Skip to content

npm update: bump eslint from 8.57.0 to 9.9.0 #215

npm update: bump eslint from 8.57.0 to 9.9.0

npm update: bump eslint from 8.57.0 to 9.9.0 #215

Workflow file for this run

name: ESLint, Tests, and Snyk
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
schedule:
- cron: "30 15 * * 5"
jobs:
Eslint_QL:
name: Run ESLint scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
actions: read
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Node.js
uses: actions/setup-node@v3
- name: Install dependencies
run: npm ci
- name: Install ESLint
run: |
npm install eslint
npm install @microsoft/[email protected]
npm install @typescript-eslint/eslint-plugin
npm install @typescript-eslint/parser
npm install eslint-plugin-react
npm install eslint-config-prettier
- name: Run ESLint
run: |
npx eslint . --config .eslintrc.json --ext .js,.jsx,.ts,.tsx --format @microsoft/eslint-formatter-sarif --output-file eslint-results.sarif
continue-on-error: true
- name: Fix SARIF file
run: |
node -e "
const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync('eslint-results.sarif', 'utf8'));
sarif.runs[0].results.forEach(result => {
if (result.suppressions) {
result.suppressions = Array.from(new Set(result.suppressions.map(JSON.stringify))).map(JSON.parse);
}
});
fs.writeFileSync('eslint-results-fixed.sarif', JSON.stringify(sarif));
"
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: eslint-results-fixed.sarif
wait-for-processing: true
Code_QL:
needs: Eslint_QL
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["javascript", "typescript"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
Run_Snyk_Tests:
needs: Code_QL
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Node.js
uses: actions/setup-node@v3
- name: Install dependencies
run: npm ci
- name: Install Snyk
run: npm install -g snyk
- name: Cache
uses: actions/[email protected]
continue-on-error: true
with:
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
path: |
~/.npm
${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
continue-on-error: true
with:
args: --all-projects --severity-threshold=high --json > snyk_report.json || true
- name: Ensure Snyk report exists
run: |
if [ ! -f snyk_report.json ]; then
echo "{}" > snyk_report.json && echo "Snyk report was not generated" && exit 1
fi
- name: Run Snyk to check for vulnerabilities
run: snyk code test --sarif > snyk-code.sarif || true
- name: Snyk IaC test and report
run: snyk iac test --report || true
- name: Upload Snyk report
uses: actions/upload-artifact@v2
with:
name: snyk_report
path: snyk_report.json
Run_App_Tests:
needs: Code_QL
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Node.js
uses: actions/setup-node@v3
- name: Install dependencies
run: npm ci
- name: Install Snyk
run: npm install -g snyk
- name: Cache
uses: actions/[email protected]
continue-on-error: true
with:
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
path: |
~/.npm
${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-