
# PRODUCTION_VERCEL_CONFIG - Identify the Vercel Project and Organization | |
# VERCEL_TOKEN - The authentication token used by Vercel | |
on: | |
push: | |
schedule: | |
- cron: "0 6 * * 1" | |
workflow_dispatch: | |
jobs: | |
configuration: | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-read_json_file.yml@main | |
with: | |
JSON_FILE_PATH: ".github/config/workflows/workflow-push.json" | |
architecture: | |
needs: [configuration] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Architecture Enforcement -- Checkout Repository | |
uses: actions/checkout@v3 | |
- name: Architecture Enforcement -- Setup Environment | |
run: | | |
bash .github/scripts/step-setup-environment.sh | |
env: | |
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
- name: Architecture Enforcement -- Install Toolbox | |
uses: ./.github/actions/action-00-toolbox | |
- name: Architecture Enforcement -- Run Global Enforcement Script | |
run: | | |
bash .github/scripts/architecture.sh | |
- name: Architecture Enforcement -- Report Job Status on Success | |
if: fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications == true | |
uses: ./.cicd-tools/boxes/active/ci/github/actions/action-00-generic-notification | |
with: | |
NOTIFICATION_EMOJI: ":heavy_check_mark:" | |
NOTIFICATION_MESSAGE: "Architecture enforcement checks have completed successfully!" | |
NOTIFICATION_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
- name: Architecture Enforcement -- Report Job Status | |
if: failure() | |
uses: ./.cicd-tools/boxes/active/ci/github/actions/action-00-generic-notification | |
with: | |
NOTIFICATION_EMOJI: ":x:" | |
NOTIFICATION_MESSAGE: "Achitecture enforcement checks have failed!" | |
NOTIFICATION_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
markdown_links: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-30-generic-markdown_links.yml@main | |
with: | |
CONFIG_FILE: ".github/config/actions/gaurav-nelson-github-action-markdown-link-check.json" | |
DOCUMENTATION_PATH: "." | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
build: | |
needs: [configuration] | |
secrets: | |
FILE_CONTENT: ${{ secrets.CI_ENVIRONMENT_CONTENT }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
ENV_SECRET_1: ${{ secrets.INTEGRATION_TEST_LAST_FM_KEY }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: coverage | |
COMMAND_NAME: Build Validation | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PRE_COMMAND: echo "INTEGRATION_TEST_LAST_FM_KEY=${ENV_SECRET_1}" >> "${GITHUB_ENV}" | |
SECRET_CONTENT_FILENAME: .env.test | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
commit_lint: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-rev_range_command.yml@main | |
with: | |
COMMAND: | | |
poetry run cz check --rev-range "${PUSHED_COMMIT_REV_RANGE}" | |
COMMAND_NAME: "Commit Message Lint" | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }} | |
REV_RANGE: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_commitizen_rev_range }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
commit_spell_check: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-rev_range_command.yml@main | |
with: | |
COMMAND: | | |
CICD_COMMIT_MESSAGES_FILE="$(mktemp XXXXXXXX.git_history_file)" | |
git log --pretty=format:%s "${PUSHED_COMMIT_REV_RANGE}" > "${CICD_COMMIT_MESSAGES_FILE}" | |
poetry run pre-commit run --hook-stage commit-msg spelling-commit-message --commit-msg-filename "${CICD_COMMIT_MESSAGES_FILE}" | |
COMMAND_NAME: "Commit Message Spelling" | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }} | |
REV_RANGE: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_commit_spelling_rev_range }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
compilation: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: build:validators | |
COMMAND_NAME: Validator Build | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
POST_COMMAND: git diff --exit-code | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
deploy_stage: | |
if: github.ref == 'refs/heads/main' | |
needs: [configuration, success_notification] | |
secrets: | |
FILE_CONTENT: ${{ secrets.STAGE_ENVIRONMENT_CONTENT }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
ENV_SECRET_1: ${{ secrets.VERCEL_TOKEN }} | |
ENV_SECRET_2: ${{ secrets.STAGE_VERCEL_CONFIG }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: ci:vercel; vercel pull --yes --environment=production --token="${ENV_SECRET_1}" | |
COMMAND_NAME: Deploy to Stage | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
POST_COMMAND: vercel build --prod --token="${ENV_SECRET_1}" && vercel deploy --prebuilt --prod --token="${ENV_SECRET_1}" | |
PRE_COMMAND: mkdir -p .vercel && echo "${ENV_SECRET_2}" > .vercel/project.json | |
SECRET_CONTENT_FILENAME: .env.local | |
VERBOSE_NOTIFICATIONS: true | |
deploy_production: | |
if: github.ref == 'refs/heads/production' | |
needs: [configuration, success_notification] | |
secrets: | |
FILE_CONTENT: ${{ secrets.PRODUCTION_ENVIRONMENT_CONTENT }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
