[Snyk] Security upgrade next from 10.0.7 to 14.2.7 #1707
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| name: Generate Pull Request Stats | |
| env: | |
| NAPI_CLI_VERSION: 2.7.0 | |
| TURBO_VERSION: 1.3.2-canary.1 | |
| RUST_TOOLCHAIN: nightly-2022-09-23 | |
| PNPM_VERSION: 7.3.0 | |
| jobs: | |
| build-native-dev: | |
| name: Build dev binary for tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| # https://github.com/actions/virtual-environments/issues/1187 | |
| - name: tune linux network | |
| run: sudo ethtool -K eth0 tx off rx off | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 25 | |
| - name: Check non-docs only change | |
| run: echo "::set-output name=DOCS_CHANGE::$(node scripts/run-for-change.js --not --type docs --exec echo 'nope')" | |
| id: docs-change | |
| - name: Setup node | |
| uses: actions/setup-node@v3 | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| with: | |
| node-version: 16 | |
| check-latest: true | |
| - name: Install | |
| uses: actions-rs/toolchain@v1 | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| with: | |
| profile: minimal | |
| toolchain: nightly-2022-09-23 | |
| - name: Cache cargo registry | |
| uses: actions/cache@v1 | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| with: | |
| path: ~/.cargo/registry | |
| key: stable-ubuntu-latest-node@14-cargo-registry-trimmed-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Cache cargo index | |
| uses: actions/cache@v1 | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| with: | |
| path: ~/.cargo/git | |
| key: stable-ubuntu-latest-node@14-cargo-index-trimmed-${{ hashFiles('**/Cargo.lock') }} | |
| # We use week in the turbo cache key to keep the cache from infinitely growing | |
| - id: get-week | |
| run: echo ::set-output name=WEEK::$(date +%U) | |
| - name: Turbo Cache | |
| id: turbo-cache | |
| uses: actions/cache@v3 | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| with: | |
| path: .turbo | |
| key: turbo-${{ github.job }}-${{ github.ref_name }}-${{ steps.get-week.outputs.WEEK }}-${{ github.sha }} | |
| restore-keys: | | |
| turbo-${{ github.job }}-${{ github.ref_name }}-${{ steps.get-week.outputs.WEEK }}- | |
| turbo-${{ github.job }}-canary-${{ steps.get-week.outputs.WEEK }}- | |
| # We use restore-key to pick latest cache. | |
| # We will not get exact match, but doc says | |
| # "If there are multiple partial matches for a restore key, the action returns the most recently created cache." | |
| # So we get latest cache | |
| - name: Cache built files | |
| uses: actions/cache@v3 | |
| with: | |
| path: ./packages/next-target | |
| key: next-swc-cargo-cache-ubuntu-latest--${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| next-swc-cargo-cache-ubuntu-latest | |
| # since the repo's dependencies aren't installed we need | |
| # to install napi globally | |
| - run: npm i -g @napi-rs/cli@2.7.0 | |
| - run: npm i -g turbo@${TURBO_VERSION} pnpm@${PNPM_VERSION} | |
| - name: Build | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| run: turbo run build-native --cache-dir=".turbo" | |
| env: | |
| MACOSX_DEPLOYMENT_TARGET: '10.13' | |
| TURBO_TOKEN: ${{secrets.TURBO_TOKEN}} | |
| TURBO_TEAM: nextjs | |
| TURBO_PROJECT: nextjs | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: next-swc-dev-binary | |
| path: packages/next-swc/native/next-swc.linux-x64-gnu.node | |
| - name: Clear the cargo caches | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| run: | | |
| cargo install cargo-cache --no-default-features --features ci-autoclean | |
| cargo-cache | |
| stats: | |
| name: PR Stats | |
| needs: build-native-dev | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 25 | |
| - name: Check non-docs only change | |
| run: echo "::set-output name=DOCS_CHANGE::$(node scripts/run-for-change.js --not --type docs --exec echo 'nope')" | |
| id: docs-change | |
| - uses: actions/download-artifact@v3 | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| with: | |
| name: next-swc-dev-binary | |
| path: packages/next-swc/native | |
| - run: cp -r packages/next-swc/native .github/actions/next-stats-action/native | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} | |
| - uses: ./.github/actions/next-stats-action | |
| if: ${{ steps.docs-change.outputs.DOCS_CHANGE == 'nope' }} |