From 7c6d0d14affb5ce211d70721ef5e758f3145b7bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 10:46:35 +0200 Subject: [PATCH 01/59] UHF-9380: Added a github action to run NPM Audit on Sundays in every fortnight. --- .github/npm_audit_template.md | 16 +++++++++ .github/workflows/npm_audit.yml | 60 +++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 .github/npm_audit_template.md create mode 100644 .github/workflows/npm_audit.yml diff --git a/.github/npm_audit_template.md b/.github/npm_audit_template.md new file mode 100644 index 000000000..996509509 --- /dev/null +++ b/.github/npm_audit_template.md @@ -0,0 +1,16 @@ +# NPM Audit + + +## How to install + +* Update the HDBT theme + * `git checkout npm-audit && git pull origin npm-audit` +* In theme folder, run `nvm use && npm i` + +## How to test + + +Run `npm run build && npm audit` + +* [ ] Check that the changes for distributed files are sensible +* [ ] Check that the `npm audit` prints `found 0 vulnerabilities` diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml new file mode 100644 index 000000000..4a012a1d9 --- /dev/null +++ b/.github/workflows/npm_audit.yml @@ -0,0 +1,60 @@ +name: NPM Audit Fix and Create PR + +on: + schedule: + - cron: '0 11 * * 0' # Run every fortnight on Sunday at 11 am + push: + branches: + - UHF-9380 +jobs: + npm_audit: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: $(cat .nvmrc) + + - name: Install dependencies + run: npm install + + - name: Run npm audit fix + run: npm audit fix + + - name: Check for changes + id: git_changes + run: | + git diff --exit-code || echo "Updates were detected" + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + + - name: Read PR template + id: pr_template + run: echo "::set-output name=template::$(cat ./.github/workflows/npm_audit_template.md)" + + - name: Create Pull Request + if: steps.git_changes.outputs.stdout + uses: actions/github-script@v5 + with: + script: | + const title = 'Automated NPM Audit Fix'; + const body = core.getInput('template'); + const head = 'npm-audit'; + const base = 'main'; + + const { data: pullRequest } = await github.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title, + body, + head, + base, + }); + + console.log(`Pull request created: ${pullRequest.html_url}`); + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From a1d15d3631c393d0168e60a3aae8b773acfd62e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 10:49:56 +0200 Subject: [PATCH 02/59] UHF-9380: Switched npm-audit branch to automation/npm-audit. --- .github/npm_audit_template.md | 2 +- .github/workflows/npm_audit.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/npm_audit_template.md b/.github/npm_audit_template.md index 996509509..096997f4e 100644 --- a/.github/npm_audit_template.md +++ b/.github/npm_audit_template.md @@ -4,7 +4,7 @@ ## How to install * Update the HDBT theme - * `git checkout npm-audit && git pull origin npm-audit` + * `git checkout automation/npm-audit && git pull origin automation/npm-audit` * In theme folder, run `nvm use && npm i` ## How to test diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 4a012a1d9..90e36d96b 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -43,7 +43,7 @@ jobs: script: | const title = 'Automated NPM Audit Fix'; const body = core.getInput('template'); - const head = 'npm-audit'; + const head = 'automation/npm-audit'; const base = 'main'; const { data: pullRequest } = await github.pulls.create({ From d5dbf3433e5fa35c5a74ed0b9fa8ad3fb519daa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 10:52:11 +0200 Subject: [PATCH 03/59] UHF-9380: Fixed indentation. --- .github/workflows/npm_audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 90e36d96b..cc26a0049 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -56,5 +56,5 @@ jobs: }); console.log(`Pull request created: ${pullRequest.html_url}`); - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 1a9aaa5a1233589abb3d82942ed4bf1ee15b9f71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 11:22:31 +0200 Subject: [PATCH 04/59] UHF-9380: Build NodeJS manually. --- .github/workflows/npm_audit.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index cc26a0049..dd193cf8a 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -12,12 +12,17 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up Node.js - uses: actions/setup-node@v3 - with: - node-version: $(cat .nvmrc) + run: | + node_version=$(cat .nvmrc) + echo "Using Node.js version $node_version" + curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash + export NVM_DIR="$HOME/.nvm" + [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" + nvm install $node_version + nvm use $node_version - name: Install dependencies run: npm install From f30610a653dd16a9f9e0663cf59526c7dbaafad9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 11:34:38 +0200 Subject: [PATCH 05/59] UHF-9380: Path change for the PR template. --- .github/workflows/npm_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index dd193cf8a..1c5ea44ca 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -39,7 +39,7 @@ jobs: - name: Read PR template id: pr_template - run: echo "::set-output name=template::$(cat ./.github/workflows/npm_audit_template.md)" + run: echo "::set-output name=template::$(cat .github/workflows/npm_audit_template.md)" - name: Create Pull Request if: steps.git_changes.outputs.stdout From 9b0f26451af265e042ef4c8270d3e8ab83f38f5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 12:02:57 +0200 Subject: [PATCH 06/59] UHF-9380: Switched the deprecated set-output command to GITHUB_OUTPUT. --- .github/workflows/npm_audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 1c5ea44ca..887d3dc40 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -1,4 +1,4 @@ -name: NPM Audit Fix and Create PR +name: NPM Audit on: schedule: @@ -39,7 +39,7 @@ jobs: - name: Read PR template id: pr_template - run: echo "::set-output name=template::$(cat .github/workflows/npm_audit_template.md)" + run: echo "template=$(cat .github/workflows/npm_audit_template.md)" >> $GITHUB_ENV - name: Create Pull Request if: steps.git_changes.outputs.stdout From 45b817a6347762ce0d8be052a42b4bd9ce7684e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 12:51:24 +0200 Subject: [PATCH 07/59] UHF-9380: Use peter-evans/create-pull-request instead of manually made JS. --- .github/workflows/npm_audit.yml | 52 ++++++++++++--------------------- 1 file changed, 19 insertions(+), 33 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 887d3dc40..9f02e0c5b 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -3,9 +3,6 @@ name: NPM Audit on: schedule: - cron: '0 11 * * 0' # Run every fortnight on Sunday at 11 am - push: - branches: - - UHF-9380 jobs: npm_audit: runs-on: ubuntu-latest @@ -14,7 +11,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Set up Node.js + - name: Set up Node.js and install dependencies run: | node_version=$(cat .nvmrc) echo "Using Node.js version $node_version" @@ -23,43 +20,32 @@ jobs: [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version - - - name: Install dependencies - run: npm install + npm install - name: Run npm audit fix - run: npm audit fix + run: | + audit_output=$(npm audit fix) + echo "$audit_output" - - name: Check for changes - id: git_changes + - name: Check for vulnerabilities + id: check_vulnerabilities run: | - git diff --exit-code || echo "Updates were detected" - git config --global user.email "actions@github.com" - git config --global user.name "GitHub Actions" + if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then + echo "No vulnerabilities found." + exit 0; + fi - name: Read PR template id: pr_template run: echo "template=$(cat .github/workflows/npm_audit_template.md)" >> $GITHUB_ENV - name: Create Pull Request - if: steps.git_changes.outputs.stdout - uses: actions/github-script@v5 + uses: peter-evans/create-pull-request@v4 with: - script: | - const title = 'Automated NPM Audit Fix'; - const body = core.getInput('template'); - const head = 'automation/npm-audit'; - const base = 'main'; - - const { data: pullRequest } = await github.pulls.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title, - body, - head, - base, - }); - - console.log(`Pull request created: ${pullRequest.html_url}`); - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + committer: GitHub + author: actions-bot + commit-message: Update NPM packages based on NPM audit fix + title: Automatic NPM Audit Fix + labels: auto-update + body: core.getInput('template'); + branch: automation/npm-audit From 49be2afd396e40a17591a82a0a48feb5851a9c89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 13:42:27 +0200 Subject: [PATCH 08/59] UHF-9380: Added workflow dispatch for testing purposes. --- .github/workflows/npm_audit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 9f02e0c5b..5a1955e95 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -1,6 +1,7 @@ name: NPM Audit on: + workflow_dispatch: schedule: - cron: '0 11 * * 0' # Run every fortnight on Sunday at 11 am jobs: From e83d03f2e17219f849712f7ac4e8838420e3cee4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 13:55:12 +0200 Subject: [PATCH 09/59] UHF-9380: Trigger on UHF-9380 branch push. --- .github/workflows/npm_audit.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 5a1955e95..0cd2ec124 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -1,9 +1,12 @@ name: NPM Audit on: - workflow_dispatch: schedule: - cron: '0 11 * * 0' # Run every fortnight on Sunday at 11 am + workflow_dispatch: + push: + branches: + - UHF-9380 jobs: npm_audit: runs-on: ubuntu-latest From 783ce7c88063a9640cd816b9ec2c38d1c25ff3b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 14:09:30 +0200 Subject: [PATCH 10/59] UHF-9380: Retrieve the PR template from URL. --- .github/workflows/npm_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 0cd2ec124..c2e8816bc 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -41,7 +41,7 @@ jobs: - name: Read PR template id: pr_template - run: echo "template=$(cat .github/workflows/npm_audit_template.md)" >> $GITHUB_ENV + run: echo "template=$(curl -sL https://raw.githubusercontent.com/City-of-Helsinki/drupal-hdbt/UHF-9380/.github/npm_audit_template.md)" >> $GITHUB_ENV - name: Create Pull Request uses: peter-evans/create-pull-request@v4 From a1e962efbb5915be4c33921164b8c48a59f9d965 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 15:06:18 +0200 Subject: [PATCH 11/59] UHF-9380: Add pull request template via variable. --- .github/npm_audit_template.md | 2 -- .github/workflows/npm_audit.yml | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/npm_audit_template.md b/.github/npm_audit_template.md index 096997f4e..de089e3c3 100644 --- a/.github/npm_audit_template.md +++ b/.github/npm_audit_template.md @@ -1,5 +1,4 @@ # NPM Audit - ## How to install @@ -8,7 +7,6 @@ * In theme folder, run `nvm use && npm i` ## How to test - Run `npm run build && npm audit` diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index c2e8816bc..37815fcc9 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -41,15 +41,15 @@ jobs: - name: Read PR template id: pr_template - run: echo "template=$(curl -sL https://raw.githubusercontent.com/City-of-Helsinki/drupal-hdbt/UHF-9380/.github/npm_audit_template.md)" >> $GITHUB_ENV + run: template=$(curl -sL https://raw.githubusercontent.com/City-of-Helsinki/drupal-hdbt/UHF-9380/.github/npm_audit_template.md)" - name: Create Pull Request uses: peter-evans/create-pull-request@v4 with: committer: GitHub author: actions-bot - commit-message: Update NPM packages based on NPM audit fix + commit-message: Updated NPM packages based on NPM audit fix title: Automatic NPM Audit Fix labels: auto-update - body: core.getInput('template'); + body-path: ${{ steps.pr_template.outputs.template }}; branch: automation/npm-audit From cf0d1d7ea33203524d4735d5ad3086ae5f36566b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 15:10:21 +0200 Subject: [PATCH 12/59] UHF-9380: UHF-9380: Use text instead of a template. --- .github/workflows/npm_audit.yml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 37815fcc9..1c2e840fa 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -41,7 +41,7 @@ jobs: - name: Read PR template id: pr_template - run: template=$(curl -sL https://raw.githubusercontent.com/City-of-Helsinki/drupal-hdbt/UHF-9380/.github/npm_audit_template.md)" + run: template=$(curl -sL