Skip to content

[Snyk] Upgrade vue from 3.3.8 to 3.4.27 #383

[Snyk] Upgrade vue from 3.3.8 to 3.4.27

[Snyk] Upgrade vue from 3.3.8 to 3.4.27 #383

Workflow file for this run

name: CI
on: [push, pull_request]
env:
COMPOSE_FILE: docker-compose.ci.yml
TEST_IMAGE_REPO: ghcr.io/18f/api.data.gov
jobs:
test:
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.image-metadata.outputs.version }}
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Container metadata
id: image-metadata
uses: docker/metadata-action@v4
with:
images: ${{ env.TEST_IMAGE_REPO }}
flavor: |
prefix=test-image-
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker build
run: docker buildx bake -f "${{ env.COMPOSE_FILE }}" --push
env:
TEST_IMAGE_TAG: ${{ steps.image-metadata.outputs.version }}
- name: ESLint
run: docker compose run --rm web yarn run lint --max-warnings 0
env:
TEST_IMAGE_TAG: ${{ steps.image-metadata.outputs.version }}
- name: Prettier Check
run: docker compose run --rm web yarn run prettier:check
env:
TEST_IMAGE_TAG: ${{ steps.image-metadata.outputs.version }}
build:
runs-on: ubuntu-latest
needs: test
strategy:
matrix:
deploy_env: [production, staging]
include:
- deploy_env: production
web_site_root_secret_name: WEB_SITE_ROOT
- deploy_env: staging
web_site_root_secret_name: STAGING_WEB_SITE_ROOT
- deploy_env: production
signup_api_key_secret_name: API_KEY
- deploy_env: staging
signup_api_key_secret_name: STAGING_API_KEY
- deploy_env: production
contact_api_key_secret_name: CONTACT_API_KEY
- deploy_env: staging
contact_api_key_secret_name: STAGING_CONTACT_API_KEY
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build
- name: Build
env:
TEST_IMAGE_TAG: ${{ needs.test.outputs.image-tag }}
run: |
docker compose run \
-e "HUGO_PARAMS_APIUMBRELLACONTACTAPIKEY=${{ secrets[matrix.contact_api_key_secret_name] }}" \
-e "HUGO_PARAMS_APIUMBRELLASIGNUPAPIKEY=${{ secrets[matrix.signup_api_key_secret_name] }}" \
--rm \
web \
hugo \
--minify \
--baseURL "${{ secrets[matrix.web_site_root_secret_name] }}"
- uses: actions/upload-artifact@v1
with:
name: build-${{ matrix.deploy_env }}
path: ./public
deploy:
if: success() && github.repository_owner == '18F' && github.ref == 'refs/heads/main'
needs: build
runs-on: ubuntu-latest
container:
image: rclone/rclone:1.62.2
strategy:
matrix:
deploy_env: [production, staging]
include:
- deploy_env: production
bucket_name_secret_name: BUCKET_NAME
- deploy_env: staging
bucket_name_secret_name: STAGING_BUCKET_NAME
- deploy_env: production
aws_access_key_id_secret_name: AWS_ACCESS_KEY_ID
- deploy_env: staging
aws_access_key_id_secret_name: STAGING_AWS_ACCESS_KEY_ID
- deploy_env: production
aws_secret_access_key_secret_name: AWS_SECRET_ACCESS_KEY
- deploy_env: staging
aws_secret_access_key_secret_name: STAGING_AWS_SECRET_ACCESS_KEY
- deploy_env: production
aws_default_region_secret_name: AWS_DEFAULT_REGION
- deploy_env: staging
aws_default_region_secret_name: STAGING_AWS_DEFAULT_REGION
steps:
# Deploy to S3 bucket.
- uses: actions/download-artifact@v1
with:
name: build-${{ matrix.deploy_env }}
path: ./public
- name: Deploy
env:
RCLONE_S3_ACCESS_KEY_ID: ${{ secrets[matrix.aws_access_key_id_secret_name] }}
RCLONE_S3_SECRET_ACCESS_KEY: ${{ secrets[matrix.aws_secret_access_key_secret_name] }}
RCLONE_S3_REGION: ${{ secrets[matrix.aws_default_region_secret_name] }}
S3_DEST: ":s3:${{ secrets[matrix.bucket_name_secret_name] }}/"
run: |
# Identify cache-busted assets by the fingerprint in the filename.
cache_busted_assets="/{images,javascripts,stylesheets}/**.{\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w\w}.*"
# Sync all cache-busted assets with long cache-control expirations.
rclone \
copy \
--verbose \
--checksum \
--no-update-modtime \
--s3-no-check-bucket \
--s3-no-head \
--header-upload "Cache-Control: public, max-age=31536000, immutable" \
--include "$cache_busted_assets" \
./public/ \
"$S3_DEST"
# Sync the remaining files, disallowing caching on those.
rclone \
copy \
--verbose \
--checksum \
--no-update-modtime \
--s3-no-check-bucket \
--s3-no-head \
--header-upload "Cache-Control: no-cache, max-age=0, must-revalidate" \
./public/ \
"$S3_DEST"
# Run the sync one more time to delete old files. Keep old asset
# files around, so that if old HTML pages continue to load for a few
# minutes, they can still load older assets.
rclone \
sync \
--verbose \
--checksum \
--no-update-modtime \
--s3-no-check-bucket \
--s3-no-head \
--exclude "$cache_busted_assets" \
./public/ \
"$S3_DEST"