XSS Vulnerability and API Version fix #188
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Unique name for this workflow | |
| name: PR Validation | |
| # Definition when the workflow should run | |
| on: | |
| pull_request: | |
| types: [edited, opened, synchronize, reopened, review_requested] | |
| paths: | |
| - 'sfdx-source/**' | |
| - 'pmd/**' | |
| - 'config/**' | |
| - 'data/**' | |
| workflow_dispatch: | |
| concurrency: | |
| group: pr-tests-${{ github.ref }}-1 | |
| cancel-in-progress: true | |
| # Jobs to be executed | |
| jobs: | |
| check-pmd: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| steps: | |
| # Checkout the source code | |
| - name: 'Checkout source code' | |
| uses: actions/checkout@v3 | |
| # Install PMD | |
| - name: 'Install PMD' | |
| run: | | |
| PMD_VERSION=$(curl -s https://api.github.com/repos/pmd/pmd/releases/latest | grep '.tag_name' | sed 's:.*/::' | sed 's:",::') | |
| wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F$PMD_VERSION/pmd-dist-$PMD_VERSION-bin.zip | |
| unzip pmd-dist-$PMD_VERSION-bin.zip -d ~ | |
| mv ~/pmd-bin-$PMD_VERSION ~/pmd | |
| ~/pmd/bin/pmd --version | |
| # Run PMD scan | |
| - name: 'Run PMD scan' | |
| run: ~/pmd/bin/pmd check -d sfdx-source -R pmd/deployRules.xml -f text --cache .pmdCache --minimum-priority 2 | |
| test-run: | |
| runs-on: ubuntu-latest | |
| needs: check-pmd | |
| steps: | |
| - name: 'Checkout source code' | |
| uses: actions/checkout@v3 | |
| # Install Salesforce CLI | |
| - name: 'Install Salesforce sf CLI' | |
| run: | | |
| npm install @salesforce/cli --global | |
| sf --version | |
| # Store secret for dev hub | |
| - name: 'Populate auth file with DEVHUB_SFDX_URL secret' | |
| shell: bash | |
| run: | | |
| echo ${{ secrets.DEVHUB_SFDX_URL}} > ./DEVHUB_SFDX_URL.txt | |
| secretFileSize=$(wc -c "./DEVHUB_SFDX_URL.txt" | awk '{print $1}') | |
| if [ $secretFileSize == 1 ]; then | |
| echo "Missing DEVHUB_SFDX_URL secret. Is this workflow running on a fork?"; | |
| exit 1; | |
| fi | |
| # Authenticate dev hub | |
| - name: 'Authenticate Dev Hub' | |
| run: sf org login sfdx-url --sfdx-url-file ./DEVHUB_SFDX_URL.txt --alias devhub --set-default-dev-hub | |
| # Add namespace to project config | |
| - name: Add namespace to project config | |
| run: | | |
| sed -i 's,"namespace": "","namespace": "LabsActionPlans",' sfdx-project.json | |
| # Create scratch org | |
| - name: 'Create scratch org' | |
| #run: sfdx force:org:create -f config/project-scratch-def.json -a ActionPlans -s -d 1 -w 20 --no-ancestors | |
| run: sf org create scratch --definition-file config/project-scratch-def.json --alias ActionPlans --set-default --no-ancestors --duration-days 1 --wait 20 --target-dev-hub devhub | |
| # Deploy source to scratch org | |
| - name: 'Push source to scratch org' | |
| #run: sfdx force:source:push | |
| run: sf deploy metadata --target-org ActionPlans | |
| # Assign permissionset | |
| - name: 'Assign permissionset to default user' | |
| #run: sfdx force:user:permset:assign -n Action_Plans_Admin | |
| run: sf org assign permset --name Action_Plans_Admin --target-org ActionPlans | |
| # Run Apex tests in scratch org | |
| - name: 'Run Apex tests' | |
| #run: sfdx force:apex:test:run --codecoverage --detailedcoverage --resultformat human -l RunLocalTests --wait 20 --outputdir ./ | |
| run: sf apex run test --code-coverage --detailed-coverage --result-format human --wait 20 --test-level RunLocalTests --output-dir ./ | |
| # Upload code coverage to Codecov.io | |
| - name: 'Upload code coverage for Apex to Codecov.io' | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| flags: Apex | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| # Housekeeping | |
| - name: 'Delete scratch org' | |
| if: always() | |
| run: sf org delete scratch --no-prompt --target-org ActionPlans | |
| # Remove namespace from project config | |
| - name: Remove namespace from project config | |
| run: | | |
| sed -i 's,"namespace": "LabsActionPlans","namespace": "",' sfdx-project.json |