Skip to content

Commit

Permalink
chore: upgrade Node.js runtime to v16 and fix axios vulnerability
Browse files Browse the repository at this point in the history
- Updated all actions to use node16 instead of node12
- Updated axios in wait-for action to fix CSRF vulnerability
- Rebuilt all actions to verify compatibility
  • Loading branch information
orubin committed Dec 19, 2024
1 parent 5e010f0 commit c814bf4
Show file tree
Hide file tree
Showing 6 changed files with 180 additions and 11 deletions.
100 changes: 100 additions & 0 deletions .github/workflows/build-test-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
name: Build, Test and Release

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
# Allow manual trigger
workflow_dispatch:

jobs:
detect-changes:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3

- name: Get changed directories
id: set-matrix
run: |
DIRS=$(ls -d */ | grep -v 'node_modules\|.git\|.github' | sed 's/\///g' | jq -R -s -c 'split("\n")[:-1]')
echo "matrix=${DIRS}" >> $GITHUB_OUTPUT
build-and-test:
needs: detect-changes
runs-on: ubuntu-latest
strategy:
matrix:
action: ${{fromJson(needs.detect-changes.outputs.matrix)}}
fail-fast: false # Continue with other actions even if one fails

steps:
- uses: actions/checkout@v3

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
cache: 'npm'

- name: Install root dependencies
run: npm ci

- name: Install action dependencies
working-directory: ${{ matrix.action }}
run: npm ci

- name: Build
working-directory: ${{ matrix.action }}
run: npm run build

- name: Test
working-directory: ${{ matrix.action }}
run: |
if [ -f "package.json" ] && grep -q "\"test\"" "package.json"; then
npm test
fi
release:
needs: build-and-test
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '16'

- name: Install dependencies
run: npm ci

- name: Get version
id: get_version
run: |
VERSION=$(node -p "require('./package.json').version")
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Create Release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v${{ steps.get_version.outputs.version }}
release_name: Release v${{ steps.get_version.outputs.version }}
body: |
Release of version ${{ steps.get_version.outputs.version }}
This release includes all actions in the repository:
- run-discovery
- run-scan
- stop-discovery
- stop-scan
- wait-for
draft: false
prerelease: false
83 changes: 76 additions & 7 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion run-scan/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,5 @@ outputs:
id:
description: 'Scan ID'
runs:
using: 'node12'
using: 'node16'
main: 'dist/index.js'
2 changes: 1 addition & 1 deletion stop-scan/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@ inputs:
description: 'Hostname. Default is app.brightsec.com'
required: false
runs:
using: 'node12'
using: 'node16'
main: 'dist/index.js'
2 changes: 1 addition & 1 deletion wait-for/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,5 +45,5 @@ outputs:
url:
description: 'Url of the resulting scan'
runs:
using: 'node12'
using: 'node16'
main: 'dist/index.js'
2 changes: 1 addition & 1 deletion wait-for/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
"dependencies": {
"@actions/core": "^1.9.1",
"@actions/github": "^5.0.0",
"axios": "^0.22.0",
"axios": "^1.7.9",
"axios-retry": "^3.2.0"
},
"devDependencies": {
Expand Down

0 comments on commit c814bf4

Please sign in to comment.