fix: update ws dependency to address security alerts #1365
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: run-ci | |
on: | |
push: | |
branches: | |
- main | |
pull_request_target: | |
branches: | |
- main | |
types: | |
- opened | |
- synchronize | |
- labeled | |
# cancel in-progress runs on new commits to same PR (gitub.event.number) | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.number || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
verify-run: | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write # used to remove label | |
contents: read | |
# We run CI only if the event is a: | |
# 1) pull request not from a fork (ie. internal PR), or | |
# 2) pull request from a fork (ie. external PR) that was added "action: run-ci" label | |
if: | | |
(github.event.pull_request.head.repo.full_name == github.repository) || | |
(github.event.action == 'labeled' && github.event.label.name == 'run-ci') | |
steps: | |
- name: remove label, if applicable | |
if: always() && github.event.label.name == 'run-ci' | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const { issue: { number: issue_number }, repo: { owner, repo } } = context; | |
const label = 'run-ci'; | |
github.rest.issues.removeLabel({ owner, repo, issue_number, name: label }); | |
ci: | |
runs-on: ubuntu-latest | |
needs: verify-run | |
environment: ci | |
env: | |
DATABASE_URL: 'file:data/test.db' | |
VITE_NEXTAUTH_URL: 'http://localhost:3000' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
persist-credentials: false | |
- uses: actions/setup-node@v3 | |
id: setup-node | |
with: | |
node-version-file: '.node-version' | |
- uses: actions/cache@v3 | |
with: | |
path: '~/.pnpm-store' | |
key: ${{ runner.os }}-${{ steps.setup-node.outputs.node-version }}-${{ hashFiles('pnpm-lock.yaml') }} | |
- run: corepack enable | |
- run: pnpm install | |
- run: pnpm run lint | |
# build workspace | |
- run: pnpm run build | |
env: | |
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} | |
VITE_HOST: ${{ secrets.VITE_HOST }} | |
VITE_NEXTAUTH_URL: ${{ secrets.VITE_NEXTAUTH_URL }} | |
VITE_DISCORD_GUILD_ID: ${{ secrets.VITE_DISCORD_GUILD_ID }} | |
- run: pnpm run setup-test | |
env: | |
DATABASE_URL: 'file:data/test.db' | |
- run: pnpm run test | |
env: | |
DISCORD_GUILD_ID: ${{ secrets.VITE_DISCORD_GUILD_ID }} | |
DISCORD_WEBHOOK_URL_RELEASES: ${{ secrets.DISCORD_WEBHOOK_URL_RELEASES }} | |
DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }} | |
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} | |
GITHUB_WEBHOOK_SECRET: ${{ secrets.GH_WEBHOOK_SECRET }} | |
GITHUB_APP_ID: ${{ secrets.GH_APP_ID }} | |
GITHUB_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }} | |
GITHUB_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }} | |
GITHUB_PRIVATE_KEY: ${{ secrets.GH_PRIVATE_KEY }} | |
GITHUB_INSTALLATION_ID: ${{ secrets.GH_INSTALLATION_ID }} | |
GITHUB_ORG_LOGIN: ${{ secrets.GH_ORG_LOGIN }} | |
VITE_HOST: ${{ secrets.VITE_HOST }} | |
VITE_NEXTAUTH_URL: ${{ secrets.VITE_NEXTAUTH_URL }} | |
VITE_DISCORD_GUILD_ID: ${{ secrets.VITE_DISCORD_GUILD_ID }} |