Merge pull request #3 from ArshiyaNisa/dependabot/npm_and_yarn/code/s… #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Step 3 # Dependabot Security Updates | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "code/src/AttendeeSite/**" | |
| permissions: | |
| contents: read | |
| actions: write | |
| issues: write | |
| env: | |
| STEP_4_FILE: ".github/steps/4-dependabot-versions.md" | |
| PACKAGE_JSON: "code/src/AttendeeSite/package.json" | |
| PACKAGE_LOCK_JSON: "code/src/AttendeeSite/package-lock.json" | |
| jobs: | |
| find_exercise: | |
| name: Find Exercise Issue | |
| uses: skills/exercise-toolkit/.github/workflows/[email protected] | |
| if: | | |
| github.run_number != 1 | |
| check_step_work: | |
| name: Check step work | |
| runs-on: ubuntu-latest | |
| needs: find_exercise | |
| if: | | |
| !github.event.repository.is_template | |
| env: | |
| ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get response templates | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: skills/exercise-toolkit | |
| path: exercise-toolkit | |
| ref: v0.3.0 | |
| - name: Update comment - checking work | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body-file exercise-toolkit/markdown-templates/step-feedback/checking-work.md \ | |
| --edit-last | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # START: Check practical exercise | |
| # Verify the PR added the dependabot changes. | |
| - name: Check package.json and package-lock.json for axios version other than 0.21.1 | |
| id: check-axios-version | |
| run: | | |
| # Checks to perform | |
| checks='{ | |
| "package_json": { | |
| "name": "package.json", | |
| "passed": true, | |
| "message": "" | |
| }, | |
| "package_lock_json": { | |
| "name": "package-lock.json", | |
| "passed": true, | |
| "message": "" | |
| } | |
| }' | |
| # Check for minimist version in package.json | |
| file="$PACKAGE_JSON" | |
| keyphrase="\"axios\":[\ \\n\\r\\t]*\"\\^(?!0\\.21\\.[01])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?\"" | |
| minimum_occurrences=1 | |
| found_occurrences=$(grep -o "$keyphrase" "$file" | wc -l) | |
| if [ "$found_occurrences" -lt "$minimum_occurrences" ]; then | |
| checks=$(echo $checks | jq '.package_json.passed = false') | |
| checks=$(echo $checks | jq '.package_json.message = "Please update package.json to use a valid axios version."') | |
| fi | |
| # Check for minimist version in package-lock.json | |
| file="$PACKAGE_LOCK_JSON" | |
| keyphrase="axios-(?!0\\.21\\.[01])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?" | |
| minimum_occurrences=1 | |
| found_occurrences=$(grep -o "$keyphrase" "$file" | wc -l) | |
| if [ "$found_occurrences" -lt "$minimum_occurrences" ]; then | |
| checks=$(echo $checks | jq '.package_lock_json.passed = false') | |
| checks=$(echo $checks | jq '.package_lock_json.message = "Please update package-lock.json to use a valid axios version."') | |
| fi | |
| # Verify all checks passed | |
| passed=$(echo $checks | jq '. | all(.passed?)') | |
| # Flatten to an array for returning. Allows iteration during rendering. | |
| results=$(echo $checks | jq 'to_entries | map({name: .key} + .value)') | |
| # Save pass status to output | |
| echo "passed=$passed" >> $GITHUB_OUTPUT | |
| # Save results to output | |
| echo 'results<<EOF' >> $GITHUB_OUTPUT | |
| echo $results >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # END: Check practical exercise | |
| - name: Build message - step finished | |
| id: build-message-step-finish | |
| uses: skills/action-text-variables@v2 | |
| with: | |
| template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md | |
| template-vars: | | |
| next_step_number: "4" | |
| - name: Update comment - step finished | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body "${{ steps.build-message-step-finish.outputs.updated-text }}" \ | |
| --edit-last | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| post_next_step_content: | |
| name: Post next step content | |
| needs: [find_exercise, check_step_work] | |
| runs-on: ubuntu-latest | |
| env: | |
| ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get response templates | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: skills/exercise-toolkit | |
| path: exercise-toolkit | |
| ref: v0.3.0 | |
| - name: Build comment - add step content | |
| id: build-comment | |
| uses: skills/action-text-variables@v2 | |
| with: | |
| template-file: "${{ env.STEP_4_FILE }}" | |
| template-vars: | | |
| full_repo_name: "${{ github.repository }}" | |
| - name: Create comment - add step content | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body "$ISSUE_BODY" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ISSUE_BODY: ${{ steps.build-comment.outputs.updated-text }} | |
| - name: Create comment - watching for progress | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Disable current workflow and enable next one | |
| run: | | |
| gh workflow disable "Step 3" | |
| gh workflow enable "Step 4" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |