Skip to content

fix: path-to-regexp vulnerability #1341

fix: path-to-regexp vulnerability

fix: path-to-regexp vulnerability #1341

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 5
strategy:
matrix:
node-version: [20.x]
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Cache node modules
uses: actions/cache@v1
with:
path: node_modules
key: yarn-deps-${{ hashFiles('yarn.lock') }}
restore-keys: |
yarn-deps-${{ hashFiles('yarn.lock') }}
- name: Lint the content
run: |
yarn config set workspaces-experimental true
yarn install --frozen-lockfile
yarn build
yarn lint
yarn test
cdn:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: write
needs:
- test
strategy:
matrix:
node-version: [20.x]
steps:
- name: Check out the repository
uses: actions/checkout@v3
with:
token: ${{ secrets.DISPATCH_ACCESS_TOKEN }}
- name: Set up Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Cache node modules
uses: actions/cache@v1
with:
path: node_modules
key: yarn-deps-${{ hashFiles('yarn.lock') }}
restore-keys: |
yarn-deps-${{ hashFiles('yarn.lock') }}
- name: Create CDN build
env:
GITHUB_TOKEN: ${{ secrets.DISPATCH_ACCESS_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
yarn config set workspaces-experimental true
yarn install --frozen-lockfile
git fetch --tags
PACKAGE_VERSION=$($GITHUB_WORKSPACE/node_modules/.bin/auto shipit -dq) yarn build
- name: Push compiled content
uses: s0/git-publish-subdir-action@develop
env:
REPO: self
BRANCH: cdn
FOLDER: packages/embed-cdn/lib
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release:
if: "!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci') && github.repository_owner == 'gr4vy' && github.ref == 'refs/heads/main'"
runs-on: ubuntu-latest
needs:
- test
strategy:
matrix:
node-version: [20.x]
steps:
- uses: actions/checkout@v3
with:
token: ${{ secrets.DISPATCH_ACCESS_TOKEN }}
- name: Prepare repository
run: git fetch --unshallow --tags
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Cache node modules
uses: actions/cache@v1
with:
path: node_modules
key: yarn-deps-${{ hashFiles('yarn.lock') }}
restore-keys: |
yarn-deps-${{ hashFiles('yarn.lock') }}
- name: Create Release
env:
GITHUB_TOKEN: ${{ secrets.DISPATCH_ACCESS_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
yarn config set workspaces-experimental true
yarn install --frozen-lockfile
PACKAGE_VERSION=$($GITHUB_WORKSPACE/node_modules/.bin/auto shipit -dq) yarn build
yarn release
scan:
runs-on: ubuntu-latest
timeout-minutes: 2
strategy:
matrix:
node-version:
- 20.x
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
exit-code: 1
env:
TRIVY_DB_REPOSITORY: us-docker.pkg.dev/gr4vy-admin/aquasecurity/trivy-db