chore(deps): bump the sample-apps-npm-deps group across 15 directories with 35 updates #3301
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security, Code Quality and Bundle Size Checks | |
| on: | |
| pull_request: | |
| branches: ['develop', 'main', 'hotfix/*'] | |
| types: ['opened', 'reopened', 'synchronize'] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| env: | |
| NODE_OPTIONS: '--no-warnings' | |
| BASE_REF: ${{ github.event.pull_request.base.sha || 'HEAD' }} | |
| jobs: | |
| get-affected-projects: | |
| name: Get affected projects | |
| runs-on: [self-hosted, Linux, X64] | |
| outputs: | |
| affected_projects: ${{ steps.check_affected.outputs.affected_projects }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' | |
| - name: Setup workspace | |
| env: | |
| HUSKY: 0 | |
| run: | | |
| npm run setup:deps | |
| - name: Check for affected projects | |
| id: check_affected | |
| run: | | |
| AFFECTED_PROJECTS=$(npx nx show projects --affected --exclude=@rudderstack/analytics-js-sanity-suite --base=$BASE_REF | paste -sd ',' - | sed 's/,$//') | |
| echo "Affected projects: $AFFECTED_PROJECTS" | |
| echo "affected_projects=$AFFECTED_PROJECTS" >> $GITHUB_OUTPUT | |
| bundle-size-checks: | |
| name: Bundle size checks | |
| runs-on: [self-hosted, Linux, X64] | |
| needs: get-affected-projects | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' | |
| - name: Setup workspace | |
| env: | |
| HUSKY: 0 | |
| run: | | |
| npm run setup:deps | |
| - name: Execute bundle size checks | |
| uses: rudderlabs/github-action-check-size-limit@3afc3f6011b321f501b901375737ba55d8aff29d # v3.0.0 | |
| if: ${{ needs.get-affected-projects.outputs.affected_projects != '' }} | |
| env: | |
| HUSKY: 0 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| install_script: npm run setup:ci | |
| build_script: npm run check:size:build -- --projects=${{ needs.get-affected-projects.outputs.affected_projects }} | |
| script: npm run check:size:json:ci --silent -- --output-style=static --silent=true --projects=${{ needs.get-affected-projects.outputs.affected_projects }} | |
| is_monorepo: true | |
| code-quality-checks: | |
| name: Code quality checks | |
| runs-on: [self-hosted, Linux, X64] | |
| needs: get-affected-projects | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' | |
| - name: Setup workspace | |
| env: | |
| HUSKY: 0 | |
| run: | | |
| npm run setup:ci | |
| - name: Build the project | |
| run: | | |
| npm run build:ci | |
| npm run build:modern:ci | |
| - name: Execute package linting checks | |
| run: | | |
| npm run check:pub:ci | |
| - name: Execute code quality checks | |
| if: ${{ needs.get-affected-projects.outputs.affected_projects != '' }} | |
| run: | | |
| npm run check:circular -- --projects=${{ needs.get-affected-projects.outputs.affected_projects }} | |
| npm run check:duplicates -- --projects=${{ needs.get-affected-projects.outputs.affected_projects }} | |
| security-checks: | |
| name: Security checks | |
| runs-on: [self-hosted, Linux, X64] | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Setup Node | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: 'npm' | |
| - name: Setup workspace | |
| env: | |
| HUSKY: 0 | |
| run: | | |
| npm run setup:deps | |
| - name: Execute security checks | |
| run: | | |
| npm run check:security |