Skip to content

[Snyk] Upgrade chart.js from 4.2.1 to 4.4.3 #77

[Snyk] Upgrade chart.js from 4.2.1 to 4.4.3

[Snyk] Upgrade chart.js from 4.2.1 to 4.4.3 #77

Workflow file for this run

# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
name: Build and Deploy
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
#declare environment variables
env:
AWS_REGION: ap-southeast-1
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20.x]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Cache node modules
uses: actions/cache@v4
with:
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
path: |
~/.npm
${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
- name: Clean Install dependencies
run: npm ci
#Run sonar cloud scan
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Build
run: npm run build
env:
NEXT_PUBLIC_COGNITO_CLIENT_ID: ${{ secrets.COGNITO_CLIENT_ID }}
NEXT_PUBLIC_QUEMISTRY_GATEWAY_URL: ${{ secrets.QUEMISTRY_GATEWAY_URL }}
#Upload artifact
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: quemistry-web-client
path: dist/
overwrite: true
audit:
needs: build
name: Audit Packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Audit packages
run: npm audit --audit-level moderate
env:
CI: true
deploy_to_s3:
needs: [build, audit]
runs-on: ubuntu-latest
steps:
#Download artifact
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: quemistry-web-client
path: dist_s3/
- name: Deploy to S3
run: |
aws s3 sync dist_s3/ s3://quemisty-client-web --delete
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ env.AWS_REGION }}
# Invalidate Cloudfront (this action)
- name: invalidate
uses: chetan/invalidate-cloudfront-action@master
env:
DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
PATHS: '/*'
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# zap_scan:
# permissions: write-all
# needs: deploy_to_s3
# runs-on: ubuntu-latest
# name: Zap Scan
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# with:
# ref: main
# - name: ZAP Scan
# uses: zaproxy/action-full-scan@v0.10.0
# with:
# target: ${{ secrets.PROD_URL }}