Skip to content

chore(deps): bump cookie, @sentry/node, express and express-session #4908

chore(deps): bump cookie, @sentry/node, express and express-session

chore(deps): bump cookie, @sentry/node, express and express-session #4908

Workflow file for this run

name: ci
on:
push:
pull_request:
types: [opened, reopened]
env:
PRODUCTION_BRANCH: refs/heads/production
STAGING_BRANCH: refs/heads/staging
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- run: npm run lint
compile:
name: Compile
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- run: npm run build
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- name: Configure Datadog Test Visibility
env:
DD_SERVICE_NAME: ${{ secrets.DD_SERVICE_NAME }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
if: env.DD_SERVICE_NAME != '' && env.DD_API_KEY != ''
uses: datadog/test-visibility-github-action@v1
with:
languages: js
service-name: ${{ secrets.DD_SERVICE_NAME }}
api-key: ${{ secrets.DD_API_KEY }}
- run: npm run test:coverage
env:
# Required to allow Datadog to trace Vitest tests
NODE_OPTIONS: --max-old-space-size=4096 -r ${{ env.DD_TRACE_PACKAGE }}
gatekeep:
name: Determine if Build & Deploy is needed
outputs:
proceed: ${{ steps.determine_proceed.outputs.proceed }}
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- id: determine_proceed
run: |
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo '::set-output name=proceed::true';
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo '::set-output name=proceed::true';
else
echo '::set-output name=proceed::false';
fi
deploy:
name: Build & Deploy
runs-on: ubuntu-latest
needs: [test, lint, compile, gatekeep]
if: needs.gatekeep.outputs.proceed == 'true'
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- run: |
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo LAMBDA_NODE_ENV=staging >> $GITHUB_ENV;
echo VPC_SUBNET_A=${{ secrets.VPC_SUBNET_A_STAGING }} >> $GITHUB_ENV;
echo VPC_SUBNET_B=${{ secrets.VPC_SUBNET_B_STAGING }} >> $GITHUB_ENV;
echo VPC_SUBNET_C=${{ secrets.VPC_SUBNET_C_STAGING }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_API=${{ secrets.VPC_SECURITY_GROUP_API_STAGING }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_STATIC=${{ secrets.VPC_SECURITY_GROUP_STATIC_STAGING }} >> $GITHUB_ENV;
echo DATABASE_URL=${{ secrets.DATABASE_URL_STAGING }} >> $GITHUB_ENV;
echo SESSION_SECRET=${{ secrets.SESSION_SECRET_STAGING }} >> $GITHUB_ENV;
echo OTP_SECRET=${{ secrets.OTP_SECRET_STAGING }} >> $GITHUB_ENV;
echo GA_TRACKING_ID=${{ secrets.GA_TRACKING_ID_STAGING }} >> $GITHUB_ENV;
echo "MAIL_SUFFIX=${{ secrets.MAIL_SUFFIX_STAGING }}" >> $GITHUB_ENV;
echo APP_HOST=staging.checkfirst.gov.sg >> $GITHUB_ENV;
echo DEPLOY_TIMESTAMP=$(date) >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo LAMBDA_NODE_ENV=production >> $GITHUB_ENV;
echo VPC_SUBNET_A=${{ secrets.VPC_SUBNET_A_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SUBNET_B=${{ secrets.VPC_SUBNET_B_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SUBNET_C=${{ secrets.VPC_SUBNET_C_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_API=${{ secrets.VPC_SECURITY_GROUP_API_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_STATIC=${{ secrets.VPC_SECURITY_GROUP_STATIC_PRODUCTION }} >> $GITHUB_ENV;
echo DATABASE_URL=${{ secrets.DATABASE_URL_PRODUCTION }} >> $GITHUB_ENV;
echo SESSION_SECRET=${{ secrets.SESSION_SECRET_PRODUCTION }} >> $GITHUB_ENV;
echo OTP_SECRET=${{ secrets.OTP_SECRET_PRODUCTION }} >> $GITHUB_ENV;
echo GA_TRACKING_ID=${{ secrets.GA_TRACKING_ID_PRODUCTION }} >> $GITHUB_ENV;
echo "MAIL_SUFFIX=${{ secrets.MAIL_SUFFIX_PRODUCTION }}" >> $GITHUB_ENV;
echo APP_HOST=checkfirst.gov.sg >> $GITHUB_ENV;
echo DEPLOY_TIMESTAMP=$(date) >> $GITHUB_ENV
fi
- run: npm run build
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
FRONTEND_SENTRY_DSN: ${{ secrets.FRONTEND_SENTRY_DSN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
- name: serverless deploy
uses: opengovsg/[email protected]
with:
args: -c "serverless plugin install --name serverless-plugin-custom-binary && serverless deploy --conceal"
entrypoint: /bin/bash
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
LAMBDA_NODE_ENV: ${{ env.LAMBDA_NODE_ENV }}
VPC_SUBNET_A: ${{ env.VPC_SUBNET_A }}
VPC_SUBNET_B: ${{ env.VPC_SUBNET_B }}
VPC_SUBNET_C: ${{ env.VPC_SUBNET_C }}
VPC_SECURITY_GROUP_API: ${{ env.VPC_SECURITY_GROUP_API }}
VPC_SECURITY_GROUP_STATIC: ${{ env.VPC_SECURITY_GROUP_STATIC }}
DATABASE_URL: ${{ env.DATABASE_URL }}
SESSION_SECRET: ${{ env.SESSION_SECRET }}
OTP_SECRET: ${{ env.OTP_SECRET }}
OTP_EXPIRY: ${{ secrets.OTP_EXPIRY }}
APP_HOST: ${{ env.APP_HOST }}
FRONTEND_SENTRY_DSN: ${{ secrets.FRONTEND_SENTRY_DSN }}
BACKEND_SENTRY_DSN: ${{ secrets.BACKEND_SENTRY_DSN }}
CSP_REPORT_URI: ${{ secrets.CSP_REPORT_URI }}