luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/.github/workflows/ember-test-audit.yml
Tim Gross dbfcfbd623
build: move GitHub actions to versions allowed by prodsec (#17238) 
The `backspace/ember-asset-size` action we're using is unmaintained and has a
bunch of vulns in it, so it won't pass security screening (this is a NodeJS
action so it has piles of dependencies, 99% of which won't be in use but fails
automated screening anyways). Move this to the upstream version.

The `machine-learning-apps/pr-comment` action also presents a problem for the
ProdSec security screening because it's archived and also runs an external
Docker image. Move this to a likely-ok maintained action for now, until we can
spare some time to remove this in lieu of something more reasonable that isn't a
GitHub action.
2023-05-19 09:07:02 -04:00

85 lines
3.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Ember test audit comparison
on:
pull_request:
paths:
- '.github/workflows/ember*'
- 'ui/**'
defaults:
run:
working-directory: ui
# Theres currently no way to share steps between jobs so theres a lot of duplication
# for running the audit for the base and PR.
jobs:
time-base:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.event.pull_request.base.sha }}
- uses: nanasess/setup-chromedriver@95301782a076fbe8c9ecf54395a4689f7b195285 # v2.0.0
- name: Use Node.js
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '14'
- run: yarn --frozen-lockfile
- run: mkdir -p /tmp/test-reports
- run: npx ember-test-audit 1 --json --output ../base-audit.json
- name: Upload result
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: base-audit
path: base-audit.json
time-pr:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: nanasess/setup-chromedriver@95301782a076fbe8c9ecf54395a4689f7b195285 # v2.0.0
- name: Use Node.js
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '14'
- run: yarn --frozen-lockfile
- run: mkdir -p /tmp/test-reports
- run: npx ember-test-audit 1 --json --output ../pr-audit.json
- name: Upload result
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: pr-audit
path: pr-audit.json
compare:
needs: [time-base, time-pr]
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: base-audit
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: pr-audit
- uses: backspace/ember-test-audit-comparison-action@21e9492d0033bc7e84b6189ae94537a6ed045cfa # v2
with:
base-report-path: base-audit.json
comparison-report-path: pr-audit.json
base-identifier: ${{ github.event.pull_request.base.ref }}
comparison-identifier: ${{ github.event.pull_request.head.sha }}
timing-output-path: audit-diff.md
flakiness-output-path: flakiness-report.md
- uses: marocchino/sticky-pull-request-comment@f61b6cf21ef2fcc468f4345cdfcc9bda741d2343 # v2.6.2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
path: audit-diff.md
- name: Check for existence of flakiness report
id: check_file
uses: andstor/file-existence-action@f02338908d150e00a4b8bebc2dad18bd9e5229b0 # v1.1.0
with:
files: "flakiness-report.md"
- name: comment PR
if: steps.check_file.outputs.files_exists == 'true'
uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
message_path: flakiness-report.md
Reference in a new issue View git blame Copy permalink