Skip to content

[Snyk] Fix for 10 vulnerabilities #18

[Snyk] Fix for 10 vulnerabilities

[Snyk] Fix for 10 vulnerabilities #18

Workflow file for this run

name: 'actions-build-test'
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
- 'releases/*'
paths:
- 'scan/*'
- '.github/workflows/scan.yml'
jobs:
check-dist:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set Node.js 12.x
uses: actions/[email protected]
with:
node-version: 12.x
- name: Install dependencies
run: cd scan && npm ci && cd ../common && npm ci
- name: Rebuild the dist/ directory
run: cd scan && npm run build && npm run package
- name: Compare the expected and actual dist/ directories
run: |
if [ "$(git diff --ignore-space-at-eol scan/dist/ | wc -l)" -gt "0" ]; then
echo "Detected uncommitted changes after build. See status below:"
git diff
exit 1
fi
id: diff
# If index.js was different from expected, upload the expected version as an artifact
- uses: actions/upload-artifact@v3
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
with:
name: dist
path: scan/dist/
build: # make sure build/ci work properly
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest ]
steps:
- uses: actions/checkout@v3
- run: |
cd scan
npm install
npm test
qodana: # make sure the action works on a clean machine without building
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: ./
with:
args: --print-problems,--log-level,debug
env:
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
qodana-no-pr: # pr mode disabled
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./
with:
args: --print-problems,--log-level,debug
pr-mode: false
env:
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
# Not possible at the moment for GitHub-hosted Windows agents: https://github.com/JetBrains/qodana-action/pull/31#issue-812728409
# test-windows:
# runs-on: windows-latest
# steps:
# - uses: actions/checkout@v3
# - uses: ./
# with:
# linter: jetbrains/qodana-js