[Snyk] Security upgrade @angular-builders/custom-webpack from 16.0.1 to 19.0.0 #2836
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: | |
- master | |
- /^\d+\.\d+\.x$/ | |
tags: | |
- "*" | |
pull_request: | |
branches: | |
- master | |
- /^\d+\.\d+\.x$/ | |
env: | |
TZ: "Europe/Brussels" | |
MAIN_NODEJS: "20" | |
NPM_VERSION: "10.x" | |
LOGS_DIR: /tmp/stark/logs | |
LOGS_FILE: /tmp/stark/logs/build-perf.log | |
HUSKY: 0 | |
jobs: | |
build-and-test: | |
name: Build and test on Node.js ${{ matrix.node_version }} and ${{ matrix.os }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
node_version: ["18", "20", "22"] | |
os: [ubuntu-latest] | |
steps: | |
# Some actions should be executed only in one environment. | |
# This variable determines if it is the main environment, it means the same than the one we have internally. | |
- name: Set environment variable 'IS_MAIN_ENVIRONMENT' | |
run: | | |
if [[ '${{ matrix.node_version }}' == '${{ env.MAIN_NODEJS }}' ]] && [[ '${{ matrix.os }}' == 'ubuntu-latest' ]]; then | |
echo "IS_MAIN_ENVIRONMENT=1" >> $GITHUB_ENV | |
else | |
echo "IS_MAIN_ENVIRONMENT=0" >> $GITHUB_ENV | |
fi | |
# See: https://github.com/marketplace/actions/checkout | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: | | |
if [[ '${{ github.event_name != 'pull_request' }}' ]]; then | |
1 | |
else | |
git rev-list --count ${{ github.event.pull_request.base.sha }}..HEAD | |
fi | |
# See: https://github.com/marketplace/actions/setup-node-js-environment | |
- name: Use Node.js ${{ matrix.node_version }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node_version }} | |
# See: https://github.com/marketplace/actions/cache | |
# See doc: https://docs.github.com/en/actions/guides/caching-dependencies-to-speed-up-workflows | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-node-modules-${{ matrix.node_version }}-${{ matrix.os }} | |
with: | |
# npm cache files are stored in `~/.npm` on Linux | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install npm ${{ env.NPM_VERSION }} | |
run: npm i -g npm@${{ env.NPM_VERSION }} | |
- name: Get tag name if exists | |
run: | | |
TAG_NAME=$(echo $GITHUB_REF | sed -n "s/^refs\/tags\/\(\S*\).*$/\1/p") | |
echo "GH_ACTIONS_TAG=${TAG_NAME}" >> $GITHUB_ENV | |
- name: List main variables | |
run: | | |
echo "Commit SHA : ${GITHUB_SHA}" | |
echo "Tag name : ${{ env.GH_ACTIONS_TAG }}" | |
echo "Reference : ${GITHUB_REF}" | |
echo "Head branch : ${GITHUB_HEAD_REF}" | |
echo "Base branch : ${GITHUB_BASE_REF}" | |
echo "Build number: ${GITHUB_RUN_NUMBER}" | |
echo "Repository : ${GITHUB_REPOSITORY}" | |
echo "Event : ${GITHUB_EVENT_NAME}" | |
echo "Author : ${GITHUB_ACTOR}" | |
echo "Main ENV : ${{ env.IS_MAIN_ENVIRONMENT }}" | |
NODE_VERSION="$(node -v)" | |
echo "Node version: $NODE_VERSION" | |
# This ensures that we are authenticated without requiring to have an actual .npmrc file within the project | |
# echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc | |
- name: Check if dependencies are in sync between root and packages | |
run: "npm run check:packages-dependencies" | |
- name: Create file & folder for GitHub Actions logs | |
run: | | |
# cfr scripts/_ghactions-group.sh | |
mkdir -p ${{ env.LOGS_DIR }} | |
touch ${{ env.LOGS_FILE }} | |
- name: Install dependencies | |
run: npm ci | |
- name: Prettier check | |
run: | | |
npx prettier $(git diff-tree --no-commit-id --name-only --stat --diff-filter=ACM -r ${{ github.event.pull_request.base.sha }} HEAD) --check | |
if: github.event_name == 'pull_request' | |
- name: Build packages | |
run: npm run build:trace | |
- name: Linting packages | |
run: npm run lint:packages | |
- name: Testing packages | |
run: npm run test:ci:packages | |
# See: https://github.com/marketplace/actions/upload-a-build-artifact | |
- name: Upload stark packages-dist folder | |
uses: actions/upload-artifact@v4 | |
with: | |
name: stark-dist | |
path: dist/packages-dist | |
if: env.IS_MAIN_ENVIRONMENT == 1 | |
- name: Generate docs coverage | |
run: npm run docs:coverage:packages | |
if: env.IS_MAIN_ENVIRONMENT == 1 | |
- name: Combine coveralls reports | |
run: node combine-packages-coverage.js | |
if: env.IS_MAIN_ENVIRONMENT == 1 | |
# See: https://github.com/marketplace/actions/coveralls-github-action | |
- name: Coveralls | |
uses: coverallsapp/github-action@v2 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
