[Snyk] Security upgrade next from 14.2.11 to 14.2.15 #9379
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code quality | |
on: | |
push: | |
branches: | |
- master | |
- dev | |
pull_request: | |
concurrency: | |
cancel-in-progress: true | |
group: quality-${{ github.ref }} | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: "yarn" | |
- name: Install dependencies | |
run: | | |
yarn install --immutable | |
- name: Build code | |
run: | | |
yarn build | |
env: | |
NEXT_PUBLIC_ES_INDEX_PREFIX: ${{ secrets.NEXT_PUBLIC_ES_INDEX_PREFIX }} | |
ELASTICSEARCH_TOKEN_API: ${{ secrets.ELASTICSEARCH_TOKEN_API }} | |
ELASTICSEARCH_URL: ${{ secrets.ELASTICSEARCH_URL }} | |
- name: Cache build | |
uses: actions/cache@v4 | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
needs: [build] | |
strategy: | |
fail-fast: false | |
matrix: | |
repositories: | |
[ | |
"@cdt/frontend", | |
"@socialgouv/modeles-social", | |
"@socialgouv/cdtn-utils", | |
] | |
steps: | |
- uses: actions/cache@v4 | |
name: Restore build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- name: Lint ${{ matrix.repositories }} | |
run: | | |
yarn workspace ${{ matrix.repositories }} lint --quiet | |
format: | |
name: Code formatter checker | |
runs-on: ubuntu-latest | |
needs: [build] | |
strategy: | |
fail-fast: false | |
matrix: | |
repositories: | |
[ | |
"@cdt/frontend", | |
"@socialgouv/modeles-social", | |
"@socialgouv/cdtn-utils", | |
] | |
steps: | |
- uses: actions/cache@v4 | |
name: Restore build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- name: Code formatter checker for ${{ matrix.repositories }} | |
run: | | |
yarn workspace ${{ matrix.repositories }} format:check | |
build-storybook: | |
name: Build Storybook | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- uses: actions/cache@v4 | |
name: Restore build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- name: Build Storybook | |
run: yarn workspace @socialgouv/cdtn-ui build-storybook | |
type-check: | |
name: Check typescript types | |
runs-on: ubuntu-latest | |
needs: [build] | |
strategy: | |
fail-fast: false | |
matrix: | |
repositories: | |
[ | |
"@cdt/frontend", | |
"@socialgouv/modeles-social", | |
"@socialgouv/cdtn-utils", | |
"@socialgouv/cdtn-ui", | |
] | |
steps: | |
- uses: actions/cache@v4 | |
name: Restore build | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- name: Type-check ${{ matrix.repositories }} | |
run: | | |
yarn workspace ${{ matrix.repositories }} type-check | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
needs: [build] | |
strategy: | |
fail-fast: false | |
matrix: | |
repositories: | |
["@socialgouv/cdtn-ui", "@cdt/frontend", "@socialgouv/modeles-social"] | |
steps: | |
- name: Configure sysctl limits | |
run: | | |
sudo swapoff -a | |
sudo sysctl -w vm.swappiness=1 | |
sudo sysctl -w fs.file-max=262144 | |
sudo sysctl -w vm.max_map_count=262144 | |
- name: Runs Elasticsearch | |
uses: elastic/elastic-github-actions/elasticsearch@master | |
with: | |
stack-version: 8.13.4 | |
security-enabled: false | |
- name: Verify Elasticsearch connection | |
run: | | |
curl -fsSL "http://localhost:9200/_cat/health?h=status" | |
- name: Restore build | |
uses: actions/cache@v4 | |
with: | |
path: ./* | |
key: ${{ github.sha }} | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: "yarn" | |
- name: Test ${{ matrix.repositories }} | |
run: | | |
yarn workspace ${{ matrix.repositories }} test | |
env: | |
ELASTICSEARCH_URL: http://localhost:9200 | |
docker: | |
name: Lint Dockerfile | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Lint Dockerfile | |
uses: hadolint/[email protected] | |
with: | |
recursive: true |