[Snyk] Security upgrade axios from 0.24.0 to 1.6.4 #4187
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: MyCryptoBuilds | |
env: | |
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET_MYCRYPTOBUILDS }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_MYCRYPTOBUILDS }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_MYCRYPTOBUILDS }} | |
AWS_REGION: 'us-east-2' | |
on: | |
pull_request: | |
branches: | |
- '*' | |
push: | |
branches: | |
- master | |
repository_dispatch: | |
types: [ok-to-test-command] | |
jobs: | |
myc-build: | |
environment: STAGING | |
runs-on: ubuntu-latest | |
steps: | |
# Fetch the PR number to use it with AWS | |
- name: Set PR_NUMBER | |
run: | | |
PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }') | |
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV | |
# Define url as env var to be used by TestCafe. | |
- name: Set E2E_BASE_URL | |
if: github.ref != 'refs/heads/master' && github.event_name == 'pull_request' | |
run: | | |
E2E_BASE_URL=$( echo https://mycryptobuilds.com/pr/${PR_NUMBER}/# ) | |
echo $E2E_BASE_URL | |
echo "E2E_BASE_URL=$E2E_BASE_URL" >> $GITHUB_ENV | |
# Define url as env var to be used by TestCafe. | |
- name: Set E2E_BASE_URL | |
if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
run: | | |
E2E_BASE_URL=$( echo https://mycryptobuilds.com/master/# ) | |
echo $E2E_BASE_URL | |
echo "E2E_BASE_URL=$E2E_BASE_URL" >> $GITHUB_ENV | |
# Define url as env var to be used by TestCafe. | |
- name: Set E2E_BASE_URL | |
if: github.event_name == 'repository_dispatch' | |
run: | | |
E2E_BASE_URL=$( echo https://mycryptobuilds.com/pr/${{ github.event.client_payload.pull_request.number }}/# ) | |
echo $E2E_BASE_URL | |
echo "E2E_BASE_URL=$E2E_BASE_URL" >> $GITHUB_ENV | |
- uses: actions/checkout@v2 | |
if: github.event_name != 'repository_dispatch' | |
- uses: actions/checkout@v2 | |
if: github.event_name == 'repository_dispatch' | |
with: | |
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' | |
- name: Retrieve node version from .nvmrc | |
run: echo "##[set-output name=NVMRC;]$(cat package.json | grep '\"node\":' | sed 's/^ *//;s/ *$//;s/\"node\":\ \"//;s/\",//')" | |
id: nvm | |
- name: Setup node ${{ steps.nvm.outputs.NVMRC }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: '${{ steps.nvm.outputs.NVMRC }}' | |
- name: Cache node modules | |
id: cache | |
uses: actions/cache@v2 | |
with: | |
path: node_modules | |
## Check cache based on yarn.lock hashfile | |
key: ${{ runner.OS }}-build-${{ hashFiles('**/yarn.lock') }} | |
- name: Cache Hardhat network | |
uses: actions/cache@v2 | |
with: | |
path: .cache/hardhat | |
key: ${{ runner.OS }}-build-${{ hashFiles('**/hardhat.config.ts') }} | |
- name: Install Dependencies | |
## If no cache is found, install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: yarn install --frozen-lockfile | |
- name: Set outputs | |
id: vars | |
run: echo "::set-output name=sha::$(git rev-parse HEAD)" | |
- name: yarn build:staging | |
run: yarn build:staging | |
if: github.event_name == 'pull_request' | |
env: | |
COMMIT_HASH: ${{ github.event.pull_request.head.sha }} | |
- name: yarn build:staging | |
run: yarn build:staging | |
if: github.event_name == 'repository_dispatch' | |
env: | |
COMMIT_HASH: ${{ github.event.client_payload.pull_request.head.sha }} | |
- name: yarn build:staging | |
run: yarn build:staging | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
env: | |
COMMIT_HASH: ${{ steps.vars.outputs.sha }} | |
- name: S3 Sync - Downloadable Branch - push | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'push' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
env: | |
DEST_DIR: ${GITHUB_REF##*/} | |
SOURCE_DIR: 'dist/web' | |
- name: S3 Sync - Downloadable Branch - repository_dispatch | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'repository_dispatch' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
env: | |
DEST_DIR: ${{ github.event.client_payload.pull_request.head.ref }} | |
SOURCE_DIR: 'dist/web' | |
- name: S3 Sync - Downloadable Branch - pull_request | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
env: | |
DEST_DIR: ${{ github.head_ref }} | |
SOURCE_DIR: 'dist/web' | |
#### | |
- name: S3 Sync - SHA Push | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'push' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --exclude '.git/*' | |
env: | |
DEST_DIR: ${GITHUB_SHA} | |
SOURCE_DIR: 'dist/web' | |
- name: S3 Sync - SHA Pull Request | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --exclude '.git/*' | |
env: | |
DEST_DIR: ${{ github.event.pull_request.head.sha }} | |
SOURCE_DIR: 'dist/web' | |
- name: S3 Sync - SHA Repository Dispatch | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'repository_dispatch' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --exclude '.git/*' | |
env: | |
DEST_DIR: ${{ github.event.client_payload.pull_request.head.sha }} | |
SOURCE_DIR: 'dist/web' | |
#### | |
- name: S3 Sync - Downloadable - PR Number | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
env: | |
DEST_DIR: 'pr/${PR_NUMBER}' | |
SOURCE_DIR: 'dist/web' | |
- name: S3 Sync - Downloadable - PR Number - Repository Dispatch | |
uses: jakejarvis/[email protected] | |
if: github.event_name == 'repository_dispatch' | |
with: | |
args: --acl public-read --cache-control max-age=0 --follow-symlinks --delete --exclude '.git/*' | |
env: | |
DEST_DIR: 'pr/${{ github.event.client_payload.pull_request.number }}' | |
SOURCE_DIR: 'dist/web' | |
- name: Mycrypto-bot trigger | |
if: github.event_name == 'pull_request' | |
run: aws sns publish --topic-arn ${{ secrets.SNS_TOPIC_MYCRYPTO_BOT }} --region us-east-2 --message $(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }') | |
# Launch E2E tests. When in pull request it runs against the PR's mycryptobuilds url. | |
- name: E2E - run | |
run: yarn test:e2e:ci | |
env: | |
INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }} | |
- name: Update PR status | |
uses: actions/github-script@v1 | |
id: update-check-run | |
if: github.event_name == 'repository_dispatch' | |
env: | |
number: ${{ github.event.client_payload.pull_request.number }} | |
job: ${{ github.job }} | |
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run | |
conclusion: ${{ job.status }} | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const { data: pull } = await github.pulls.get({ | |
...context.repo, | |
pull_number: process.env.number | |
}); | |
const ref = pull.head.sha; | |
const { data: checks } = await github.checks.listForRef({ | |
...context.repo, | |
ref | |
}); | |
const check = checks.check_runs.filter(c => c.name === process.env.job); | |
const { data: result } = await github.checks.update({ | |
...context.repo, | |
check_run_id: check[0].id, | |
status: 'completed', | |
conclusion: process.env.conclusion | |
}); | |
return result; |