Fix security vulnerabilities detected by Dependabot #81
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs | |
| name: node-pr | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: ["main"] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| find-yarn-projects: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-yarn-folders.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Find yarn projects | |
| id: set-yarn-folders | |
| # This step uses a bash script to find all subfolders that contain a yarn.lock file | |
| run: | | |
| #!/bin/bash | |
| set -e # exit with nonzero exit code if anything fails | |
| shopt -s globstar # enable globstar option to use ** for recursive matching | |
| yarndirs=() | |
| for lockfile in **/yarn.lock; do # loop over all yarn.lock files | |
| dir=$(dirname "$lockfile") # get the directory of the lock file | |
| echo "Found yarn project in $dir" | |
| yarndirs+=("$dir") # add the directory to the yarndirs array | |
| done | |
| echo "All yarn projects found: '${yarndirs[*]}'" | |
| yarndirs_json=$(echo -n "${yarndirs[*]%\n}" | jq -R -s -j --compact-output 'split(" ")') | |
| matrix_json="{\"node_version\":[18], \"yarn_folder\":$yarndirs_json}" | |
| echo "Setting output matrix to $matrix_json" | |
| echo "matrix=$matrix_json" >> $GITHUB_OUTPUT | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: find-yarn-projects | |
| strategy: | |
| matrix: ${{ fromJson(needs.find-yarn-projects.outputs.matrix) }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js ${{ matrix.node_version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node_version }} | |
| cache: "yarn" | |
| cache-dependency-path: "**/yarn.lock" | |
| - name: Run yarn install & yarn build | |
| # This step runs yarn install and yarn build for each project. | |
| # The --frozen-lockfile option ensures that the dependencies are installed exactly as specified in the lock file. | |
| # The -cwd option sets the current working directory to the folder where the yarn.lock file is located. | |
| run: | | |
| #!/bin/bash | |
| set -e # exit with nonzero exit code if anything fails | |
| dir=${{ matrix.yarn_folder }} # get the directory of the lock file | |
| echo "Running yarn install and yarn build for $dir" | |
| yarn --cwd "$dir" install --frozen-lockfile # install dependencies | |
| yarn --cwd "$dir" build # run build script |