fix: package.json & package-lock.json to reduce vulnerabilities #112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test | |
on: push | |
jobs: | |
lint-test: | |
name: Lint and Test API | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Node 18 | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
- name: Npm install | |
run: npm ci | |
- name: Run linter | |
run: npm run lint | |
- name: Start docker environment for testing | |
run: docker-compose up -d db redis | |
- name: Run tests | |
run: npm test | |
- name: Show docker compose logs | |
run: docker-compose logs | |
if: ${{ always() }} | |
- name: Stop docker environment for testing | |
run: docker-compose down | |
if: ${{ always() }} | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/node@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
args: --severity-threshold=high | |
- name: Coveralls | |
uses: coverallsapp/github-action@master | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
path-to-lcov: ./coverage/lcov.info | |
docker: | |
name: Build Docker Images | |
needs: lint-test | |
if: success() && github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Package Version | |
id: vars | |
run: echo ::set-output name=docker_tag::$(grep version package.json | awk -F \" '{print $4}') | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
push: true | |
tags: jtwebman/node-express-postgres-docker-todo:${{ steps.vars.outputs.docker_tag }},jtwebman/node-express-postgres-docker-todo:latest | |
docker-security: | |
name: Check Docker Image Security | |
needs: docker | |
if: success() && github.ref == 'refs/heads/master' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Run Snyk to check Docker image for vulnerabilities | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: jtwebman/node-express-postgres-docker-todo | |
args: --fail-on=all |