chore: fix vulnerabilities #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy static website to AWS S3 bucket | |
| on: | |
| push: | |
| branches: | |
| - master | |
| jobs: | |
| deploy-static-website-to-aws-s3-bucket: | |
| if: "!contains(github.event.head_commit.message, '[skip ci]')" | |
| name: Deploy static website to AWS S3 bucket | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: Install dependencies | |
| run: npm ci --quiet --ignore-scripts | |
| - name: Audit dependencies | |
| run: npm audit --omit=dev --audit-level=moderate | |
| - name: Lint project | |
| run: npm run lint:project | |
| - name: Test | |
| run: npm run test:coverage | |
| - name: Import GPG key for Aldra GitHub Bot | |
| id: gpg | |
| uses: crazy-max/ghaction-import-gpg@v5 | |
| with: | |
| gpg_private_key: ${{ secrets.ALDRA_GITHUB_BOT_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.ALDRA_GITHUB_BOT_GPG_PASSPHRASE }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_tag_gpgsign: false # https://github.com/semantic-release/semantic-release/pull/1871 | |
| - name: Build static website | |
| run: npm run build | |
| - name: Install envsubst | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install gettext-base | |
| - name: Create configuration | |
| env: | |
| OIDC_ISSUER: ${{ vars.OIDC_ISSUER }} | |
| OIDC_CLIENT_ID: ${{ vars.OIDC_CLIENT_ID }} | |
| OIDC_SCOPES: ${{ vars.OIDC_SCOPES }} | |
| run: envsubst < ./config.template > ./dist/config.js; | |
| - name: Release | |
| env: | |
| GIT_AUTHOR_NAME: ${{ steps.gpg.outputs.name }} | |
| GIT_AUTHOR_EMAIL: ${{ steps.gpg.outputs.email }} | |
| GIT_COMMITTER_NAME: ${{ steps.gpg.outputs.name }} | |
| GIT_COMMITTER_EMAIL: ${{ steps.gpg.outputs.email }} | |
| GITHUB_TOKEN: ${{ secrets.ALDRA_GITHUB_BOT_TOKEN }} | |
| run: npx semantic-release | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Deploy static website to AWS S3 bucket | |
| run: aws s3 sync dist s3://${{ secrets.AWS_S3_BUCKET_NAME }} --delete |