migrate to pnpm and fix CVE for ip transitive dependency #1054
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
jobs: | |
security-audit: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | |
- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d | |
with: | |
version: 8 | |
- name: Set up Node.js | |
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0 | |
with: | |
node-version: 18 | |
cache: "pnpm" | |
- name: Report known vulnerabilities | |
run: pnpm audit | |
test-with-node: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | |
with: | |
submodules: true | |
- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d | |
with: | |
version: 8 | |
- name: Set up Node.js | |
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0 | |
with: | |
node-version: 18 | |
registry-url: https://registry.npmjs.org/ | |
cache: "pnpm" | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- name: Build all workspace packages | |
run: pnpm --recursive --stream build:esm && pnpm --recursive --stream build:cjs | |
- name: Run linter for all packages | |
run: pnpm --recursive --stream lint | |
- name: Run dwn-server (background) | |
run: | | |
pnpm exec node node_modules/@web5/dwn-server/dist/esm/src/main.js & | |
echo "DWN_SERVER_BACKGROUND_PROCESS=$!" >> $GITHUB_ENV | |
- name: Run tests for all packages | |
run: pnpm --recursive --stream test:node -- --color --reporter mocha-junit-reporter --reporter-options mochaFile=./results.xml | |
env: | |
TEST_DWN_URL: http://localhost:3000 | |
- name: Terminate dwn-server | |
run: kill $DWN_SERVER_BACKGROUND_PROCESS || true | |
- name: Upload test coverage to Codecov | |
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
- name: Upload test results to update SDK reports | |
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 | |
with: | |
name: junit-results | |
path: packages/*/results.xml | |
- name: Generate an access token to trigger downstream repo | |
uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 | |
id: generate_token | |
if: github.ref == 'refs/heads/main' | |
with: | |
app-id: ${{ secrets.CICD_ROBOT_GITHUB_APP_ID }} | |
private-key: ${{ secrets.CICD_ROBOT_GITHUB_APP_PRIVATE_KEY }} | |
owner: TBD54566975 | |
repositories: sdk-report-runner | |
- name: Trigger sdk-report-runner report build | |
if: github.ref == 'refs/heads/main' | |
run: | | |
curl -L \ | |
-H "Authorization: Bearer ${APP_TOKEN}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
-H "Content-Type: application/json" \ | |
--fail \ | |
--data '{"ref": "main"}' \ | |
https://api.github.com/repos/TBD54566975/sdk-report-runner/actions/workflows/build-report.yaml/dispatches | |
env: | |
APP_TOKEN: ${{ steps.generate_token.outputs.token }} | |
test-with-browsers: | |
name: test-with-browsers (group ${{ matrix.group }}) | |
# Run browser tests using macOS so that WebKit tests don't fail under a Linux environment | |
runs-on: macos-14 | |
strategy: | |
# parallelism strategy: agent takes as long as roughly all other pkgs combined. | |
matrix: | |
include: | |
- group: "A" | |
packages: "--filter agent" | |
- group: "B" | |
packages: "--filter credentials --filter crypto --filter dids --filter proxy-agent --filter identity-agent --filter user-agent" | |
- group: "C" | |
packages: "--filter api --filter common" | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | |
with: | |
submodules: true | |
- uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d | |
with: | |
version: 8 | |
- name: Set up Node.js | |
uses: actions/setup-node@5ef044f9d09786428e6e895be6be17937becee3a #v4.0.0 | |
with: | |
node-version: 18 | |
registry-url: https://registry.npmjs.org/ | |
cache: "pnpm" | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- name: Get Playwright Version (for cache) | |
id: get-playwright-version | |
run: | | |
PLAYWRIGHT_VERSION=$(pnpm --filter dids ls @playwright/test | grep '@playwright/test' | awk 'NR==1{print $2}') | |
echo "Playwright Version: $PLAYWRIGHT_VERSION" | |
echo "PLAYWRIGHT_VERSION=$PLAYWRIGHT_VERSION" >> $GITHUB_ENV | |
- name: Restore Cached Playwright Browsers | |
id: cache-playwright-restore | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2 | |
with: | |
path: ~/Library/Caches/ms-playwright | |
key: ${{ runner.os }}-playwright-${{ env.PLAYWRIGHT_VERSION }} | |
- name: Install Playwright Browsers (if no cache) | |
if: steps.cache-playwright-restore.outputs.cache-hit != 'true' | |
run: pnpm --filter dids exec playwright install --with-deps | |
- name: Build esm | |
run: pnpm --recursive --stream build:esm | |
- name: Build browser for matrix ${{ matrix.group }} | |
run: pnpm ${{ matrix.packages }} build:browser | |
- name: Run dwn-server (background) | |
run: | | |
node node_modules/@web5/dwn-server/dist/esm/src/main.js & | |
echo "DWN_SERVER_BACKGROUND_PROCESS=$!" >> $GITHUB_ENV | |
- name: Run tests for matrix ${{ matrix.group }} | |
run: pnpm ${{ matrix.packages }} --sequential test:browser | |
- name: Terminate dwn-server | |
run: kill $DWN_SERVER_BACKGROUND_PROCESS || true |