Merge pull request #2 from amdhyani/dependabot/npm_and_yarn/code/src/… #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Step 2 # Dependency Alerts | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "code/src/AttendeeSite/**" | |
| permissions: | |
| contents: read | |
| actions: write | |
| issues: write | |
| env: | |
| STEP_3_FILE: ".github/steps/3-dependabot-security.md" | |
| PACKAGE_JSON: "code/src/AttendeeSite/package.json" | |
| PACKAGE_LOCK_JSON: "code/src/AttendeeSite/package-lock.json" | |
| jobs: | |
| find_exercise: | |
| name: Find Exercise Issue | |
| uses: skills/exercise-toolkit/.github/workflows/[email protected] | |
| if: | | |
| github.run_number != 1 | |
| check_step_work: | |
| name: Check step work | |
| runs-on: ubuntu-latest | |
| needs: find_exercise | |
| if: | | |
| !github.event.repository.is_template | |
| env: | |
| ISSUE_REPOSITORY: ${{ github.repository }} | |
| ISSUE_NUMBER: ${{ needs.find_exercise.outputs.issue-number }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Get response templates | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: skills/exercise-toolkit | |
| path: exercise-toolkit | |
| ref: v0.7.3 | |
| - name: Find last comment | |
| id: find-last-comment | |
| uses: peter-evans/find-comment@v4 | |
| with: | |
| repository: ${{ env.ISSUE_REPOSITORY }} | |
| issue-number: ${{ env.ISSUE_NUMBER }} | |
| direction: last | |
| - name: Update comment - checking work | |
| uses: GrantBirki/[email protected] | |
| with: | |
| repository: ${{ env.ISSUE_REPOSITORY }} | |
| issue-number: ${{ env.ISSUE_NUMBER }} | |
| comment-id: ${{ steps.find-last-comment.outputs.comment-id }} | |
| file: exercise-toolkit/markdown-templates/step-feedback/checking-work.md | |
| edit-mode: replace | |
| # START: Check practical exercise | |
| - name: Check package.json for minimist version other than 1.2.5 | |
| id: check-package-json | |
| continue-on-error: true | |
| uses: skills/action-keyphrase-checker@v1 | |
| with: | |
| text-file: ${{ env.PACKAGE_JSON }} | |
| keyphrase: '"minimist":[\t\n\r ]*"\^(?!1\.2\.[0-5])(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?"' | |
| minimum-occurrences: 1 | |
| maximum-occurrences: 1 | |
| - name: Check package-lock.json for minimist version other than 1.2.5 | |
| id: check-package-lock-json | |
| continue-on-error: true | |
| uses: skills/action-keyphrase-checker@v1 | |
| with: | |
| text-file: ${{ env.PACKAGE_LOCK_JSON }} | |
| keyphrase: 'minimist-(?!1\.2\.[0-5])(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?' | |
| - name: Update comment - step results | |
| uses: GrantBirki/[email protected] | |
| with: | |
| repository: ${{ env.ISSUE_REPOSITORY }} | |
| issue-number: ${{ env.ISSUE_NUMBER }} | |
| comment-id: ${{ steps.find-last-comment.outputs.comment-id }} | |
| edit-mode: replace | |
| file: exercise-toolkit/markdown-templates/step-feedback/step-results-table.md | |
| vars: | | |
| step_number: 2 | |
| results_table: | |
| - description: "Checked for updated minimist version in package.json" | |
| passed: ${{ steps.check-package-json.outcome == 'success' }} | |
| - description: "Checked for updated minimist version in package-lock.json" | |
| passed: ${{ steps.check-package-lock-json.outcome == 'success' }} | |
| # END: Check practical exercise | |
| - name: Fail job if not all checks passed | |
| if: contains(steps.*.outcome, 'failure') | |
| run: exit 1 | |
| post_next_step_content: | |
| name: Post next step content | |
| needs: [find_exercise, check_step_work] | |
| runs-on: ubuntu-latest | |
| env: | |
| ISSUE_REPOSITORY: ${{ github.repository }} | |
| ISSUE_NUMBER: ${{ needs.find_exercise.outputs.issue-number }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Get response templates | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: skills/exercise-toolkit | |
| path: exercise-toolkit | |
| ref: v0.7.3 | |
| - name: Create comment - step finished | |
| uses: GrantBirki/[email protected] | |
| with: | |
| repository: ${{ env.ISSUE_REPOSITORY }} | |
| issue-number: ${{ env.ISSUE_NUMBER }} | |
| file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md | |
| vars: | | |
| next_step_number: 3 | |
| - name: Create comment - add step content | |
| uses: GrantBirki/[email protected] | |
| with: | |
| repository: ${{ env.ISSUE_REPOSITORY }} | |
| issue-number: ${{ env.ISSUE_NUMBER }} | |
| file: ${{ env.STEP_3_FILE }} | |
| - name: Create comment - watching for progress | |
| uses: GrantBirki/[email protected] | |
| with: | |
| repository: ${{ env.ISSUE_REPOSITORY }} | |
| issue-number: ${{ env.ISSUE_NUMBER }} | |
| file: exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md | |
| - name: Disable current workflow and enable next one | |
| run: | | |
| gh workflow disable "${{github.workflow}}" | |
| gh workflow enable "Step 3" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |