[FAI-18230] Vuln fix: update dockerode/yao-pkg/sonar-action version #598
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**.md' | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| name: Build | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| - name: Set up Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| - name: Install | |
| working-directory: airbyte-local-cli-nodejs | |
| run: npm ci --no-audit --no-fund | |
| - name: Build | |
| working-directory: airbyte-local-cli-nodejs | |
| run: npm run build | |
| - name: Lint | |
| working-directory: airbyte-local-cli-nodejs | |
| run: npm run lint | |
| - name: Test | |
| working-directory: airbyte-local-cli-nodejs | |
| env: | |
| FAROS_API_KEY: ${{ secrets.FAROS_API_KEY }} | |
| run: npm run test -- --coverage --color | |
| - name: Build Shellspec image | |
| working-directory: airbyte-local-cli-bash/test | |
| run: | | |
| docker build . -t 'farosai/shellspec:kcov' | |
| # Run shellspec tests againgst airbyte-local.sh | |
| - name: Run ShellSpec tests | |
| working-directory: airbyte-local-cli-bash | |
| run: | | |
| docker run --rm \ | |
| -v "$PWD/test:/src" \ | |
| -v "$PWD/airbyte-local.sh:/airbyte-local.sh" \ | |
| farosai/shellspec:kcov | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarqube-scan-action@v6 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| test: | |
| name: Test NodeJS Cli | |
| needs: [build] | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest # linux x64 | |
| - ubuntu-24.04-arm # linux arm64 | |
| - macos-13 # macos x64 | |
| - macos-latest # macos arm64 | |
| - windows-latest # windows x64 | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| - name: Set up Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| - name: Install and Build | |
| working-directory: airbyte-local-cli-nodejs | |
| shell: bash | |
| run: | | |
| npm ci --no-audit --no-fund | |
| npm run build | |
| - name: Package | |
| working-directory: airbyte-local-cli-nodejs | |
| shell: bash | |
| run: | | |
| if [ "${{ matrix.os }}" == 'ubuntu-latest' ]; then | |
| TARGET="linuxstatic-x64" | |
| elif [ "${{ matrix.os }}" == 'ubuntu-24.04-arm' ]; then | |
| TARGET="linuxstatic-arm64" | |
| elif [ "${{ matrix.os }}" == 'macos-13' ]; then | |
| TARGET="macos-x64" | |
| elif [ "${{ matrix.os }}" == 'macos-latest' ]; then | |
| TARGET="macos-arm64" | |
| elif [ "${{ matrix.os }}" == 'windows-latest' ]; then | |
| TARGET="win-x64" | |
| fi | |
| npm run pkg -- --target $TARGET | |
| # Run the binary: make sure the binary executes fine on the system/arch | |
| - name: Run binary | |
| working-directory: airbyte-local-cli-nodejs/out/pkg | |
| run: ./airbyte-local --help | |
| # We use Shellspec to run the tests in Bash | |
| - name: Install ShellSpec | |
| shell: bash | |
| run: curl -fsSL https://git.io/shellspec | sh -s 0.28.1 --yes | |
| # Run ALL e2e tests on Linux x64 | |
| - name: Run Bash tests (Linux x64) | |
| if: matrix.os == 'ubuntu-latest' | |
| working-directory: airbyte-local-cli-nodejs | |
| env: | |
| FAROS_API_KEY: ${{ secrets.FAROS_API_KEY }} | |
| run: | | |
| cp ./out/pkg/airbyte-local ./test/exec/airbyte-local | |
| cp -rf ./test/resources ./test/exec/ | |
| shellspec --chdir ./test/exec | |
| # Run partial e2e tests (excluding docker tests) | |
| # - linux arm64: without pushing arm64 airbye connector images, the tests will fail | |
| - name: Run Bash tests (Linux arm64) | |
| if: matrix.os == 'ubuntu-arm64' | |
| working-directory: airbyte-local-cli-nodejs | |
| run: | | |
| cp ./out/pkg/airbyte-local ./test/exec/airbyte-local | |
| cp -rf ./test/resources ./test/exec/ | |
| shellspec --chdir ./test/exec --tag argvParsing,main | |
| # Run partial e2e tests (excluding any tests related to docker check) | |
| # - macos: doesn't have docker by default in the github runner. Too much work to configure and Macos syntax should be relatively the same as linux | |
| - name: Run Bash tests (MacOS) | |
| if: runner.os == 'MacOS' | |
| working-directory: airbyte-local-cli-nodejs | |
| run: | | |
| cp ./out/pkg/airbyte-local ./test/exec/airbyte-local | |
| cp -rf ./test/resources ./test/exec/ | |
| export PATH="$HOME/.local/bin:$PATH" | |
| which shellspec | |
| shellspec --chdir ./test/exec --tag argvParsing | |
| # Run partial e2e tests on Windows bash (excluding docker tests) | |
| # - windows: requires to config the shellspec in PATH. Separete to its own step to run | |
| - name: Run Bash tests (Windows) | |
| if: matrix.os == 'windows-latest' | |
| working-directory: airbyte-local-cli-nodejs | |
| shell: bash | |
| run: | | |
| cp ./out/pkg/airbyte-local ./test/exec/airbyte-local | |
| cp -rf ./test/resources ./test/exec/ | |
| # shellspec is installed in $HOME/.local/bin | |
| export PATH="$HOME/.local/bin:$PATH" | |
| which shellspec | |
| shellspec --chdir ./test/exec --tag argvParsing,main | |
| # Run all e2e tests on Windows powershell | |