https://raw.githubusercontent.com/City-of-Helsinki/drupal-hdbt/a1e962efbb5915be4c33921164b8c48a59f9d965/.github/npm_audit_template.md)" - name: Create Pull Request uses: peter-evans/create-pull-request@v4 @@ -51,5 +51,18 @@ jobs: commit-message: Updated NPM packages based on NPM audit fix title: Automatic NPM Audit Fix labels: auto-update - body-path: ${{ steps.pr_template.outputs.template }}; + body-path: | + # NPM Audit + ## How to install + + * Update the HDBT theme + * `git checkout automation/npm-audit && git pull origin automation/npm-audit` + * In theme folder, run `nvm use && npm i` + + ## How to test + Run `npm run build && npm audit` + + * [ ] Check that the changes for distributed files are sensible + * [ ] Check that the `npm audit` prints `found 0 vulnerabilities` + branch: automation/npm-audit From c4e5ad3e9ea1a622b7a6197c818ab9316364be22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 15:15:00 +0200 Subject: [PATCH 13/59] UHF-9380: Remove the step for retrieving the template file. --- .github/workflows/npm_audit.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 1c2e840fa..d321bcbde 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -39,10 +39,6 @@ jobs: exit 0; fi - - name: Read PR template - id: pr_template - run: template=$(curl -sL https://raw.githubusercontent.com/City-of-Helsinki/drupal-hdbt/a1e962efbb5915be4c33921164b8c48a59f9d965/.github/npm_audit_template.md)" - - name: Create Pull Request uses: peter-evans/create-pull-request@v4 with: From 5e737cf4131afad05b479b86f843709b26fbf9c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 15:19:16 +0200 Subject: [PATCH 14/59] UHF-9380: Removed obsolete template. --- .github/npm_audit_template.md | 14 -------------- .github/workflows/npm_audit.yml | 2 +- 2 files changed, 1 insertion(+), 15 deletions(-) delete mode 100644 .github/npm_audit_template.md diff --git a/.github/npm_audit_template.md b/.github/npm_audit_template.md deleted file mode 100644 index de089e3c3..000000000 --- a/.github/npm_audit_template.md +++ /dev/null @@ -1,14 +0,0 @@ -# NPM Audit - -## How to install - -* Update the HDBT theme - * `git checkout automation/npm-audit && git pull origin automation/npm-audit` -* In theme folder, run `nvm use && npm i` - -## How to test - -Run `npm run build && npm audit` - -* [ ] Check that the changes for distributed files are sensible -* [ ] Check that the `npm audit` prints `found 0 vulnerabilities` diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index d321bcbde..1fff87897 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -47,7 +47,7 @@ jobs: commit-message: Updated NPM packages based on NPM audit fix title: Automatic NPM Audit Fix labels: auto-update - body-path: | + body: | # NPM Audit ## How to install From 4b0110ae60bec58133371c60f312b9a093d6b1cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 15:35:41 +0200 Subject: [PATCH 15/59] UHF-9380: Updated the PR instructions. --- .github/workflows/npm_audit.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 1fff87897..dc965038f 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -36,7 +36,7 @@ jobs: run: | if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then echo "No vulnerabilities found." - exit 0; + exit 1; fi - name: Create Pull Request @@ -52,13 +52,15 @@ jobs: ## How to install * Update the HDBT theme - * `git checkout automation/npm-audit && git pull origin automation/npm-audit` - * In theme folder, run `nvm use && npm i` + * `git fetch --all` + * `git checkout automation/npm-audit` + * `git pull origin automation/npm-audit` + * In theme folder, run `nvm use && npm i && npm run build` ## How to test - Run `npm run build && npm audit` + Run `npm audit` - * [ ] Check that the changes for distributed files are sensible * [ ] Check that the `npm audit` prints `found 0 vulnerabilities` + * [ ] Check that the changes for distributed files are sensible branch: automation/npm-audit From e0cc1b6650d23e447d5651bf085e4ae881e72b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 15:55:58 +0200 Subject: [PATCH 16/59] UHF-9380: Create PR only if there are changes. --- .github/workflows/npm_audit.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index dc965038f..f6735737f 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -27,19 +27,15 @@ jobs: npm install - name: Run npm audit fix + id: npm_audit run: | audit_output=$(npm audit fix) - echo "$audit_output" - - - name: Check for vulnerabilities - id: check_vulnerabilities - run: | - if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then - echo "No vulnerabilities found." - exit 1; + if [[ "$audit_output" != *"found 0 vulnerabilities"* ]]; then + echo "create_pr=true" >> $GITHUB_OUTPUT fi - name: Create Pull Request + if: steps.npm_audit.outputs.create_pr == 'true' uses: peter-evans/create-pull-request@v4 with: committer: GitHub From db059e7f71bf256115c2d1f01a21c79228359f93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 16:03:40 +0200 Subject: [PATCH 17/59] UHF-9380: Fixed logical error from npm_audit step. --- .github/workflows/npm_audit.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index f6735737f..b7a855b18 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -30,7 +30,9 @@ jobs: id: npm_audit run: | audit_output=$(npm audit fix) - if [[ "$audit_output" != *"found 0 vulnerabilities"* ]]; then + if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then + echo "create_pr=false" >> $GITHUB_OUTPUT + else echo "create_pr=true" >> $GITHUB_OUTPUT fi From 4449b87427cf6c628d860d0a3273c698d39b7ded Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 16:11:43 +0200 Subject: [PATCH 18/59] UHF-9380: Fixed typo. --- .github/workflows/npm_audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index b7a855b18..fbccc37c9 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -31,9 +31,9 @@ jobs: run: | audit_output=$(npm audit fix) if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then - echo "create_pr=false" >> $GITHUB_OUTPUT + echo "create_pr=false" >> $GITHUB_ENV else - echo "create_pr=true" >> $GITHUB_OUTPUT + echo "create_pr=true" >> $GITHUB_ENV fi - name: Create Pull Request From 8ff96a71f0f9e7afd148c3efba5f8b07017bbeb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 16:21:55 +0200 Subject: [PATCH 19/59] UHF-9380: Fixed npm audit script. --- .github/workflows/npm_audit.