Skip to content

Improve security

Improve security #2905

Workflow file for this run

name: 🧪 Test PR from fork
on:
pull_request_target:
workflow_call:
secrets:
SESSION_SECRET:
required: true
SUPABASE_ANON_PUBLIC:
required: true
SUPABASE_SERVICE_ROLE:
required: true
SUPABASE_URL:
required: true
SERVER_URL:
required: true
DATABASE_URL:
required: true
jobs:
authorize:
environment: ${{ github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository &&
'external' || '' }}
runs-on: ubuntu-latest
steps:
- run: echo ✓
lint:
needs: authorize
name: ⬣ ESLint
runs-on: ubuntu-latest
steps:
- name: 🛑 Cancel Previous Runs
uses: styfle/[email protected]
- name: ⬇️ Checkout repo
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: ⎔ Setup node
uses: actions/setup-node@v3
with:
node-version: 20
- name: 📥 Download deps
uses: bahmutov/npm-install@v1
with:
useLockFile: false
- name: 🔬 Lint
run: npm run lint
typecheck:
needs: authorize
name: ʦ TypeScript
runs-on: ubuntu-latest
steps:
- name: 🛑 Cancel Previous Runs
uses: styfle/[email protected]
- name: ⬇️ Checkout repo
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: ⎔ Setup node
uses: actions/setup-node@v3
with:
node-version: 20
- name: 📥 Download deps
uses: bahmutov/npm-install@v1
with:
useLockFile: false
- name: 🔎 Type check
run: npm run typecheck --if-present
vitest:
needs: authorize
name: ⚡ Vitest
runs-on: ubuntu-latest
steps:
- name: 🛑 Cancel Previous Runs
uses: styfle/[email protected]
- name: ⬇️ Checkout repo
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: ⎔ Setup node
uses: actions/setup-node@v3
with:
node-version: 20
- name: 📥 Download deps
uses: bahmutov/npm-install@v1
with:
useLockFile: false
- name: ⚡ Run vitest
run: npm run test
# playwright:
# needs: authorize
# name: 🎭 Playwright
# timeout-minutes: 60
# runs-on: ubuntu-latest
# steps:
# - name: 🛑 Cancel Previous Runs
# uses: styfle/[email protected]
# - name: ⬇️ Checkout repo
# uses: actions/checkout@v3
# with:
# ref: ${{ github.event.pull_request.head.sha || github.ref }}
# - name: 🔑 Make envfile
# uses: SpicyPizza/[email protected]
# with:
# envkey_SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
# envkey_SUPABASE_ANON_PUBLIC: ${{ secrets.SUPABASE_ANON_PUBLIC }}
# envkey_SUPABASE_SERVICE_ROLE: ${{ secrets.SUPABASE_SERVICE_ROLE }}
# envkey_SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
# envkey_SERVER_URL: ${{ secrets.SERVER_URL }}
# envkey_DATABASE_URL: ${{ secrets.DATABASE_URL }}
# file_name: .env
# - name: ⎔ Setup node
# uses: actions/setup-node@v3
# with:
# node-version: 18
# - name: 📥 Download deps
# uses: bahmutov/npm-install@v1
# - name: 📥 Install Playwright Browsers
# run: npm run test:e2e:install
# - name: ⚙️ Build
# run: npm run build
# - name: Run Playwright tests
# run: npx playwright test
# - uses: actions/upload-artifact@v3
# if: always()
# with:
# name: playwright-report
# path: playwright-report/
# retention-days: 30