Resolve critical audit issue with Axios (#1578) #546
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Deployment | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| jobs: | |
| install: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install pnpm package manager | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: | | |
| pnpm install --frozen-lockfile | |
| pnpm ls --recursive | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: install | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install pnpm package manager | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: "Continuous Integration: lint" | |
| run: pnpm run --if-present lint | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [install, lint] | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install pnpm package manager | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: "Continuous Integration: build" | |
| env: | |
| BASE_URL: "/rvo/" | |
| run: pnpm run --if-present build | |
| - name: "Continuous Integration: test build" | |
| run: pnpm run --if-present test-build | |
| - name: "Generate design system website" | |
| run: pnpm run --filter @nl-rvo/design-system-website generate | |
| - name: Upload artifact for GitHub Pages | |
| uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 | |
| with: | |
| path: packages/design-system-website/dist/ | |
| - name: "Retain build artifact: storybook" | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: storybook | |
| path: packages/storybook/dist/ | |
| retention-days: 1 | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: install | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: "Continuous Integration: test" | |
| run: pnpm run --if-present test | |
| publish-uxpin: | |
| runs-on: ubuntu-latest | |
| needs: install | |
| if: github.ref == 'refs/heads/master' && !contains(github.event.head_commit.message, 'skip ci') | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| ref: refs/heads/master | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Push to UXPin | |
| continue-on-error: true | |
| run: pnpm install && pnpm exec uxpin-merge push --token ${{ secrets.UXPIN_TOKEN }} | |
| working-directory: uxpin-merge | |
| publish-chromatic: | |
| runs-on: ubuntu-latest | |
| needs: install | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install pnpm package manager | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: "Continuous Integration: build Storybook with animation disabled" | |
| env: | |
| STORYBOOK_REDUCED_MOTION: 1 | |
| run: pnpm run --if-present build | |
| - name: Publish to Chromatic | |
| uses: chromaui/action@b5848056bb67ce5f1cccca8e62a37cbd9dd42871 # v13.0.1 | |
| if: github.event.pull_request.draft == false | |
| with: | |
| autoAcceptChanges: master | |
| projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN_NLDESIGNSYSTEM }} | |
| storybookBuildDir: packages/storybook/dist/ | |
| publish-website: | |
| runs-on: ubuntu-latest | |
| needs: [build, lint, test] | |
| if: github.ref == 'refs/heads/master' | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deploy-pages.outputs.page_url }} | |
| permissions: | |
| id-token: write | |
| pages: write | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 | |
| id: deploy-pages | |
| publish-npm: | |
| runs-on: ubuntu-latest | |
| needs: [build, lint, test] | |
| if: github.ref == 'refs/heads/master' | |
| environment: publish | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout release branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| token: ${{ secrets.GH_TOKEN }} | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version-file: ".nvmrc" | |
| - name: Install pnpm package manager | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| - name: "Continuous Deployment: install" | |
| run: | | |
| pnpm install --frozen-lockfile | |
| pnpm ls --recursive | |
| - name: "Continuous Deployment: build" | |
| run: pnpm run --if-present build | |
| - name: "Continuous Deployment: publish to npm Registry" | |
| uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1.7.0 | |
| id: changeset | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} | |
| GIT_AUTHOR_NAME: "NL Design System" | |
| GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} | |
| GIT_COMMITTER_NAME: "NL Design System" | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| with: | |
| commit: "docs(release): design system packages" | |
| setupGitUser: false | |
| title: "docs(release): design system packages" | |
| publish: "pnpm run publish" |