ENV_SECRET_1: ${{ secrets.VERCEL_TOKEN }} | |
ENV_SECRET_2: ${{ secrets.PRODUCTION_VERCEL_CONFIG }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: ci:vercel; vercel pull --yes --environment=production --token="${ENV_SECRET_1}" | |
COMMAND_NAME: Deploy to Production | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
POST_COMMAND: vercel build --prod --token="${ENV_SECRET_1}" && vercel deploy --prebuilt --prod --token="${ENV_SECRET_1}" | |
PRE_COMMAND: mkdir -p .vercel && echo "${ENV_SECRET_2}" > .vercel/project.json | |
SECRET_CONTENT_FILENAME: .env.local | |
VERBOSE_NOTIFICATIONS: true | |
json_schema_lint: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master | |
with: | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PRECOMMIT_HOOK_ID: "check-jsonschema" | |
PRECOMMIT_HOOK_NAME: "Workflow Config JSON Schema Linting" | |
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
lint: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: lint | |
COMMAND_NAME: Linting | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
security_scan: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-10-generic-security_scan_credentials.yml@main | |
with: | |
EXTRA_BINARY_ARGS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_trufflehog_extra_scan_args }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
security_test: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: security | |
COMMAND_NAME: Dependency Scan | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
shellcheck_test: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
strategy: | |
fail-fast: true | |
matrix: | |
hook: | |
- id: "format-shell" | |
name: "Shell Formatting" | |
- id: "lint-shell" | |
name: "Shell Linting" | |
max-parallel: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@main | |
with: | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PRECOMMIT_HOOK_ID: ${{ matrix.hook.id }} | |
PRECOMMIT_HOOK_NAME: ${{ matrix.hook.name }} | |
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
smoke_tests_development: | |
needs: [configuration] | |
secrets: | |
FILE_CONTENT: ${{ secrets.CI_ENVIRONMENT_CONTENT }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: smoke:ci | |
COMMAND_NAME: Smoke Tests (Development) | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PRE_COMMAND: | | |
npm run build | |
npm run start > development.server.log 2>&1 & | |
ERROR_COMMAND: cat development.server.log | |
SECRET_CONTENT_FILENAME: .env.local | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
smoke_tests_stage: | |
if: github.ref == 'refs/heads/main' | |
needs: [configuration, deploy_stage] | |
secrets: | |
FILE_CONTENT: ${{ secrets.STAGE_ENVIRONMENT_CONTENT }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: smoke:ci | |
COMMAND_NAME: Smoke Tests (Stage) | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
SECRET_CONTENT_FILENAME: .env.local | |
VERBOSE_NOTIFICATIONS: true | |
smoke_tests_production: | |
if: github.ref == 'refs/heads/production' | |
needs: [configuration, deploy_production] | |
secrets: | |
FILE_CONTENT: ${{ secrets.PRODUCTION_ENVIRONMENT_CONTENT }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: smoke:ci | |
COMMAND_NAME: Smoke Tests (Production) | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
SECRET_CONTENT_FILENAME: .env.local | |
VERBOSE_NOTIFICATIONS: true | |
start_notification: | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-notification.yml@main | |
with: | |
NOTIFICATION_EMOJI: ":vertical_traffic_light:" | |
NOTIFICATION_MESSAGE: "Workflow has started!" | |
success_notification: | |
needs: | |
[ | |
architecture, | |
build, | |
commit_lint, | |
commit_spell_check, | |
compilation, | |
json_schema_lint, | |
lint, | |
markdown_links, | |
security_scan, | |
security_test, | |
shellcheck_test, | |
smoke_tests_development, | |
start_notification, | |
toml_lint, | |
type_validation, | |
workflow_lint_test, | |
] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-notification.yml@main | |
with: | |
NOTIFICATION_EMOJI: ":checkered_flag:" | |
NOTIFICATION_MESSAGE: "All checks have completed successfully!" | |
toml_lint: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@main | |
with: | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PRECOMMIT_HOOK_ID: "format-toml" | |
PRECOMMIT_HOOK_NAME: "TOML Formatting" | |
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
type_validation: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-40-npm-run_cached_command.yml@main | |
with: | |
ADDITIONAL_CACHE_PATHS: "~/.cache/Cypress" | |
COMMAND: compile | |
COMMAND_NAME: Type Validation | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} | |
workflow_lint_test: | |
needs: [configuration] | |
secrets: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@main | |
with: | |
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }} | |
PRECOMMIT_HOOK_ID: "lint-github-workflow" | |
PRECOMMIT_HOOK_NAME: "Workflow Linting" | |
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }} | |
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }} |