From 924926fdcf9b51371b5fcbc86f99bff9f255a62b Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Tue, 14 May 2024 18:58:59 -0400 Subject: [PATCH 1/4] [CONFIG] NPM and Makefile: jest clean action added. --- Makefile | 3 ++- package.json | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 3151a715..52cba743 100644 --- a/Makefile +++ b/Makefile @@ -44,6 +44,7 @@ env: @echo "################################################################################" clean: + npm run jest:clean rm -vfr ./node_modules rm -vfr ./coverage mkdir -p ./coverage @@ -65,7 +66,7 @@ test/static: dependencies npm run lint test: env dependencies test/static - npm run test + npm run jest:ci coverage: test diff --git a/package.json b/package.json index 11433d9b..9f44e91b 100644 --- a/package.json +++ b/package.json @@ -7,11 +7,12 @@ "start": "npm run test", "lint": "npx eslint . --color --max-warnings=0 && echo '✔ Your code looks good.'", "lint:watch": "npx esw . --color --max-warnings=0 --watch", - "jest": "node --experimental-vm-modules ./node_modules/.bin/jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug", + "jest:ci": "node --experimental-vm-modules ./node_modules/.bin/jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug", + "jest:clean": "jest --clearCache && watchman watch-del-all", "jest:bruteforce": "BRUTEFORCE=true node --experimental-vm-modules ./node_modules/.bin/jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug", "jest:watch": "node --experimental-vm-modules ./node_modules/.bin/jest --no-cache --ci --color --detectOpenHandles --forceExit --runInBand --debug --watchAll", "prettier": "npx prettier --write 'src/**/*.js'", - "test": "npm run jest", + "test": "jest", "test:all": "npm run lint && npm run jest && echo 'Done.'", "test:watch": "concurrently -k -s first --names \"LINT,TEST\" -p \"[{name}]\" \"npm run lint:watch\" \"npm run jest:watch\"", "update-all": "npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)" From 535dbea32da9cb9517345363e9fc73473bbea009 Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Tue, 14 May 2024 19:07:56 -0400 Subject: [PATCH 2/4] [CONFIG] Github Actions scripts equalized --- .github/workflows/codeql-analysis.yml | 14 +++++++++----- .github/workflows/docker-image.yml | 4 +--- .github/workflows/eslint.yml | 2 +- .github/workflows/node-coverage.js.yml | 2 +- .github/workflows/node.js.yml | 12 +++++------- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8e83f453..fd913e5b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,7 +23,7 @@ on: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} permissions: actions: read contents: read @@ -34,6 +34,8 @@ jobs: matrix: language: [ 'javascript' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: @@ -49,11 +51,11 @@ jobs: # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v3 @@ -65,8 +67,10 @@ jobs: # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index d4d8f34d..4a315d5c 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -15,12 +15,10 @@ jobs: steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - #- name: Build the Docker image - # run: docker build . --file Dockerfile --tag algorithm-exercises-go:${{ github.sha }} - name: Build the Docker image run: make compose/rebuild - name: Run test in Docker image run: make compose/run - name: Tag Docker image - run: docker tag algorithm-exercises-js:latest algorithm-exercises-js:${{ github.sha }} + run: docker tag algorithm-exercises-js:latest algorithm-exercises-js:${{ github.sha }} diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index c00a484f..3166f531 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -11,7 +11,7 @@ name: ESLint on: push: - branches: [ "main", "develop", "feature/*" ] + branches: [ "main", "develop" ] pull_request: # The branches below must be a subset of the branches above branches: [ "main" ] diff --git a/.github/workflows/node-coverage.js.yml b/.github/workflows/node-coverage.js.yml index a4ddb36b..82d7ce3a 100644 --- a/.github/workflows/node-coverage.js.yml +++ b/.github/workflows/node-coverage.js.yml @@ -36,7 +36,7 @@ jobs: run: npm run lint - name: Run the tests - run: npm test -- --coverage + run: npm run jest:ci -- --coverage - name: Upload coverage reports to Codecov with GitHub Action uses: codecov/codecov-action@v4 diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index d127983b..4554b17d 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -1,6 +1,3 @@ -# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node -# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions - name: Node.js CI Tests on: @@ -25,9 +22,10 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 + - name: Checkout repository + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - - name: Use Node.js ${{ matrix.node-version }} + - name: Set up Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} @@ -38,5 +36,5 @@ jobs: - name: Lint run: npm run lint - - name: Test - run: npm run test + - name: Run the tests + run: npm run jest:ci From dbc6b7d444f46698eafde2b96c1b5ce0cc5a5a77 Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Tue, 14 May 2024 19:09:20 -0400 Subject: [PATCH 3/4] [CONFIG] Github action: Snyk code analysis added. --- .github/workflows/node-snyk.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/node-snyk.yml diff --git a/.github/workflows/node-snyk.yml b/.github/workflows/node-snyk.yml new file mode 100644 index 00000000..188e3191 --- /dev/null +++ b/.github/workflows/node-snyk.yml @@ -0,0 +1,20 @@ +# This workflow will build a .NET project +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net + +name: Snyk Code analysis + +on: + push: + branches: [ main, develop, feature/* ] + pull_request: + branches: [ main ] + +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/node@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 587dc2c3717cc0218b98768a8fc0963f361f68ce Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Tue, 14 May 2024 19:09:43 -0400 Subject: [PATCH 4/4] [CONFIG] Github action: Snyk Container analysis added. --- .github/workflows/docker-image.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 4a315d5c..8e8bd9b7 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -22,3 +22,20 @@ jobs: - name: Tag Docker image run: docker tag algorithm-exercises-js:latest algorithm-exercises-js:${{ github.sha }} + - name: Run Snyk to check Docker image for vulnerabilities + # Snyk can be used to break the build when it detects vulnerabilities. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/docker@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token + # or you can sign up for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: algorithm-exercises-js:latest + args: --file=Dockerfile + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: snyk.sarif