| # We use Pester to run e2e tests on Windows powershell. Pester is pre-installed on the Windows runner | |
| - name: Run Powershell tests (Windows) | |
| if: matrix.os == 'windows-latest' | |
| working-directory: airbyte-local-cli-nodejs | |
| shell: pwsh | |
| env: | |
| FAROS_API_KEY: ${{ secrets.FAROS_API_KEY }} | |
| run: | | |
| # cp ./out/pkg/airbyte-local ./test/airbyte-local | |
| Copy-Item -Path ./out/pkg/airbyte-local.exe -Destination ./test/airbyte-local.exe | |
| # cd ./test | |
| Set-Location -Path ./test | |
| # Run Pester | |
| Invoke-Pester -Output Detailed ./pester/index.Tests.ps1 | |
| tag: | |
| name: Tag | |
| needs: [test] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| if: github.ref == 'refs/heads/main' | |
| outputs: | |
| createdTag: ${{ steps.create-tag.outputs.tag }} | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - name: Create tag | |
| id: create-tag | |
| uses: salsify/action-detect-and-tag-new-version@v2 | |
| with: | |
| version-command: cat airbyte-local-cli-nodejs/package.json | jq -r '.version' | |
| # Only recreate the latest tag if a new tag was created | |
| - name: Recreate latest tag | |
| if: ${{ steps.create-tag.outputs.tag != null }} | |
| run: | | |
| git push --delete origin latest || true | |
| git tag -f latest | |
| git push origin latest --force | |
| build-binaries: | |
| name: Build Binaries | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest # linux x64 | |
| - ubuntu-24.04-arm # linux arm64 | |
| - macos-13 # macos x64 | |
| - macos-latest # macos arm64 | |
| - windows-latest # windows x64 | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 15 | |
| needs: [tag] | |
| # Only run if the tag was created | |
| if: needs.tag.outputs.createdTag != null | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| - name: Set up Node | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: 22.x | |
| - name: Install | |
| working-directory: airbyte-local-cli-nodejs | |
| shell: bash | |
| run: | | |
| npm ci --no-audit --no-fund | |
| npm run version | |
| - name: Package for Platform | |
| working-directory: airbyte-local-cli-nodejs | |
| shell: bash | |
| run: | | |
| if [ "${{ matrix.os }}" == 'ubuntu-latest' ]; then | |
| TARGET="linuxstatic-x64" | |
| BINARY_NAME="linux-x64" | |
| elif [ "${{ matrix.os }}" == 'ubuntu-24.04-arm' ]; then | |
| TARGET="linuxstatic-arm64" | |
| BINARY_NAME="linux-arm64" | |
| elif [ "${{ matrix.os }}" == 'macos-13' ]; then | |
| TARGET="macos-x64" | |
| BINARY_NAME=$TARGET | |
| elif [ "${{ matrix.os }}" == 'macos-latest' ]; then | |
| TARGET="macos-arm64" | |
| BINARY_NAME=$TARGET | |
| elif [ "${{ matrix.os }}" == 'windows-latest' ]; then | |
| TARGET="win-x64" | |
| BINARY_NAME=$TARGET | |
| fi | |
| echo "BINARY_NAME=$BINARY_NAME" >> $GITHUB_ENV | |
| npm run pkg -- --target $TARGET | |
| - name: Compress Linux/MacOS binaries | |
| working-directory: airbyte-local-cli-nodejs/out/pkg | |
| if: runner.os != 'Windows' | |
| run: | | |
| zip airbyte-local-${BINARY_NAME}.zip airbyte-local | |
| - name: Compress Windows binaries | |
| working-directory: airbyte-local-cli-nodejs/out/pkg | |
| if: runner.os == 'Windows' | |
| run: | | |
| Compress-Archive -Path airbyte-local.exe -DestinationPath airbyte-local-win-x64.zip | |
| - name: Upload binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release_${{ env.BINARY_NAME }} | |
| path: airbyte-local-cli-nodejs/out/pkg/airbyte-local-${{ env.BINARY_NAME }}.zip | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: [tag, build-binaries] | |
| steps: | |
| - name: Download All Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: airbyte-local-cli-nodejs/out/pkg | |
| - name: List Downloaded Binaries | |
| run: | | |
| ls -R airbyte-local-cli-nodejs/out/pkg | |
| - name: Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| airbyte-local-cli-nodejs/out/pkg/release_linux-x64/airbyte-local-linux-x64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_linux-arm64/airbyte-local-linux-arm64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_macos-x64/airbyte-local-macos-x64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_macos-arm64/airbyte-local-macos-arm64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_win-x64/airbyte-local-win-x64.zip | |
| tag_name: ${{ needs.tag.outputs.createdTag }} | |
| # Release to latest every time | |
| - name: Release Latest | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| airbyte-local-cli-nodejs/out/pkg/release_linux-x64/airbyte-local-linux-x64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_linux-arm64/airbyte-local-linux-arm64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_macos-x64/airbyte-local-macos-x64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_macos-arm64/airbyte-local-macos-arm64.zip | |
| airbyte-local-cli-nodejs/out/pkg/release_win-x64/airbyte-local-win-x64.zip | |
| tag_name: latest | |
| prerelease: false | |
| draft: false |