Bump eslint from 8.53.0 to 8.54.0 (#1303) #2346
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check | |
| on: | |
| pull_request: ~ | |
| push: | |
| branches: | |
| - main | |
| - main-v1 | |
| permissions: read-all | |
| jobs: | |
| codeql: | |
| name: CodeQL | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| security-events: write # To upload CodeQL results | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| ghcr.io:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| pkg-containers.githubusercontent.com:443 | |
| uploads.github.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6 | |
| with: | |
| config-file: ./.github/codeql.yml | |
| languages: javascript | |
| - name: Perform CodeQL analysis | |
| uses: github/codeql-action/analyze@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6 | |
| format: | |
| name: Formatting | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Check formatting | |
| run: npm run format:check | |
| licenses: | |
| name: Licenses | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Check licenses | |
| run: npm run license-check | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install tooling | |
| uses: asdf-vm/actions/install@4f8f7939dd917fc656bb7c3575969a5988c28364 # v3.0.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Lint CI | |
| if: ${{ failure() || success() }} | |
| run: npm run lint:ci | |
| - name: Lint JavaScript | |
| if: ${{ failure() || success() }} | |
| run: npm run lint:js | |
| - name: Lint JSON | |
| if: ${{ failure() || success() }} | |
| run: npm run lint:json | |
| - name: Lint MarkDown | |
| if: ${{ failure() || success() }} | |
| run: npm run lint:md | |
| - name: Lint shell scripts | |
| if: ${{ failure() || success() }} | |
| run: npm run lint:sh | |
| - name: Lint YAML | |
| if: ${{ failure() || success() }} | |
| run: npm run lint:yml | |
| njsscan: | |
| name: njsscan | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| security-events: write # To upload SARIF results | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| ghcr.io:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| pkg-containers.githubusercontent.com:443 | |
| uploads.github.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Perform njsscan analysis | |
| id: njsscan | |
| uses: ajinabraham/njsscan-action@d58d8b2f26322cd35a9efb8003baac517f226d81 # v7 | |
| with: | |
| args: . --sarif --output njsscan-results.sarif || true | |
| - name: Upload njsscan report to GitHub | |
| uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6 | |
| if: ${{ failure() || success() }} | |
| with: | |
| sarif_file: njsscan-results.sarif | |
| reproducible: | |
| name: Reproducible build | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - transpile | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Transpile to CommonJS | |
| run: npm run transpile | |
| - name: Compute checksum | |
| run: shasum index.cjs testing.cjs | tee checksums.txt | |
| - name: Reset to a clean state | |
| run: npm run clean | |
| - name: Transpile to CommonJS again | |
| run: npm run transpile | |
| - name: Verify checksum | |
| run: shasum --check checksums.txt --strict | |
| test-breakage: | |
| name: Breakage | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - test-integration | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Run breakage tests | |
| run: npm run coverage:breakage | |
| test-compatibility: | |
| name: Compatibility | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - test-integration | |
| - transpile | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node-version: | |
| - 14.18.0 | |
| - 16.13.0 | |
| - 18.0.0 | |
| - 19.0.0 | |
| - 20.0.0 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version: ${{ matrix.node-version }} | |
| - name: Install compatible npm version | |
| run: npm install --global [email protected] | |
| - name: Install dependencies | |
| run: npm clean-install --ignore-scripts | |
| - name: Download index.cjs | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: index-common-js | |
| - name: Run compatibility tests | |
| run: npm run coverage:compat --ignore-scripts | |
| test-e2e: | |
| name: End-to-end (${{ matrix.name }}) | |
| runs-on: ${{ matrix.os }} | |
| needs: | |
| - test-integration | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: MacOS | |
| os: macos-12 | |
| - name: Ubuntu | |
| os: ubuntu-22.04 | |
| - name: Windows | |
| os: windows-2022 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: false | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| azure.archive.ubuntu.com:80 | |
| codecov.io:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| storage.googleapis.com:443 | |
| uploader.codecov.io:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Install csh | |
| if: ${{ matrix.name == 'Ubuntu' }} | |
| run: sudo apt-get --assume-yes install csh | |
| - name: Install Zsh | |
| if: ${{ matrix.name == 'Ubuntu' }} | |
| run: sudo apt-get --assume-yes install zsh | |
| - name: Run end-to-end tests | |
| run: npm run coverage:e2e | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
| if: ${{ always() }} | |
| with: | |
| file: ./_reports/coverage/e2e/lcov.info | |
| flags: e2e-${{ matrix.name }} | |
| test-integration: | |
| name: Integration (${{ matrix.name }}) | |
| runs-on: ${{ matrix.os }} | |
| needs: | |
| - test-unit | |