path-to-lcov: "combined-lcov.info" | |
if: env.IS_MAIN_ENVIRONMENT == 1 | |
- name: Clean root node_modules | |
run: rm -rf ./node_modules | |
- name: Install starter | |
run: npm i | |
working-directory: starter | |
- name: "Install showcase with install command" | |
if: github.actor == 'nbb-bot' && startsWith(github.ref_head, 'dependabot/npm_and_yarn') | |
run: | | |
rm package-lock.json | |
npm install | |
working-directory: showcase | |
- name: "Install showcase with ci command" | |
if: github.actor != 'nbb-bot' || !startsWith(github.ref_head, 'dependabot/npm_and_yarn') | |
run: npm ci | |
working-directory: showcase | |
- name: Linting showcase & starter | |
run: | | |
npm run lint:showcase | |
npm run lint:starter | |
- name: Testing showcase & starter | |
run: | | |
npm run test:ci:showcase | |
npm run test:ci:starter | |
- name: "Build showcase:ghpages" | |
run: npm run build:showcase:ghpages | |
# See: https://github.com/marketplace/actions/upload-a-build-artifact | |
- name: Upload showcase dist folder | |
uses: actions/upload-artifact@v4 | |
with: | |
name: showcase-dist | |
path: showcase/dist | |
if: env.IS_MAIN_ENVIRONMENT == 1 | |
# - name: BrowserStack Env Setup | |
# uses: browserstack/github-actions/setup-env@master | |
# with: | |
# username: ${{ secrets.BROWSERSTACK_USERNAME }} | |
# access-key: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | |
# project-name: "Stark Showcase" | |
# if: env.IS_MAIN_ENVIRONMENT == 1 && github.event_name == 'push' | |
# | |
# - name: BrowserStack Local Tunnel Setup | |
# uses: browserstack/github-actions/setup-local@master | |
# with: | |
# local-testing: "start" | |
# local-logging-level: "all-logs" | |
# local-identifier: "github-actions-${{ github.run_number }}" | |
# if: env.IS_MAIN_ENVIRONMENT == 1 && github.event_name == 'push' | |
# | |
# - name: Running application under test | |
# run: npm run server:prod:ci & | |
# if: env.IS_MAIN_ENVIRONMENT == 1 && github.event_name == 'push' | |
# working-directory: showcase | |
# | |
# - name: Running test on BrowserStack | |
# run: npm run protractor:browserstack | |
# if: env.IS_MAIN_ENVIRONMENT == 1 && github.event_name == 'push' | |
# working-directory: showcase | |
# | |
# - name: BrowserStackLocal Stop | |
# uses: browserstack/github-actions/setup-local@master | |
# with: | |
# local-testing: stop | |
# if: env.IS_MAIN_ENVIRONMENT == 1 && github.event_name == 'push' | |
- name: Generate starter docs coverage | |
run: npm run docs:starter:coverage | |
if: env.IS_MAIN_ENVIRONMENT == 1 | |
- name: Save logs | |
run: bash ./scripts/ci/print-logs.sh | |
release: | |
name: Release | |
runs-on: "ubuntu-latest" | |
needs: build-and-test | |
if: (startsWith(github.ref, 'refs/tags/') || github.event_name == 'schedule') && github.repository == 'NationalBankBelgium/stark' | |
steps: | |
- name: Get tag name if exists | |
run: | | |
TAG_NAME=$(echo $GITHUB_REF | sed -n "s/^refs\/tags\/\(\S*\).*$/\1/p") | |
echo "GH_ACTIONS_TAG=${TAG_NAME}" >> $GITHUB_ENV | |
# See: https://github.com/marketplace/actions/checkout | |
- uses: actions/checkout@v4 | |
# See: https://github.com/marketplace/actions/setup-node-js-environment | |
- name: Use Node.js ${{ env.MAIN_NODEJS }} | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.MAIN_NODEJS }} | |
- name: Install npm ${{ env.NPM_VERSION }} | |
run: npm i -g npm@${{ env.NPM_VERSION }} | |
- name: Create file & folder for GitHub Actions logs | |
run: | | |
# cfr scripts/_ghactions-group.sh | |
mkdir -p ${{ env.LOGS_DIR }} | |
touch ${{ env.LOGS_FILE }} | |
# See: https://github.com/marketplace/actions/download-a-build-artifact | |
- uses: actions/download-artifact@v4 | |
with: | |
name: stark-dist | |
path: dist/packages-dist | |
# See: https://github.com/marketplace/actions/download-a-build-artifact | |
- uses: actions/download-artifact@v4 | |
with: | |
name: showcase-dist | |
path: showcase/dist | |
- name: Install Stark dependencies | |
run: npm ci | |
if: github.event_name != 'schedule' | |
- name: Generate docs | |
run: npm run docs:publish -- --github-api-key=${{ secrets.GITHUB_TOKEN }} | |
if: github.event_name != 'schedule' | |
- name: Set npm token | |
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc | |
- name: Release stark | |
run: npm run release:publish | |
- name: Save logs | |
run: bash ./scripts/ci/print-logs.sh |