Skip to content

fix: update ws dependency to address security alerts #1365

fix: update ws dependency to address security alerts

fix: update ws dependency to address security alerts #1365

Workflow file for this run

name: run-ci
on:
push:
branches:
- main
pull_request_target:
branches:
- main
types:
- opened
- synchronize
- labeled
# cancel in-progress runs on new commits to same PR (gitub.event.number)
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.sha }}
cancel-in-progress: true
jobs:
verify-run:
runs-on: ubuntu-latest
permissions:
pull-requests: write # used to remove label
contents: read
# We run CI only if the event is a:
# 1) pull request not from a fork (ie. internal PR), or
# 2) pull request from a fork (ie. external PR) that was added "action: run-ci" label
if: |
(github.event.pull_request.head.repo.full_name == github.repository) ||
(github.event.action == 'labeled' && github.event.label.name == 'run-ci')
steps:
- name: remove label, if applicable
if: always() && github.event.label.name == 'run-ci'
uses: actions/github-script@v6
with:
script: |
const { issue: { number: issue_number }, repo: { owner, repo } } = context;
const label = 'run-ci';
github.rest.issues.removeLabel({ owner, repo, issue_number, name: label });
ci:
runs-on: ubuntu-latest
needs: verify-run
environment: ci
env:
DATABASE_URL: 'file:data/test.db'
VITE_NEXTAUTH_URL: 'http://localhost:3000'
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
persist-credentials: false
- uses: actions/setup-node@v3
id: setup-node
with:
node-version-file: '.node-version'
- uses: actions/cache@v3
with:
path: '~/.pnpm-store'
key: ${{ runner.os }}-${{ steps.setup-node.outputs.node-version }}-${{ hashFiles('pnpm-lock.yaml') }}
- run: corepack enable
- run: pnpm install
- run: pnpm run lint
# build workspace
- run: pnpm run build
env:
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
VITE_HOST: ${{ secrets.VITE_HOST }}
VITE_NEXTAUTH_URL: ${{ secrets.VITE_NEXTAUTH_URL }}
VITE_DISCORD_GUILD_ID: ${{ secrets.VITE_DISCORD_GUILD_ID }}
- run: pnpm run setup-test
env:
DATABASE_URL: 'file:data/test.db'
- run: pnpm run test
env:
DISCORD_GUILD_ID: ${{ secrets.VITE_DISCORD_GUILD_ID }}
DISCORD_WEBHOOK_URL_RELEASES: ${{ secrets.DISCORD_WEBHOOK_URL_RELEASES }}
DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
GITHUB_WEBHOOK_SECRET: ${{ secrets.GH_WEBHOOK_SECRET }}
GITHUB_APP_ID: ${{ secrets.GH_APP_ID }}
GITHUB_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GITHUB_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
GITHUB_PRIVATE_KEY: ${{ secrets.GH_PRIVATE_KEY }}
GITHUB_INSTALLATION_ID: ${{ secrets.GH_INSTALLATION_ID }}
GITHUB_ORG_LOGIN: ${{ secrets.GH_ORG_LOGIN }}
VITE_HOST: ${{ secrets.VITE_HOST }}
VITE_NEXTAUTH_URL: ${{ secrets.VITE_NEXTAUTH_URL }}
VITE_DISCORD_GUILD_ID: ${{ secrets.VITE_DISCORD_GUILD_ID }}