fix: package.json & package-lock.json to reduce vulnerabilities #1101
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI workflow | |
| on: | |
| push: | |
| pull_request: | |
| jobs: | |
| lint-js: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Code Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: 'npm' | |
| - name: Install node dependencies | |
| # Fix for installing puppeteer which is a pa11y dependency. | |
| # Remove when this GitHub issue is resolved: https://github.com/puppeteer/puppeteer/issues/12094 | |
| env: | |
| PUPPETEER_DOWNLOAD_BASE_URL: https://storage.googleapis.com/chrome-for-testing-public | |
| run: npm ci --timing | |
| - name: Lint javascript | |
| run: npm run lint:js | |
| lint-styles: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Code Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: 'npm' | |
| - name: Install node dependencies | |
| # Fix for installing puppeteer which is a pa11y dependency. | |
| # Remove when this GitHub issue is resolved: https://github.com/puppeteer/puppeteer/issues/12094 | |
| env: | |
| PUPPETEER_DOWNLOAD_BASE_URL: https://storage.googleapis.com/chrome-for-testing-public | |
| run: npm ci --verbose --timing | |
| - name: Lint SCSS | |
| run: npm run lint:styles | |
| test: | |
| needs: | |
| - lint-js | |
| - lint-styles | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Code Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: 'npm' | |
| - name: Install node dependencies | |
| # Fix for installing puppeteer which is a pa11y dependency. | |
| # Remove when this GitHub issue is resolved: https://github.com/puppeteer/puppeteer/issues/12094 | |
| env: | |
| PUPPETEER_DOWNLOAD_BASE_URL: https://storage.googleapis.com/chrome-for-testing-public | |
| run: npm ci --timing | |
| - name: Run tests | |
| run: npm test | |
| audit-dependencies: | |
| needs: | |
| - lint-js | |
| - lint-styles | |
| - test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Code checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: 'npm' | |
| - name: Install node dependencies | |
| run: npm ci | |
| - name: Validate npm package signatures | |
| run: npm audit signatures | |
| accessibility-axe: | |
| needs: | |
| - lint-js | |
| - lint-styles | |
| - test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Code Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install ruby and bundle gem dependencies | |
| uses: ruby/setup-ruby@360dc864d5da99d54fcb8e9148c14a84b90d3e88 | |
| with: | |
| bundler-cache: true | |
| - name: Install Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: 'npm' | |
| - name: Install node dependencies | |
| # Fix for installing puppeteer which is a pa11y dependency. | |
| # Remove when this GitHub issue is resolved: https://github.com/puppeteer/puppeteer/issues/12094 | |
| env: | |
| PUPPETEER_DOWNLOAD_BASE_URL: https://storage.googleapis.com/chrome-for-testing-public | |
| run: npm ci --timing | |
| - name: Run the local server and run axe-cli against each page | |
| run: npm start & sleep 30; npm run accessibility:axe | |
| accessibility-pa11y: | |
| needs: | |
| - lint-js | |
| - lint-styles | |
| - test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Code Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install ruby and bundle gem dependencies | |
| uses: ruby/setup-ruby@360dc864d5da99d54fcb8e9148c14a84b90d3e88 | |
| with: | |
| bundler-cache: true | |
| - name: Install Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: 'npm' | |
| - name: Install node dependencies | |
| # Fix for installing puppeteer which is a pa11y dependency. | |
