[Snyk] Security upgrade @tinymce/tinymce-react from 3.13.0 to 5.0.0 #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Appsmith Client Build Workflow | |
| on: | |
| # This line enables manual triggering of this workflow. | |
| workflow_dispatch: | |
| workflow_call: | |
| inputs: | |
| pr: | |
| description: "This is the PR number in case the workflow is being called in a pull request" | |
| required: false | |
| type: number | |
| skip-tests: | |
| description: "This is a boolean value in case the workflow is being called in build deploy-preview" | |
| required: false | |
| type: string | |
| default: "false" | |
| pull_request: | |
| branches: [release, master] | |
| paths: | |
| - "app/client/**" | |
| - "!app/client/cypress/manual_TestSuite/**" | |
| # Change the working directory for all the jobs in this workflow | |
| defaults: | |
| run: | |
| working-directory: app/client | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest-8-cores | |
| # Only run this workflow for internally triggered events | |
| if: | | |
| github.event.pull_request.head.repo.full_name == github.repository || | |
| github.event_name == 'push' || | |
| github.event_name == 'workflow_dispatch' || | |
| github.event_name == 'repository_dispatch' | |
| defaults: | |
| run: | |
| working-directory: app/client | |
| shell: bash | |
| steps: | |
| # The checkout steps MUST happen first because the default directory is set according to the code base. | |
| # GitHub Action expects all future commands to be executed in the code directory. Hence, we need to check out | |
| # the code before doing anything else. | |
| # Check out merge commit with the base branch in case this workflow is invoked via pull request | |
| - name: Checkout the merged commit from PR and base branch | |
| if: inputs.pr != 0 | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| ref: refs/pull/${{ inputs.pr }}/merge | |
| # Checkout the code in the current branch in case the workflow is called because of a branch push event | |
| - name: Checkout the head commit of the branch | |
| if: inputs.pr == 0 | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| # Create a run record exactly at the time of merge to release to | |
| # ensure we compare run details with code at this point | |
| - name: Create Perf Meta | |
| continue-on-error: true | |
| run: | | |
| PGPASSWORD='${{secrets.APPSMITH_PERFORMANCE_DB_PASSWORD}}' psql -h '${{secrets.APPSMITH_PERFORMANCE_DB_HOST}}' \ | |
| -U aforce_admin -d perf-infra -c \ | |
| "INSERT INTO public.run_meta (repo, gh_run_id, gh_run_attempt, is_active) | |
| VALUES ('${{github.repository}}', '${{github.run_id}}', '${{github.run_attempt}}', FALSE)" | |
| # In case this is second attempt try restoring status of the prior attempt from cache | |
| - name: Restore the previous run result | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/run_result | |
| key: ${{ github.run_id }}-${{ github.job }}-client | |
| # Fetch prior run result | |
| - name: Get the previous run result | |
| id: run_result | |
| run: cat ~/run_result 2>/dev/null || echo 'default' | |
| # In case of prior failure run the job | |
| - if: steps.run_result.outputs.run_result != 'success' | |
| run: echo "I'm alive!" && exit 0 | |
| - name: Use Node.js 16.14.0 | |
| if: steps.run_result.outputs.run_result != 'success' | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: "16.14.0" | |
| cache: "yarn" | |
| cache-dependency-path: "app/client/yarn.lock" | |
| # Install all the dependencies | |
| - name: Install dependencies | |
| if: steps.run_result.outputs.run_result != 'success' | |
| run: yarn install --frozen-lockfile | |
| - name: Run Eslint | |
| if: steps.run_result.outputs.run_result != 'success' | |
| run: yarn run lint:ci | |
| - name: Run Prettier | |
| if: steps.run_result.outputs.run_result != 'success' | |
| run: yarn run prettier:ci | |
| - name: Run type import check | |
| if: steps.run_result.outputs.run_result != 'success' | |
| run: yarn run check-types | |
| - name: Set the build environment based on the branch | |
| if: steps.run_result.outputs.run_result != 'success' | |
| id: vars | |
| run: | | |
| echo "REACT_APP_ENVIRONMENT=DEVELOPMENT" >> $GITHUB_OUTPUT | |
| if [[ "${{github.ref}}" == "refs/heads/master" ]]; then | |
| echo "REACT_APP_ENVIRONMENT=PRODUCTION" >> $GITHUB_OUTPUT | |
| fi | |
| if [[ "${{github.ref}}" == "refs/heads/release" ]]; then | |
| echo "REACT_APP_ENVIRONMENT=STAGING" >> $GITHUB_OUTPUT | |
| fi | |
| # Since this is an unreleased build, we set the version to incremented version number with | |
| # a `-SNAPSHOT` suffix. | |
| latest_released_version="$(git tag --list 'v*' --sort=-version:refname | head -1)" | |
| echo "latest_released_version = $latest_released_version" | |
| next_version="$(echo "$latest_released_version" | awk -F. -v OFS=. '{ $NF++; print }')" | |
| echo "next_version = $next_version" | |
| echo version=$next_version-SNAPSHOT >> $GITHUB_OUTPUT | |
| # Run the Jest tests only if the workflow has been invoked in a PR and the previous re-run has failed | |
| - name: Run the jest tests | |
| if: steps.run_result.outputs.run_result != 'success' && inputs.skip-tests != 'true' | |
| run: REACT_APP_ENVIRONMENT=${{steps.vars.outputs.REACT_APP_ENVIRONMENT}} yarn run test:unit | |
| # We burn React environment & the Segment analytics key into the build itself. | |
| # This is to ensure that we don't need to configure it in each installation | |
| - name: Create the bundle | |
| run: | | |
| if [[ "${{ github.ref }}" == "refs/heads/master" ]]; then | |
| export REACT_APP_SEGMENT_CE_KEY="${{ secrets.APPSMITH_SEGMENT_CE_KEY }}" | |
| else | |
| export REACT_APP_SEGMENT_CE_KEY="${{ secrets.APPSMITH_SEGMENT_CE_KEY_RELEASE }}" | |
| fi | |
| REACT_APP_ENVIRONMENT=${{steps.vars.outputs.REACT_APP_ENVIRONMENT}} \ | |
| REACT_APP_FUSIONCHARTS_LICENSE_KEY=${{ secrets.APPSMITH_FUSIONCHARTS_LICENSE_KEY }} \ | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \ | |
| REACT_APP_VERSION_ID=${{ steps.vars.outputs.version }} \ | |
| REACT_APP_VERSION_RELEASE_DATE=$(date -u '+%Y-%m-%dT%H:%M:%SZ') \ | |
| REACT_APP_VERSION_EDITION="Community" \ | |
| yarn build | |
| # Restore the previous built bundle if present. If not push the newly built into the cache | |
| - name: Restore the previous bundle | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| app/client/build/ | |
| key: ${{ github.run_id }}-${{ github.job }}-client | |
| # Upload the build artifact so that it can be used by the test & deploy job in the workflow | |
| - name: Upload react build bundle | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: client-build | |
| path: app/client/build/ | |
| # Set status = success | |
| - name: Save the status of the run | |
| run: echo "run_result=success" >> $GITHUB_OUTPUT > ~/run_result |