Skip to content
CI - CD

chore(deps): update dependency @types/memoizee to v0.4.12 - autoclosed #3265

Sign in to view logs

chore(deps): update dependency @types/memoizee to v0.4.12 - autoclosed

chore(deps): update dependency @types/memoizee to v0.4.12 - autoclosed #3265

Workflow file for this run

.github/workflows/ci.yaml at 91f6f0e
name: CI - CD
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
security-scan:
name: Security scan dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "22"
- name: Download Shai-Hulud IOC list
run: |
curl -o iocs.csv https://raw.githubusercontent.com/DataDog/indicators-of-compromise/refs/heads/main/shai-hulud-2.0/consolidated_iocs.csv
- name: Scan dependencies against IOCs
run: node scripts/scan-dependencies.js
validations:
runs-on: ubuntu-latest
needs: security-scan
env:
DATABASE_URL: postgresql://catalogi:pg_password@localhost:5432/db
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_USER: catalogi
POSTGRES_PASSWORD: pg_password
POSTGRES_DB: db
ports:
- 5432:5432
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "22"
- name: Install dependencies
run: yarn install --frozen-lockfile --ignore-scripts
- name: Build back
run: cd api && yarn build
- name: Migrate db
run: cd api && yarn migrate latest
- name: Fullcheck
run: yarn fullcheck
e2e:
name: E2E tests
runs-on: ubuntu-latest
needs: security-scan
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "22"
- name: Install dependencies
run: yarn install --frozen-lockfile --ignore-scripts
- name: Install Playwright browsers
run: cd e2e && npx playwright install --with-deps chromium
- name: Run e2e tests
run: cd e2e && yarn test:e2e
check_if_version_upgraded:
name: Check if version upgrade
if: github.event_name == 'push'
runs-on: ubuntu-latest
needs: [validations, e2e]
outputs:
from_version: ${{ steps.step1.outputs.from_version }}
to_version: ${{ steps.step1.outputs.to_version }}
is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }}
steps:
- uses: garronej/ts-ci@v2.1.5
id: step1
with:
action_name: is_package_json_version_upgraded
- run: |
echo "from_version=${{ steps.step1.outputs.from_version }}"
echo "to_version=${{ steps.step1.outputs.to_version }}"
echo "is_upgraded_version=${{ steps.step1.outputs.is_upgraded_version }}"
create_tag:
name: Create version tag
runs-on: ubuntu-latest
needs:
- check_if_version_upgraded
if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
env:
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Create tag
run: |
git config --local user.email "actions@github.com"
git config --local user.name "GitHub Actions"
git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}"
git push --tags
create_github_release:
name: "Create release notes"
runs-on: ubuntu-latest
needs:
- check_if_version_upgraded
- create_tag
if: |
needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push'
env:
RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Helm
uses: azure/setup-helm@v4
- name: Build Helm chart dependencies
run: |
helm dependency build helm-charts/catalogi
- name: Package Helm chart
run: |
helm package helm-charts/catalogi
- name: "Generate release on github"
uses: softprops/action-gh-release@v2
with:
name: Release ${{ env.RELEASE_TAG }}
prerelease: false
tag_name: ${{ env.RELEASE_TAG }}
generate_release_notes: true
files: catalogi-*.tgz
token: ${{ secrets.GITHUB_TOKEN }}
publish_helm_index:
name: Publish Helm chart index
runs-on: ubuntu-latest
permissions:
contents: write
needs:
- check_if_version_upgraded
- create_github_release
if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
env:
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
steps:
- name: Generate GitHub App token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.RELEASE_APP_ID }}
private_key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ steps.generate_token.outputs.token }}
fetch-depth: 0
- name: Configure git
run: |
git config --local user.email "actions@github.com"
git config --local user.name "GitHub Actions"
- name: Setup gh-pages branch
run: |
git fetch origin
if git ls-remote --heads origin gh-pages | grep gh-pages; then
git checkout gh-pages
else
git checkout -b gh-pages
fi
git reset --hard origin/main
- name: Install Helm
uses: azure/setup-helm@v4
- name: Create charts directory
run: mkdir -p docs/charts
- name: Download chart from release
run: |
gh release download v${TO_VERSION} --pattern "catalogi-*.tgz" --dir docs/charts/
env:
GH_TOKEN: ${{ github.token }}
- name: Generate Helm repository index with merge
run: |
helm repo index docs/charts/ --url https://github.com/codegouvfr/catalogi/releases/download/v${TO_VERSION}/ --merge docs/charts/index.yaml
- name: Commit and push to gh-pages
run: |
git add docs/charts/index.yaml
git commit -m "chore: update Helm chart index for v${TO_VERSION}"
git push origin gh-pages --force
docker:
name: Build and push Docker images
runs-on: ubuntu-latest
needs:
- check_if_version_upgraded
if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Computing Docker image tags
id: step1
env:
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
run: |
OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest
OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}')
echo ::set-output name=docker_api_tags::$OUT_API
OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest
OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}')
echo ::set-output name=docker_web_tags::$OUT_WEB
- uses: docker/build-push-action@v5
with:
push: true
context: .
file: ./Dockerfile.api
tags: ${{ steps.step1.outputs.docker_api_tags }}
- uses: docker/build-push-action@v5
with:
push: true
context: .
file: ./Dockerfile.web
tags: ${{ steps.step1.outputs.docker_web_tags }}