| # Remove when this GitHub issue is resolved: https://github.com/puppeteer/puppeteer/issues/12094 | |
| env: | |
| PUPPETEER_DOWNLOAD_BASE_URL: https://storage.googleapis.com/chrome-for-testing-public | |
| run: npm ci --timing | |
| - name: Run the local server and run pa11y-cli against each page | |
| run: npm start & sleep 30; npm run accessibility:pa11y | |
| deploy_dev: | |
| needs: | |
| - lint-js | |
| - lint-styles | |
| - test | |
| - audit-dependencies | |
| - accessibility-axe | |
| - accessibility-pa11y | |
| if: github.ref == 'refs/heads/develop' && github.event_name != 'pull_request' | |
| uses: 18F/analytics.usa.gov/.github/workflows/deploy.yml@develop | |
| with: | |
| API_APP_NAME: ${{ vars.API_APP_NAME_DEV }} | |
| API_FQDN: ${{ vars.API_FQDN_DEV }} | |
| API_PORT: ${{ vars.API_PORT }} | |
| APP_NAME: ${{ vars.APP_NAME_DEV }} | |
| APP_URL: ${{ vars.APP_URL_DEV }} | |
| CF_ORGANIZATION_NAME: ${{ vars.CF_ORGANIZATION_NAME }} | |
| CF_SPACE_NAME: ${{ vars.CF_SPACE_NAME_DEV }} | |
| NEW_RELIC_APP_NAME: ${{ vars.NEW_RELIC_APP_NAME_DEV }} | |
| S3_BUCKET_URL: ${{ vars.S3_BUCKET_URL_DEV }} | |
| S3_SERVICE_NAME: ${{ vars.S3_SERVICE_NAME_DEV }} | |
| secrets: | |
| API_DATA_GOV_SECRET: ${{ secrets.API_DATA_GOV_SECRET_DEV }} | |
| CF_USERNAME: ${{ secrets.CF_USERNAME_DEV }} | |
| CF_PASSWORD: ${{ secrets.CF_PASSWORD_DEV }} | |
| NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY_DEV }} | |
| deploy_stg: | |
| needs: | |
| - lint-js | |
| - lint-styles | |
| - test | |
| - audit-dependencies | |
| - accessibility-axe | |
| - accessibility-pa11y | |
| if: github.ref == 'refs/heads/staging' && github.event_name != 'pull_request' | |
| uses: 18F/analytics.usa.gov/.github/workflows/deploy.yml@develop | |
| with: | |
| API_APP_NAME: ${{ vars.API_APP_NAME_STG }} | |
| API_FQDN: ${{ vars.API_FQDN_STG }} | |
| API_PORT: ${{ vars.API_PORT }} | |
| APP_NAME: ${{ vars.APP_NAME_STG }} | |
| APP_URL: ${{ vars.APP_URL_STG }} | |
| CF_ORGANIZATION_NAME: ${{ vars.CF_ORGANIZATION_NAME }} | |
| CF_SPACE_NAME: ${{ vars.CF_SPACE_NAME_STG }} | |
| NEW_RELIC_APP_NAME: ${{ vars.NEW_RELIC_APP_NAME_STG }} | |
| S3_BUCKET_URL: ${{ vars.S3_BUCKET_URL_STG }} | |
| S3_SERVICE_NAME: ${{ vars.S3_SERVICE_NAME_STG }} | |
| secrets: | |
| API_DATA_GOV_SECRET: ${{ secrets.API_DATA_GOV_SECRET_STG }} | |
| CF_USERNAME: ${{ secrets.CF_USERNAME_STG }} | |
| CF_PASSWORD: ${{ secrets.CF_PASSWORD_STG }} | |
| NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY_STG }} | |
| deploy_prd: | |
| needs: | |
| - lint-js | |
| - lint-styles | |
| - test | |
| - audit-dependencies | |
| - accessibility-axe | |
| - accessibility-pa11y | |
| if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' | |
| uses: 18F/analytics.usa.gov/.github/workflows/deploy.yml@develop | |
| with: | |
| API_APP_NAME: ${{ vars.API_APP_NAME_PRD }} | |
| API_FQDN: ${{ vars.API_FQDN_PRD }} | |
| API_PORT: ${{ vars.API_PORT }} | |
| APP_NAME: ${{ vars.APP_NAME_PRD }} | |
| APP_URL: ${{ vars.APP_URL_PRD }} | |
| CF_ORGANIZATION_NAME: ${{ vars.CF_ORGANIZATION_NAME }} | |
| CF_SPACE_NAME: ${{ vars.CF_SPACE_NAME_PRD }} | |
| NEW_RELIC_APP_NAME: ${{ vars.NEW_RELIC_APP_NAME_PRD }} | |
| S3_BUCKET_URL: ${{ vars.S3_BUCKET_URL_PRD }} | |
| S3_SERVICE_NAME: ${{ vars.S3_SERVICE_NAME_PRD }} | |
| secrets: | |
| API_DATA_GOV_SECRET: ${{ secrets.API_DATA_GOV_SECRET_PRD }} | |
| CF_USERNAME: ${{ secrets.CF_USERNAME_PRD }} | |
| CF_PASSWORD: ${{ secrets.CF_PASSWORD_PRD }} | |
| NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY_PRD }} |