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index fbccc37c9..0f0fd656a 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -29,10 +29,11 @@ jobs: - name: Run npm audit fix id: npm_audit run: | - audit_output=$(npm audit fix) + audit_output=$(npm audit) if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then echo "create_pr=false" >> $GITHUB_ENV else + npm audit fix echo "create_pr=true" >> $GITHUB_ENV fi From 3d1056c354efecb5ee98fecef76ff28988e18462 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 16:38:19 +0200 Subject: [PATCH 20/59] UHF-9380: Switched the Github variable. --- .github/workflows/npm_audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 0f0fd656a..54157eefa 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -31,10 +31,10 @@ jobs: run: | audit_output=$(npm audit) if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then - echo "create_pr=false" >> $GITHUB_ENV + echo "create_pr=false" >> $GITHUB_OUTPUT else npm audit fix - echo "create_pr=true" >> $GITHUB_ENV + echo "create_pr=true" >> $GITHUB_OUTPUT fi - name: Create Pull Request From b4a3dba3f51c4aad93007fdb275a64a94cfc1595 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 16:43:03 +0200 Subject: [PATCH 21/59] UHF-9380: Move the npm audit fix to its' own step. --- .github/workflows/npm_audit.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 54157eefa..ddaf40626 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -26,17 +26,20 @@ jobs: nvm use $node_version npm install - - name: Run npm audit fix + - name: Run npm audit id: npm_audit run: | audit_output=$(npm audit) if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then echo "create_pr=false" >> $GITHUB_OUTPUT else - npm audit fix echo "create_pr=true" >> $GITHUB_OUTPUT fi + - name: Run npm audit fix + if: steps.npm_audit.outputs.create_pr == 'true' + run: npm audit fix + - name: Create Pull Request if: steps.npm_audit.outputs.create_pr == 'true' uses: peter-evans/create-pull-request@v4 From 6c95389f39aed341375adef678b6ce1769043e11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 22:32:39 +0200 Subject: [PATCH 22/59] UHF-9380: Converted if statement to oneliner. --- .github/workflows/npm_audit.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index ddaf40626..60274f6a3 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -30,18 +30,15 @@ jobs: id: npm_audit run: | audit_output=$(npm audit) - if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then - echo "create_pr=false" >> $GITHUB_OUTPUT - else - echo "create_pr=true" >> $GITHUB_OUTPUT - fi + if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false; else create_pr=true; fi + echo should_create_pr=$create_pr >> $GITHUB_OUTPUT - name: Run npm audit fix - if: steps.npm_audit.outputs.create_pr == 'true' + if: steps.npm_audit.outputs.should_create_pr == 'true' run: npm audit fix - name: Create Pull Request - if: steps.npm_audit.outputs.create_pr == 'true' + if: steps.npm_audit.outputs.should_create_pr == 'true' uses: peter-evans/create-pull-request@v4 with: committer: GitHub From 5e2bb98c742643e5d62b35366df3b6cd414c38d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 22:40:49 +0200 Subject: [PATCH 23/59] UHF-9380: Removed conditional set of variable create_pr. --- .github/workflows/npm_audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 60274f6a3..fe01bea06 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -30,8 +30,8 @@ jobs: id: npm_audit run: | audit_output=$(npm audit) - if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false; else create_pr=true; fi - echo should_create_pr=$create_pr >> $GITHUB_OUTPUT + if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi + echo "should_create_pr=$create_pr" >> $GITHUB_ENV - name: Run npm audit fix if: steps.npm_audit.outputs.should_create_pr == 'true' From c0ea6eac0d8bfeb5121630c9e14ee139a44c01a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 22:48:07 +0200 Subject: [PATCH 24/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index fe01bea06..c293c4320 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -15,7 +15,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Set up Node.js and install dependencies + - name: Set up Node.js, install dependencies and run npm audit run: | node_version=$(cat .nvmrc) echo "Using Node.js version $node_version" @@ -30,6 +30,8 @@ jobs: id: npm_audit run: | audit_output=$(npm audit) + echo "npm audit output:" + echo "$audit_output" if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi echo "should_create_pr=$create_pr" >> $GITHUB_ENV From cbc19065fe336a5fbc4fdc68a3783cafffac6315 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 22:51:01 +0200 Subject: [PATCH 25/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index c293c4320..920d10ec4 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -25,13 +25,7 @@ jobs: nvm install $node_version nvm use $node_version npm install - - - name: Run npm audit - id: npm_audit - run: | audit_output=$(npm audit) - echo "npm audit output:" - echo "$audit_output" if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi echo "should_create_pr=$create_pr" >> $GITHUB_ENV From d6ac08d1257733c5d49d65f7b02582de864e68e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 22:55:16 +0200 Subject: [PATCH 26/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 920d10ec4..fb2c78905 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -24,8 +24,7 @@ jobs: [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version - npm install - audit_output=$(npm audit) + audit_output=$(npm install) if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi echo "should_create_pr=$create_pr" >> $GITHUB_ENV From eca3ea1ac13fdd1282b3a0b47903a010b151a905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 22:59:30 +0200 Subject: [PATCH 27/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index fb2c78905..923ff3b6e 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -24,7 +24,7 @@ jobs: [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version - audit_output=$(npm install) + audit_output=$(npm audit) if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi echo "should_create_pr=$create_pr" >> $GITHUB_ENV From