Fix: Logger vulnerability and CI graph generation #103
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Run all tests" | |
| on: [push] | |
| jobs: | |
| validation: | |
| runs-on: ubuntu-24.04 | |
| name: "Validation" | |
| permissions: | |
| security-events: write | |
| packages: read | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Create varaibles.json | |
| run: npm run local-env-file | |
| - name: Run prettier | |
| run: npm run prettier | |
| - name: Run linter | |
| run: npm run lint | |
| - name: Build | |
| run: npm run build:mini | |
| - name: Audit packages | |
| run: npm audit --audit-level=high | |
| - name: Jests | |
| run: npm run test:silent | |
| CodeQL: | |
| needs: validation | |
| runs-on: ubuntu-24.04 | |
| name: "Analyze TypeScript" | |
| permissions: | |
| security-events: write | |
| packages: read | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: javascript-typescript | |
| build-mode: none | |
| queries: security-extended | |
| config: | | |
| query-filter: | |
| - exclude: | |
| tags: /cwe-200/ | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/language:javascript-typescript" | |
| Anchore: | |
| needs: validation | |
| runs-on: ubuntu-24.04 | |
| name: "Anchore" | |
| permissions: | |
| security-events: write | |
| packages: read | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Set up Grype installation path | |
| run: echo "$HOME/bin" >> $GITHUB_PATH | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: Download Grype | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b $HOME/bin | |
| - uses: actions/checkout@v4 | |
| - name: Build the Container image | |
| run: docker build . --file docker/Dockerfile-base --tag localbuild/testimage:latest | |
| - name: Run Grype test | |
| run: grype -o sarif localbuild/testimage:latest > results.sarif | |
| - name: Upload Anchore scan SARIF report | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ./results.sarif | |
| test-building: | |
| needs: [validation] | |
| runs-on: ubuntu-24.04 | |
| name: "Test building" | |
| permissions: | |
| security-events: write | |
| packages: read | |
| actions: read | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Github Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate Docker tags | |
| uses: docker/metadata-action@v5 | |
| id: metadata | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=raw,enable=true,priority=200,prefix=,suffix=,value=${{ github.sha }} | |
| - name: Build and Push Docker Images | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/Dockerfile-base | |
| platforms: linux/amd64,linux/arm64 | |
| push: false | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-dev: | |
| name: "Dev-build" | |
| permissions: | |
| security-events: read | |
| packages: write | |
| actions: read | |
| contents: read | |
| runs-on: ubuntu-24.04 | |
| if: github.ref_name == 'dev' | |
| needs: [test-building, Anchore, CodeQL] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Github Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ github.token }} | |
| - name: Generate Docker tags | |
| uses: docker/metadata-action@v5 | |
| id: metadata | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=raw,enable=true,priority=200,prefix=,suffix=,value=nightly | |
| flavor: | | |
| latest=false | |
| - name: Build and Push Docker Images | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/Dockerfile-dev | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |