[Security][Workflow]: Include SAST #615
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Staging | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - closed | |
| concurrency: preview-${{ github.ref }} | |
| jobs: | |
| set_info: | |
| if: ${{ !startsWith(github.head_ref, 'release/') && github.event.action == 'opened' }} | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| name: Set Jira Info | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: tzkhan/pr-update-action@v2 | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| base-branch-regex: '[a-z\d-_.\\/]+' | |
| head-branch-regex: 'pwn-\d+' | |
| title-update-action: 'prefix' | |
| title-template: '[%headbranch%]' | |
| body-template: | | |
| 🚀 [ JIRA TICKET ](https://p2pvalidator.atlassian.net/browse/%headbranch%) | |
| body-update-action: 'prefix' | |
| body-uppercase-base-match: false | |
| lint_types: | |
| if: ${{ !startsWith(github.head_ref, 'release/') }} | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| name: Typecheck TS | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cache node_modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| node_modules | |
| */*/node_modules | |
| key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install dependecies | |
| run: yarn install --frozen-lockfile | |
| - name: Run Test | |
| run: lerna run --concurrency 1 --stream lint:type --exclude-dependents | |
| lint_es: | |
| if: ${{ !startsWith(github.head_ref, 'release/') }} | |
| needs: lint_types | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| name: Lint ESLint | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cache node_modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| node_modules | |
| */*/node_modules | |
| key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install dependecies | |
| run: yarn install --frozen-lockfile | |
| - name: Run Test | |
| run: lerna run --concurrency 1 --stream lint:es --exclude-dependents | |
| lint_style: | |
| if: ${{ !startsWith(github.head_ref, 'release/') }} | |
| needs: lint_types | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| name: Lint Stylelint | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cache node_modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| node_modules | |
| */*/node_modules | |
| key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install dependecies | |
| run: yarn install --frozen-lockfile | |
| - name: Run Test | |
| run: lerna run --concurrency 1 --stream lint:style --exclude-dependents | |
| deploy_stage: | |
| needs: [lint_style, lint_es] | |
| if: ${{ !startsWith(github.head_ref, 'release/') && (github.event.action == 'opened' || github.event.action == 'synchronize') }} | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| name: Deploy PR preview | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cache node_modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| node_modules | |
| */*/node_modules | |
| key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install dependecies | |
| run: yarn install --frozen-lockfile | |
| # set 'steps.vars.outputs.sha_short' variable that is used in 'Build site' step | |
| - name: Set short sha output | |
| id: vars | |
| run: echo "::set-output name=sha_short::$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" | |
| - name: Build site | |
| env: | |
| REACT_APP_BASENAME: /p2p-wallet-web/pr-preview/pr-${{ github.event.pull_request.number }} | |
| REACT_APP_CRYPTO_COMPARE_API_KEY: ${{ secrets.REACT_APP_CRYPTO_COMPARE_API_KEY }} | |
| REACT_APP_FEE_RELAYER_URL: ${{ secrets.REACT_APP_FEE_RELAYER_URL }} | |
| REACT_APP_AMPLITUDE_API_KEY: ${{ secrets.REACT_APP_AMPLITUDE_API_KEY }} | |
| REACT_APP_INTERCOM_APP_ID: ${{ secrets.REACT_APP_INTERCOM_APP_ID }} | |
| REACT_APP_MOONPAY_API_KEY: ${{ secrets.REACT_APP_MOONPAY_API_KEY }} | |
| REACT_APP_MOONPAY_SIGNER_URL: ${{ secrets.REACT_APP_MOONPAY_SIGNER_URL }} | |
| REACT_APP_ORCA_CACHE_URL: ${{ secrets.REACT_APP_ORCA_CACHE_URL }} | |
| REACT_APP_STAGING: true | |
| REACT_APP_SENTRY_DSN_ENDPOINT: ${{ secrets.REACT_APP_SENTRY_DSN_ENDPOINT }} | |
| REACT_APP_SENTRY_MODE: staging | |
| REACT_APP_SENTRY_TRACES_SAMPLE_RATE: 1 | |
| REACT_APP_SENTRY_RELEASE: p2p-wallet-web_pr-preview_${{ github.event.pull_request.number }}_${{ steps.vars.outputs.sha_short }} | |
| REACT_APP_FIREBASE_API_KEY: ${{ secrets.REACT_APP_FIREBASE_API_KEY }} | |
| REACT_APP_FIREBASE_APP_ID: ${{ secrets.REACT_APP_FIREBASE_APP_ID }} | |
| REACT_APP_RPCPOOL_API_KEY: ${{ secrets.REACT_APP_RPCPOOL_API_KEY }} | |
| REACT_APP_NAME_SERVICE_URL: ${{ secrets.REACT_APP_NAME_SERVICE_URL }} | |
| run: yarn build | |
| - name: Deploy preview | |
| uses: rossjrw/pr-preview-action@v1 | |
| with: | |
| source-dir: ./packages/web/build | |
| action: deploy | |
| preview-branch: gh-pages | |
| remove_preview: | |
| if: ${{ !startsWith(github.head_ref, 'release/') && ((github.event.action == 'closed') || github.event.pull_request.merged) }} | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| name: Remove PR preview | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Clean up preview | |
| uses: rossjrw/pr-preview-action@v1 | |
| with: | |
| source-dir: ./packages/web/build | |
| action: remove | |
| preview-branch: gh-pages |