feat(NUM-2294): add feedback notification for upload #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build for development | |
on: | |
push: | |
branches: [ 'feature/**', 'dependabot/**' ] | |
pull_request_target: | |
branches: [ develop ] | |
types: [ closed ] | |
jobs: | |
test_and_scan: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Node 20 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20' | |
cache: 'npm' | |
- name: Fontawesome | |
run: | | |
cp ~/work/num-portal-webapp/num-portal-webapp/.github/.npmrc ~/ | |
envsubst '$FONTAWESOME_NPM_AUTH_TOKEN' < ~/.npmrc | |
- name: Install | |
run: npm install | |
- name: Run Linter | |
run: npm run lint | |
- name: Run frontend unit tests | |
run: npm run test-ci | |
env: | |
NODE_OPTIONS: --max_old_space_size=4096 | |
- name: Upload test report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-report | |
path: ./reports/junit/ | |
- name: Run CVE scan with audit | |
run: npm audit --audit-level=critical | |
- name: Run Trivy vulnerability scanner in repo mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
severity: 'CRITICAL,HIGH' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
docker: | |
needs: test_and_scan | |
if: github.event.pull_request.merged == true | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Node 20 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20' | |
cache: 'npm' | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
load: true | |
tags: ${{ secrets.DOCKER_USERNAME }}/num-portal-webapp:develop | |