VACMS-11848 Add rel=noreferrer to external links #4759
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Manual Review | |
| on: | |
| pull_request: | |
| types: [ready_for_review, synchronize, reopened, opened] | |
| env: | |
| BOT_NAME: va-vfs-bot | |
| PR_NUMBER: ${{ github.event.number }} | |
| jobs: | |
| eslint-check: | |
| name: ESLint Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Get Node version | |
| id: get-node-version | |
| run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
| - name: Setup Node | |
| uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
| with: | |
| node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-gov-west-1 | |
| - name: Get bot token from Parameter Store | |
| uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
| with: | |
| ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN | |
| env_variable_name: GITHUB_TOKEN | |
| - name: Cache dependencies | |
| id: cache-dependencies | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| with: | |
| path: | | |
| ~/.cache/yarn | |
| node_modules | |
| key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }} | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile --prefer-offline | |
| env: | |
| YARN_CACHE_FOLDER: ~/.cache/yarn | |
| - name: Run PR check script | |
| run: yarn pr-check | |
| env: | |
| CODE_PATTERN: (/* eslint-disable)|(// eslint-disable) | |
| LINE_COMMENT: ESLint disabled here | |
| OVERALL_REVIEW_COMMENT: > | |
| # ESLint is disabled | |
| `vets-website` uses ESLint to help enforce code quality. In most | |
| situations we would like ESLint to remain enabled. | |
| ## What you can do | |
| See if the code can be refactored to avoid disabling ESLint, or wait for | |
| a VSP review. | |
| icon-check: | |
| name: Icon Check | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.draft == false | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Get Node version | |
| id: get-node-version | |
| run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
| - name: Setup Node | |
| uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
| with: | |
| node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-gov-west-1 | |
| - name: Get bot token from Parameter Store | |
| uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
| with: | |
| ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN | |
| env_variable_name: GITHUB_TOKEN | |
| - name: Cache dependencies | |
| id: cache-dependencies | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| with: | |
| path: | | |
| ~/.cache/yarn | |
| node_modules | |
| key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }} | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile --prefer-offline | |
| env: | |
| YARN_CACHE_FOLDER: ~/.cache/yarn | |
| - name: Run PR check script | |
| run: yarn pr-check | |
| env: | |
| CODE_PATTERN: (<i )|(<i$) | |
| LINE_COMMENT: icon found | |
| OVERALL_REVIEW_COMMENT: > | |
| # Icon found | |
| Icons can be decorative, but sometimes they are used to convey meaning. | |
| If there are any semantics associated with an icon, those semantics | |
| should also be conveyed to a screen reader. | |
| ## What you can do | |
| Review the markup and see if the icon provides information that isn't | |
| represented textually, or wait for a VSP review. | |
| sentry-check: | |
| name: Sentry Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Get Node version | |
| id: get-node-version | |
| run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
| - name: Setup Node | |
| uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
| with: | |
| node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-gov-west-1 | |
| - name: Get bot token from Parameter Store | |
| uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
| with: | |
| ssm_parameter: /devops/VA_VFS_BOT_GITHUB_TOKEN | |
| env_variable_name: GITHUB_TOKEN | |
| - name: Cache dependencies | |
| id: cache-dependencies | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| with: | |
| path: | | |
| ~/.cache/yarn | |
| node_modules | |
| key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-${{ hashFiles('yarn.lock') }} | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile --prefer-offline | |
| env: | |
| YARN_CACHE_FOLDER: ~/.cache/yarn | |
| - name: Run PR check script | |
| run: yarn pr-check | |
| env: | |
| CODE_PATTERN: Sentry\. | |
| LINE_COMMENT: Sentry found | |
| OVERALL_REVIEW_COMMENT: > | |
| # Sentry call found | |
| Sentry captures a lot of data, and we want to make sure that we only | |
| keep information that will be useful for troubleshooting issues. This | |
| means that PII should not be recorded. | |
| ## What you can do | |
| Review your call to Sentry and see if you can reasonably reduce any | |
| information that is included, or wait for a VSP review. |