Skip to content
Back to pull request #22257

feat(vulnerabilities): handle medium and unknown severities #38513

Sign in to view logs

feat(vulnerabilities): handle medium and unknown severities

feat(vulnerabilities): handle medium and unknown severities #38513

Workflow file for this run

.github/workflows/build.yml at 2fb44a5
name: build
on:
push:
branches:
- main
pull_request:
merge_group:
workflow_dispatch:
inputs:
dryRun:
description: 'Dry-Run'
default: 'true'
required: false
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
env:
# Currently no way to detect automatically (#8153)
DEFAULT_BRANCH: main
NODE_VERSION: 18
DRY_RUN: true
jobs:
test:
name: ${{ matrix.node-version == 18 && format('test ({0})', matrix.os) || format('test ({0}, node-{1})', matrix.os, matrix.node-version) }}
runs-on: ${{ matrix.os }}
# tests shouldn't need more time
timeout-minutes: 45
strategy:
matrix:
os: [ubuntu-latest]
node-version: [18]
# skip macOS and Windows test on pull requests without 'ci:fulltest' label
include: >-
${{ fromJSON((github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'ci:fulltest')) && '[{
"os": "macos-latest",
"node-version": 18
}, {
"os": "windows-latest",
"node-version": 18
}]' || '[]') }}
env:
coverage: ${{ matrix.os == 'ubuntu-latest' && matrix.node-version == 18 }}
NODE_VERSION: ${{ matrix.node-version }}
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 2
- name: Set up Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ env.NODE_VERSION }}
cache: yarn
- name: Init platform
shell: bash
run: |
git config --global core.autocrlf false
git config --global core.symlinks true
git config --global user.email 'renovate@whitesourcesoftware.com'
git config --global user.name 'Renovate Bot'
git --version
echo "Node $(node --version)"
echo "Yarn $(yarn --version)"
- name: Installing dependencies
uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
with:
timeout_minutes: 10
max_attempts: 3
command: yarn install --frozen-lockfile
# build before tests to for static file check
- name: Build
run: yarn build
- name: Cache jest cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: .cache/jest
key: ${{ runner.os }}-${{ matrix.node-version }}-jest-${{ hashFiles('yarn.lock') }}
- name: Unit tests
run: yarn jest --ci --coverage ${{ env.coverage }}
- name: Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
if: always() && env.coverage == 'true'
- name: E2E Test
run: yarn test-e2e
lint:
runs-on: ubuntu-latest
# lint shouldn't need more than 10 min
timeout-minutes: 15
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 2
- name: Set up Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ env.NODE_VERSION }}
cache: yarn
- name: Init platform
run: |
git config --global core.autocrlf false
git config --global core.symlinks true
git config --global user.email 'renovate@whitesourcesoftware.com'
git config --global user.name 'Renovate Bot'
echo "Node $(node --version)"
echo "Yarn $(yarn --version)"
- name: Installing dependencies
run: yarn install --frozen-lockfile
- name: Type check
run: yarn type-check
- name: markdownlint
uses: DavidAnson/markdownlint-cli2-action@bb4bb94c73936643d73d345b48fead3e96f90a5e # v10.0.1
- name: Lint
run: |
yarn ls-lint
yarn eslint -f gha
yarn prettier
yarn git-check
yarn doc-fence-check
- name: Test schema
run: yarn test-schema
release:
needs: [lint, test]
if: github.repository == 'renovatebot/renovate' && github.event_name != 'pull_request'
runs-on: ubuntu-latest
# release shouldn't need more than 5 min
timeout-minutes: 15
permissions:
contents: write
issues: write
pull-requests: write
steps:
# full checkout for semantic-release
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
- name: Set up Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ env.NODE_VERSION }}
cache: yarn
- name: Init platform
run: |
git config --global core.autocrlf false
git config --global core.symlinks true
git config --global user.email 'renovate@whitesourcesoftware.com'
git config --global user.name 'Renovate Bot'
- name: Check dry run
run: |
if [[ "${{github.event_name}}" == "workflow_dispatch" && "${{ github.event.inputs.dryRun }}" != "true" ]]; then
echo "DRY_RUN=false" >> $GITHUB_ENV
elif [[ "${{github.ref}}" == "refs/heads/${{env.DEFAULT_BRANCH}}" ]]; then
echo "DRY_RUN=false" >> $GITHUB_ENV
elif [[ "${{github.ref}}" =~ ^refs/heads/v[0-9]+(\.[0-9]+)?$ ]]; then
echo "DRY_RUN=false" >> $GITHUB_ENV
fi
- name: Installing dependencies
run: yarn install --frozen-lockfile
- name: semantic-release
run: |
echo '//registry.yarnpkg.com/:_authToken=${NPM_TOKEN}' >> ./.npmrc
yarn semantic-release --dry-run ${{env.DRY_RUN}}
git checkout -- .npmrc
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Upload docs
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: docs
path: tmp/docs/