Skip to content

fix(deps): update dependency node-fetch to v3 [security] #1095

fix(deps): update dependency node-fetch to v3 [security]

fix(deps): update dependency node-fetch to v3 [security] #1095

Workflow file for this run

name: CI
on: [push]
env:
CI: true
TZ: UTC
E2E_TEST: 1
NODE_ENV: ci
PGHOST: localhost
PGUSER: postgres
IMAGES_URL: http://localhost:3001
API_URL: http://localhost:3060
API_KEY: dvl-1510egmf4a23d80342403fb599qd
API_FOLDER: /home/runner/work/opencollective-images/opencollective-images/opencollective-api
IMAGES_FOLDER: /home/runner/work/opencollective-images/opencollective-images
PG_DATABASE: opencollective_dvl
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Update apt
run: sudo apt-get update || exit 0
- name: Install graphicsmagick
run: sudo apt-get install -y graphicsmagick
- name: Checkout
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
# Npm cache
- name: Restore .npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-npm-cache-${{ github.sha }}
restore-keys: |
- ${{ runner.os }}-npm-cache-${{ github.sha }}
- ${{ runner.os }}-npm-cache-
- name: Restore node_modules
uses: actions/cache@v3
id: node-modules
with:
path: node_modules
key: ${{ runner.os }}-node-modules-${{ hashFiles('package-lock.json') }}
- name: Install dependencies
if: steps.node-modules.outputs.cache-hit != 'true'
run: npm ci --prefer-offline --no-audit
- run: npm run lint:quiet
prettier:
runs-on: ubuntu-latest
steps:
- name: Update apt
run: sudo apt-get update || exit 0
- name: Install graphicsmagick
run: sudo apt-get install -y graphicsmagick
- name: Checkout
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
# Npm cache
- name: Restore .npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-npm-cache-${{ github.sha }}
restore-keys: |
- ${{ runner.os }}-npm-cache-${{ github.sha }}
- ${{ runner.os }}-npm-cache-
- name: Restore node_modules
uses: actions/cache@v3
id: node-modules
with:
path: node_modules
key: ${{ runner.os }}-node-modules-${{ hashFiles('package-lock.json') }}
- name: Install dependencies
if: steps.node-modules.outputs.cache-hit != 'true'
run: npm ci --prefer-offline --no-audit
- run: npm run prettier:check
depcheck:
runs-on: ubuntu-latest
steps:
- name: Update apt
run: sudo apt-get update || exit 0
- name: Install graphicsmagick
run: sudo apt-get install -y graphicsmagick
- name: Checkout
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
# Npm cache
- name: Restore .npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-npm-cache-${{ github.sha }}
restore-keys: |
- ${{ runner.os }}-npm-cache-${{ github.sha }}
- ${{ runner.os }}-npm-cache-
- name: Restore node_modules
uses: actions/cache@v3
id: node-modules
with:
path: node_modules
key: ${{ runner.os }}-node-modules-${{ hashFiles('package-lock.json') }}
- name: Install dependencies
if: steps.node-modules.outputs.cache-hit != 'true'
run: npm ci --prefer-offline --no-audit
- run: npm run depcheck
test:
runs-on: ubuntu-latest
services:
redis:
image: redis
ports:
- 6379:6379
options: --entrypoint redis-server
postgres:
image: postgres:13.13
env:
POSTGRES_USER: postgres
POSTGRES_DB: postgres
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
# needed because the postgres container does not provide a healthcheck
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: Update apt
run: sudo apt-get update || exit 0
- name: Install postgresql-client
run: sudo apt-get install -y postgresql-client
- name: Install graphicsmagick
run: sudo apt-get install -y graphicsmagick
# Npm cache
- name: Restore .npm cache
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-npm-cache-${{ github.sha }}
restore-keys: |
- ${{ runner.os }}-npm-cache-${{ github.sha }}
- ${{ runner.os }}-npm-cache-
# Checkouts
- name: Checkout (images)
uses: actions/checkout@v4
- name: Checkout (api)
uses: actions/checkout@v4
with:
repository: opencollective/opencollective-api
path: opencollective-api
# Node and NPM
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
# Prepare API
- name: Restore node_modules (api)
uses: actions/cache@v3
id: api-node-modules
with:
path: opencollective-api/node_modules
key: ${{ runner.os }}-api-node-modules-${{ hashFiles('opencollective-api/package-lock.json') }}
- name: Install dependencies (api)
working-directory: opencollective-api
if: steps.api-node-modules.outputs.cache-hit != 'true'
run: npm ci --prefer-offline --no-audit
- name: Build (api)
working-directory: opencollective-api
if: steps.api-build.outputs.cache-hit != 'true'
run: npm run build
# Prepare Images
- name: Restore node_modules (images)
uses: actions/cache@v3
id: images-node-modules
with:
path: node_modules
key: ${{ runner.os }}-images-node-modules-${{ hashFiles('package-lock.json') }}
- name: Install dependencies (images)
if: steps.images-node-modules.outputs.cache-hit != 'true'
run: npm ci --prefer-offline --no-audit
- name: Build (images)
run: npm run build
# Prepare DB
- name: Restore DB
working-directory: opencollective-api
run: npm run db:restore
- name: Migrate DB
working-directory: opencollective-api
run: npm run db:migrate
# Run test
- name: Run test
run: ./scripts/run_test.sh