c3c1052fca900a466ffb61e019bbb68c4049bd88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 23:03:18 +0200 Subject: [PATCH 28/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 923ff3b6e..0425a3800 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -15,7 +15,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Set up Node.js, install dependencies and run npm audit + - name: Set up Node.js, install dependencies run: | node_version=$(cat .nvmrc) echo "Using Node.js version $node_version" @@ -24,7 +24,12 @@ jobs: [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version - audit_output=$(npm audit) + npm install + + - name: Run npm audit + id: npm_audit + run: | + echo audit_output=$(npm audit) if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi echo "should_create_pr=$create_pr" >> $GITHUB_ENV From acf3b77cd99ad8509e4056825623790967236616 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 23:09:25 +0200 Subject: [PATCH 29/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 0425a3800..8f9104045 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -29,9 +29,11 @@ jobs: - name: Run npm audit id: npm_audit run: | - echo audit_output=$(npm audit) - if [[ "$audit_output" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi - echo "should_create_pr=$create_pr" >> $GITHUB_ENV + set -e + audit_output=$(npm audit) + echo "audit_output=${audit_output}" + if [[ "${audit_output}" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi + echo "should_create_pr=${create_pr}" >> $GITHUB_ENV - name: Run npm audit fix if: steps.npm_audit.outputs.should_create_pr == 'true' From 2e5f059d0a715940cf9566ea227aea8550280a42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 23:24:05 +0200 Subject: [PATCH 30/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 8f9104045..4767166d8 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -26,19 +26,13 @@ jobs: nvm use $node_version npm install - - name: Run npm audit + - name: Run npm audit fix id: npm_audit run: | - set -e - audit_output=$(npm audit) - echo "audit_output=${audit_output}" - if [[ "${audit_output}" == *"found 0 vulnerabilities"* ]]; then create_pr=false else create_pr=true fi + audit_output=$(npm audit fix --package-lock-only) + if [ $? -eq 0 ]; then create_pr=false else create_pr=true fi echo "should_create_pr=${create_pr}" >> $GITHUB_ENV - - name: Run npm audit fix - if: steps.npm_audit.outputs.should_create_pr == 'true' - run: npm audit fix - - name: Create Pull Request if: steps.npm_audit.outputs.should_create_pr == 'true' uses: peter-evans/create-pull-request@v4 From bfe2a08a06474123b13b8be1dc5e7e57fccf9540 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 23:30:40 +0200 Subject: [PATCH 31/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 4767166d8..b07f32f68 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -29,8 +29,11 @@ jobs: - name: Run npm audit fix id: npm_audit run: | - audit_output=$(npm audit fix --package-lock-only) - if [ $? -eq 0 ]; then create_pr=false else create_pr=true fi + npm audit fix --package-lock-only + + # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. + if [ $? -eq 0 ]; then create_pr=true else create_pr=false fi + echo "should_create_pr=${create_pr}" >> $GITHUB_ENV - name: Create Pull Request From 288f2481de5746ea8111445b3d88995cec91865a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 23:39:14 +0200 Subject: [PATCH 32/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index b07f32f68..d119a5de0 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -24,12 +24,12 @@ jobs: [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version - npm install + npm install --package-lock-only --loglevel=error - name: Run npm audit fix id: npm_audit run: | - npm audit fix --package-lock-only + npm audit fix --package-lock-only --loglevel=error # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. if [ $? -eq 0 ]; then create_pr=true else create_pr=false fi From c17da4cbaafb06d0cd296fb1e373d42fd1734ef6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Tue, 23 Jan 2024 23:42:32 +0200 Subject: [PATCH 33/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index d119a5de0..e824618df 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -24,7 +24,7 @@ jobs: [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version - npm install --package-lock-only --loglevel=error + npm install --loglevel=error - name: Run npm audit fix id: npm_audit From e3c747494ebad5179776b1ee21302122aff95eda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:06:37 +0200 Subject: [PATCH 34/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index e824618df..bd811eec4 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -24,11 +24,12 @@ jobs: [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version - npm install --loglevel=error + npm install --silent - name: Run npm audit fix id: npm_audit run: | + set -e npm audit fix --package-lock-only --loglevel=error # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. From 672bd082ab9af037d2f6ed4d2b9d1a377fd11356 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:12:44 +0200 Subject: [PATCH 35/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index bd811eec4..c651081c7 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -29,11 +29,10 @@ jobs: - name: Run npm audit fix id: npm_audit run: | - set -e - npm audit fix --package-lock-only --loglevel=error + npm audit fix --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -eq 0 ]; then create_pr=true else create_pr=false fi + if [ $? -eq 0 ]; then create_pr=true; else create_pr=false; fi; echo "should_create_pr=${create_pr}" >> $GITHUB_ENV From 6c829d9466192a36e9a960663c00c1f5c3539dc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:20:01 +0200 Subject: [PATCH 36/59] UHF-9380: Added a branch for testing purposes. --- .github/workflows/npm_audit.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index c651081c7..9cfb1a15a 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + ref: UHF-X_npm_broken_branch - name: Set up Node.js, install dependencies run: | From 78862ef8b292c33de3e897e4e2f02e3a8b4a5b57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:31:44 +0200 Subject: [PATCH 37/59] UHF-9380: Fixed logical error during npm audit fix. --- .github/workflows/npm_audit.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 9cfb1a15a..9a41ecca1 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -28,16 +28,20 @@ jobs: nvm use $node_version npm install --silent - - name: Run npm audit fix + - name: Check for vulnerabilities id: npm_audit run: | - npm audit fix --package-lock-only --loglevel=error; + npm audit --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. if [ $? -eq 0 ]; then create_pr=true; else create_pr=false; fi; echo "should_create_pr=${create_pr}" >> $GITHUB_ENV + - name: Run npm audit fix + if: steps.npm_audit.outputs.should_create_pr == 'true' + run: npm audit fix --package-lock-only --loglevel=error; + - name: Create Pull Request if: steps.npm_audit.outputs.should_create_pr == 'true' uses: peter-evans/create-pull-request@v4 From 66041828d7d0e046331ca14303e27ad560f11405 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:34:50 +0200 Subject: [PATCH 38/59] UHF-9380: Continue if the NPM audit returns exit code 1. --- .github/workflows/npm_audit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 9a41ecca1..41cace1e2 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -30,6 +30,7 @@ jobs: - name: Check for vulnerabilities id: npm_audit + continue-on-error: true run: | npm audit --package-lock-only --loglevel=error; From bd95dcfacd363bcea22a7ae80a24a829cadb2352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:38:53 +0200 Subject: [PATCH 39/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 41cace1e2..403a3c782 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -30,14 +30,15 @@ jobs: - name: Check for vulnerabilities id: npm_audit - continue-on-error: true run: | + set +e npm audit --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. if [ $? -eq 0 ]; then create_pr=true; else create_pr=false; fi; echo "should_create_pr=${create_pr}" >> $GITHUB_ENV + set -e - name: Run npm audit fix if: steps.npm_audit.outputs.should_create_pr == 'true' From 6d61b30096d8849728d5f45aaea678502eb3a404 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:40:59 +0200 Subject: [PATCH 40/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 403a3c782..1d4f85c2b 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -30,15 +30,14 @@ jobs: - name: Check for vulnerabilities id: npm_audit + continue-on-error: true run: | - set +e npm audit --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. if [ $? -eq 0 ]; then create_pr=true; else create_pr=false; fi; - echo "should_create_pr=${create_pr}" >> $GITHUB_ENV - set -e + echo "should_create_pr=${create_pr}" >> $GITHUB_OUTPUT - name: Run npm audit fix if: steps.npm_audit.outputs.should_create_pr == 'true' From d3ac531228d9eb98b5d0713640b73b93e470d67d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:48:23 +0200 Subject: [PATCH 41/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 1d4f85c2b..f1db12f56 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -35,9 +35,9 @@ jobs: npm audit --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -eq 0 ]; then create_pr=true; else create_pr=false; fi; + if [ $? -eq 0 ]; then create_pr=false; else create_pr=true; fi; - echo "should_create_pr=${create_pr}" >> $GITHUB_OUTPUT + echo "should_create_pr=${create_pr}" >> $GITHUB_ENV - name: Run npm audit fix if: steps.npm_audit.outputs.should_create_pr == 'true' From 4a47f0039f17566d58ab7243e3377cdf898af0b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:52:50 +0200 Subject: [PATCH 42/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index f1db12f56..54c69e487 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -37,11 +37,11 @@ jobs: # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. if [ $? -eq 0 ]; then create_pr=false; else create_pr=true; fi; - echo "should_create_pr=${create_pr}" >> $GITHUB_ENV + echo "should_create_pr=${create_pr}" >> $GITHUB_OUTPUT - name: Run npm audit fix - if: steps.npm_audit.outputs.should_create_pr == 'true' - run: npm audit fix --package-lock-only --loglevel=error; + run: | + echo "debugging the value of should_create_pr: ${steps.npm_audit.outputs.should_create_pr}"; - name: Create Pull Request if: steps.npm_audit.outputs.should_create_pr == 'true' From 52b6d4b7e62b54222476c1d0add38e8b9c3ad138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 08:59:50 +0200 Subject: [PATCH 43/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 54c69e487..bd03435e5 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -35,16 +35,17 @@ jobs: npm audit --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -eq 0 ]; then create_pr=false; else create_pr=true; fi; + if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi; - echo "should_create_pr=${create_pr}" >> $GITHUB_OUTPUT + - name: Debugging the variable + run: echo "The variable is ${{ steps.npm_audit.outputs.CREATE_PR }}" - name: Run npm audit fix - run: | - echo "debugging the value of should_create_pr: ${steps.npm_audit.outputs.should_create_pr}"; + if: steps.npm_audit.outputs.CREATE_PR == 'true' + run: npm audit fix --package-lock-only --loglevel=error; - name: Create Pull Request - if: steps.npm_audit.outputs.should_create_pr == 'true' + if: steps.npm_audit.outputs.CREATE_PR == 'true' uses: peter-evans/create-pull-request@v4 with: committer: GitHub From e6c0e97f6f5e9beb0324553e4748a6bc843c982e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:02:55 +0200 Subject: [PATCH 44/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index bd03435e5..7b72b9f64 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -30,12 +30,14 @@ jobs: - name: Check for vulnerabilities id: npm_audit - continue-on-error: true run: | + set +e npm audit --package-lock-only --loglevel=error; + echo "Testing: $?" # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi; + set -e - name: Debugging the variable run: echo "The variable is ${{ steps.npm_audit.outputs.CREATE_PR }}" From 54fe3d1762d06a175324ec8dff0dc8b6f1b37d32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:08:20 +0200 Subject: [PATCH 45/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index 7b72b9f64..f4f0071aa 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -33,10 +33,9 @@ jobs: run: | set +e npm audit --package-lock-only --loglevel=error; - echo "Testing: $?" # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi; + if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; echo "Variable should be 0: $? else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; echo "Variable should be 1: $? fi; set -e - name: Debugging the variable From 6223a7f202e661e71c3e1feb9460d0bed06385cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:10:01 +0200 Subject: [PATCH 46/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index f4f0071aa..bfe66875f 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -35,7 +35,7 @@ jobs: npm audit --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; echo "Variable should be 0: $? else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; echo "Variable should be 1: $? fi; + if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; echo "Variable should be 0: $?"; else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; echo "Variable should be 1: $?"; fi; set -e - name: Debugging the variable From 4d31be1ccd893226d2dd63bd166600fe0df95de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:14:37 +0200 Subject: [PATCH 47/59] UHF-9380: Debugging... --- .github/workflows/npm_audit.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index bfe66875f..e2ae6c9d4 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -35,12 +35,9 @@ jobs: npm audit --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; echo "Variable should be 0: $?"; else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; echo "Variable should be 1: $?"; fi; + if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi; set -e - - name: Debugging the variable - run: echo "The variable is ${{ steps.npm_audit.outputs.CREATE_PR }}" - - name: Run npm audit fix if: steps.npm_audit.outputs.CREATE_PR == 'true' run: npm audit fix --package-lock-only --loglevel=error; From d5df978264c50e2ec53265b48e7a5b0498e584a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:23:57 +0200 Subject: [PATCH 48/59] UHF-9380: Removed testing branch. --- .github/workflows/npm_audit.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index e2ae6c9d4..d2c84541b 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -14,8 +14,6 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - with: - ref: UHF-X_npm_broken_branch - name: Set up Node.js, install dependencies run: | From 94d2ef4a2e7b65e566e370f333e2b52cfe9427b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:42:54 +0200 Subject: [PATCH 49/59] UHF-9380: Removed testing triggers. --- .github/workflows/npm_audit.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml index d2c84541b..7187c0186 100644 --- a/.github/workflows/npm_audit.yml +++ b/.github/workflows/npm_audit.yml @@ -2,11 +2,8 @@ name: NPM Audit on: schedule: - - cron: '0 11 * * 0' # Run every fortnight on Sunday at 11 am - workflow_dispatch: - push: - branches: - - UHF-9380 + - cron: '0 12 * * 0' # Run every fortnight on Sunday at 12 + jobs: npm_audit: runs-on: ubuntu-latest From 82dca47e4c4bcd892ae887daa3edcbb9a313558f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:44:52 +0200 Subject: [PATCH 50/59] UHF-9380: Changed the naming convention of the github action to match other actions. --- .github/workflows/{npm_audit.yml => npm-audit.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{npm_audit.yml => npm-audit.yml} (100%) diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm-audit.yml similarity index 100% rename from .github/workflows/npm_audit.yml rename to .github/workflows/npm-audit.yml From d102a9aab7da2228ca924e79c63aefe0b0eb5522 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Wed, 24 Jan 2024 09:51:49 +0200 Subject: [PATCH 51/59] UHF-9380: Fixed naming conventions for npm. --- .github/workflows/npm-audit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 7187c0186..9bdc0cee8 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -1,4 +1,4 @@ -name: NPM Audit +name: Npm audit on: schedule: @@ -43,11 +43,11 @@ jobs: with: committer: GitHub author: actions-bot - commit-message: Updated NPM packages based on NPM audit fix - title: Automatic NPM Audit Fix + commit-message: Updated node modules based on npm audit fix + title: Automatic npm audit fix labels: auto-update body: | - # NPM Audit + # Npm audit ## How to install * Update the HDBT theme From e41673e7dd08341f1ed29ec58f46362f6f99beb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Thu, 25 Jan 2024 09:15:06 +0200 Subject: [PATCH 52/59] UHF-9380: Testing NVM without retrieving it. --- .github/workflows/npm-audit.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 9bdc0cee8..959db9fe0 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -3,6 +3,10 @@ name: Npm audit on: schedule: - cron: '0 12 * * 0' # Run every fortnight on Sunday at 12 + workflow_dispatch: + push: + branches: + - UHF-9380 jobs: npm_audit: @@ -11,14 +15,14 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + ref: UHF-X_npm_broken_branch - name: Set up Node.js, install dependencies run: | node_version=$(cat .nvmrc) echo "Using Node.js version $node_version" - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash - export NVM_DIR="$HOME/.nvm" - [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" + export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" nvm install $node_version nvm use $node_version npm install --silent From 0d1ef49be47ea2ee9af396368ed33ec525b396f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Thu, 25 Jan 2024 10:15:56 +0200 Subject: [PATCH 53/59] UHF-9380: Added a note of breaking changes. --- .github/workflows/npm-audit.