| - transpile | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: MacOS | |
| os: macos-12 | |
| - name: Ubuntu | |
| os: ubuntu-22.04 | |
| - name: Windows | |
| os: windows-2022 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: false | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| azure.archive.ubuntu.com:80 | |
| codecov.io:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| storage.googleapis.com:443 | |
| uploader.codecov.io:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Install Zsh | |
| if: ${{ matrix.name == 'Ubuntu' }} | |
| run: sudo apt-get --assume-yes install zsh | |
| - name: Install csh | |
| if: ${{ matrix.name == 'Ubuntu' }} | |
| run: sudo apt-get --assume-yes install csh | |
| - name: Run integration tests | |
| run: npm run coverage:integration | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
| if: ${{ always() }} | |
| with: | |
| file: ./_reports/coverage/integration/lcov.info | |
| flags: integration-${{ matrix.name }} | |
| test-mutation-unit: | |
| name: Mutation (Unit) | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - test-unit | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Cache Stryker incremental report | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| with: | |
| path: .cache/stryker-incremental-unit.json | |
| key: mutation-unit-${{ github.run_number }} | |
| restore-keys: | | |
| mutation-unit- | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Run mutation tests | |
| run: npm run mutation:unit | |
| - name: Upload mutation report | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| if: ${{ failure() || success() }} | |
| with: | |
| name: mutation-unit-report | |
| path: | | |
| _reports/mutation/unit.html | |
| .cache/stryker-incremental-unit.json | |
| test-mutation-integration: | |
| name: Mutation (integration) | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - test-integration | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: false | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| azure.archive.ubuntu.com:80 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Cache Stryker incremental report | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| with: | |
| path: .cache/stryker-incremental-integration.json | |
| key: mutation-integration-${{ github.run_number }} | |
| restore-keys: | | |
| mutation-integration- | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Install Zsh | |
| run: sudo apt-get --assume-yes install zsh | |
| - name: Install csh | |
| run: sudo apt-get --assume-yes install csh | |
| - name: Run mutation tests | |
| run: npm run mutation:integration | |
| - name: Upload mutation report | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| if: ${{ failure() || success() }} | |
| with: | |
| name: mutation-integration-report | |
| path: | | |
| _reports/mutation/integration.html | |
| .cache/stryker-incremental-integration.json | |
| test-unit: | |
| name: Unit | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| codecov.io:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| storage.googleapis.com:443 | |
| uploader.codecov.io:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Run unit tests | |
| run: npm run coverage:unit | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
| if: ${{ always() }} | |
| with: | |
| file: ./_reports/coverage/unit/lcov.info | |
| flags: unit | |
| transpile: | |
| name: Transpile | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Transpile to CommonJS | |
| run: npm run transpile | |
| - name: Upload transpiled file for re-use | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| with: | |
| name: index-common-js | |
| path: index.cjs | |
| retention-days: 1 | |
| trivy: | |
| name: Trivy | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| security-events: write # To upload SARIF results | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| ghcr.io:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| pkg-containers.githubusercontent.com:443 | |
| uploads.github.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Perform Trivy analysis | |
| uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # 0.14.0 | |
| with: | |
| exit-code: 1 | |
| format: sarif | |
| output: trivy-results.sarif | |
| scanners: vuln,secret | |
| scan-type: fs | |
| scan-ref: . | |
| template: "@/contrib/sarif.tpl" | |
| - name: Upload Trivy report to GitHub | |
| uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6 | |
| if: ${{ failure() || success() }} | |
| with: | |
| sarif_file: trivy-results.sarif | |
| vet: | |
| name: Vet | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| actions-results-receiver-production.githubapp.com:443 | |
| api.github.com:443 | |
| artifactcache.actions.githubusercontent.com:443 | |
| github.com:443 | |
| gitlab.com:443 | |
| nodejs.org:443 | |
| objects.githubusercontent.com:443 | |
| registry.npmjs.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: Install Node.js | |
| uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 | |
| with: | |
| cache: npm | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: npm clean-install | |
| - name: Vet dependencies | |
| if: ${{ failure() || success() }} | |
| run: npm run vet:deps | |
| - name: Check runtime dependency versions | |
| if: ${{ failure() || success() }} | |
| run: node script/check-runtime-deps.js |