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 959db9fe0..6215143eb 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -38,8 +38,15 @@ jobs: set -e - name: Run npm audit fix + id: npm_audit_fix if: steps.npm_audit.outputs.CREATE_PR == 'true' - run: npm audit fix --package-lock-only --loglevel=error; + run: | + set +e + npm audit fix --package-lock-only --loglevel=error; + + # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. + if [ $? -gt 0 ]; then echo "BC_BREAK=true" >> $GITHUB_OUTPUT; fi; + set -e - name: Create Pull Request if: steps.npm_audit.outputs.CREATE_PR == 'true' @@ -52,6 +59,11 @@ jobs: labels: auto-update body: | # Npm audit + + if [ steps.npm_audit_fix.outputs.BC_BREAK == 'true' ]; then + :exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running `npm audit fix --force` and test the functionalities thoroughly as there might be breaking changes. :exclamation: + fi + ## How to install * Update the HDBT theme From 96c10ec06b1b629fcc890b7438ff0983e14415e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Thu, 25 Jan 2024 11:03:02 +0200 Subject: [PATCH 54/59] UHF-9380: Added PR warning text as a conditional block. --- .github/workflows/npm-audit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 6215143eb..ae8789125 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -59,10 +59,10 @@ jobs: labels: auto-update body: | # Npm audit - - if [ steps.npm_audit_fix.outputs.BC_BREAK == 'true' ]; then - :exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running `npm audit fix --force` and test the functionalities thoroughly as there might be breaking changes. :exclamation: - fi + + {{#if steps.npm_audit_fix.outputs.BC_BREAK == 'true'}} + :exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running `npm audit fix --force` and test the functionalities thoroughly as there might be breaking changes. :exclamation: + {{/if}} ## How to install From aae05b33899a7cffcecfb8f78344ae501f3cb407 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Thu, 25 Jan 2024 11:28:41 +0200 Subject: [PATCH 55/59] UHF-9380: Debugging... --- .github/workflows/npm-audit.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index ae8789125..275a32694 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -45,7 +45,7 @@ jobs: npm audit fix --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -gt 0 ]; then echo "BC_BREAK=true" >> $GITHUB_OUTPUT; fi; + if [ $? -gt 0 ]; then echo "BC_BREAK=:exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running `npm audit fix --force` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_OUTPUT; fi; set -e - name: Create Pull Request @@ -59,11 +59,9 @@ jobs: labels: auto-update body: | # Npm audit - - {{#if steps.npm_audit_fix.outputs.BC_BREAK == 'true'}} - :exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running `npm audit fix --force` and test the functionalities thoroughly as there might be breaking changes. :exclamation: - {{/if}} + ${{ steps.npm_audit_fix.outputs.BC_BREAK }} + ## How to install * Update the HDBT theme From 9ede0f3571547cbb7a235fd6ee70038c05629df2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Thu, 25 Jan 2024 11:37:09 +0200 Subject: [PATCH 56/59] UHF-9380: Debugging... --- .github/workflows/npm-audit.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 275a32694..f489ee5af 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -45,8 +45,9 @@ jobs: npm audit fix --package-lock-only --loglevel=error; # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -gt 0 ]; then echo "BC_BREAK=:exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running `npm audit fix --force` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_OUTPUT; fi; - set -e + if [ $? -gt 0 ]; then + echo "BC_BREAK=:exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_OUTPUT; + fi; - name: Create Pull Request if: steps.npm_audit.outputs.CREATE_PR == 'true' From 66ac192db0fe0cb8d9c98dc3b0b470bcc9ebd6f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Thu, 25 Jan 2024 11:44:48 +0200 Subject: [PATCH 57/59] UHF-9380: Removed traces of testing branches. --- .github/workflows/npm-audit.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index f489ee5af..dfa5b4d0f 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -1,12 +1,9 @@ name: Npm audit on: + workflow_dispatch: schedule: - cron: '0 12 * * 0' # Run every fortnight on Sunday at 12 - workflow_dispatch: - push: - branches: - - UHF-9380 jobs: npm_audit: @@ -15,8 +12,6 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - with: - ref: UHF-X_npm_broken_branch - name: Set up Node.js, install dependencies run: | From c74f2704c16c12061320f5da10183c75fbd0e91d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Mon, 29 Jan 2024 11:33:52 +0200 Subject: [PATCH 58/59] UHF-9380: Simplified npm audit action. --- .github/workflows/npm-audit.yml | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index dfa5b4d0f..3989c71f3 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -13,7 +13,8 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Set up Node.js, install dependencies + - name: Use Node.js from .nvmrc + id: npm_audit run: | node_version=$(cat .nvmrc) echo "Using Node.js version $node_version" @@ -21,28 +22,17 @@ jobs: nvm install $node_version nvm use $node_version npm install --silent - - - name: Check for vulnerabilities - id: npm_audit - run: | set +e npm audit --package-lock-only --loglevel=error; - - # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. - if [ $? -eq 0 ]; then echo "CREATE_PR=false" >> $GITHUB_OUTPUT; else echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi; - set -e - - - name: Run npm audit fix - id: npm_audit_fix - if: steps.npm_audit.outputs.CREATE_PR == 'true' - run: | - set +e - npm audit fix --package-lock-only --loglevel=error; - # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. if [ $? -gt 0 ]; then - echo "BC_BREAK=:exclamation: NPM Audit fix couldn't fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_OUTPUT; + npm audit fix --package-lock-only --loglevel=error; + if [ $? -gt 0 ]; then + echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV; + fi; + echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi; + set -e - name: Create Pull Request if: steps.npm_audit.outputs.CREATE_PR == 'true' @@ -56,7 +46,7 @@ jobs: body: | # Npm audit - ${{ steps.npm_audit_fix.outputs.BC_BREAK }} + ${{ env.BC_BREAK }} ## How to install From 624cec857d22cf382da73fe752dce21e51e847e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= Date: Mon, 29 Jan 2024 11:36:12 +0200 Subject: [PATCH 59/59] UHF-9380: More descriptive step name for the npm audit. --- .github/workflows/npm-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 3989c71f3..549b0b3ea 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -13,7 +13,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Use Node.js from .nvmrc + - name: Run npm audit id: npm_audit run: | node_version=$(cat .nvmrc)