feat: add github action to check exact package versions

leather-io · Jun 4, 2020 · 7320f55 · 7320f55
1 parent 5f1b6c8
commit 7320f55
Show file tree

Hide file tree

Showing 6 changed files with 529 additions and 325 deletions.
diff --git a/.github/actions/check-version-lock/action.yml b/.github/actions/check-version-lock/action.yml
@@ -0,0 +1,5 @@
+name: 'Check package version lock'
+description: Checks all versions are installed with exact version
+runs:
+  using: 'node12'
+  main: 'check-version-lock.js'
diff --git a/.github/actions/check-version-lock/check-version-lock.js b/.github/actions/check-version-lock/check-version-lock.js
@@ -0,0 +1,30 @@
+const core = require('@actions/core');
+const appPackage = require('../../../package.json');
+
+const illegalVersionSymbol = ['~', '^', '>', '<'];
+
+function containsIllegalChar(input) {
+  return illegalVersionSymbol.some(symbol => input.includes(symbol));
+}
+
+(async () => {
+  try {
+    const dependencies = appPackage.dependencies;
+    const devDependencies = appPackage.devDependencies;
+
+    const allPackages = [...Object.entries(dependencies), ...Object.entries(devDependencies)];
+
+    const illegalPackages = allPackages
+      .filter(([package, version]) => containsIllegalChar(version))
+      .map(([package, version]) => ({ package, version }));
+
+    if (illegalPackages.length > 0) {
+      core.setFailed(`
+        There are packages with non-exact versions defined. This presents a security risk.
+        ${JSON.stringify(illegalPackages, null, 2)}
+      `);
+    }
+  } catch (error) {
+    core.setFailed(error.message);
+  }
+})();
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -1,13 +1,10 @@
 name: Commitlint
-on:
-  push:
-    branches: ['release/stacking']
-  pull_request:
-    branches:
-
+on: [pull_request]
 jobs:
   lint:
     runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v2
         with:

diff --git a/.github/workflows/exact-versions.yml b/.github/workflows/exact-versions.yml
@@ -0,0 +1,25 @@
+name: Exact versions
+on:
+  push:
+    branches: [release/stacking]
+  pull_request:
+    branches: [release/stacking]
+jobs:
+  check-versions:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v1
+
+      - name: Cache node_modules
+        uses: actions/cache@v2
+        with:
+          path: '**/node_modules'
+          key: ${{ hashFiles('**/yarn.lock') }}
+
+      - name: Install dependencies
+        run: yarn install --ignore-scripts --ignore-optional
+
+      - name: Check exact versions
+        uses: ./.github/actions/check-version-lock
diff --git a/package.json b/package.json
@@ -105,123 +105,124 @@
     ]
   },
   "devDependencies": {
-    "@babel/core": "^7.10.2",
-    "@babel/plugin-proposal-class-properties": "^7.10.1",
-    "@babel/plugin-proposal-decorators": "^7.10.1",
-    "@babel/plugin-proposal-do-expressions": "^7.10.1",
-    "@babel/plugin-proposal-export-default-from": "^7.10.1",
-    "@babel/plugin-proposal-export-namespace-from": "^7.10.1",
-    "@babel/plugin-proposal-function-bind": "^7.10.1",
-    "@babel/plugin-proposal-function-sent": "^7.10.1",
-    "@babel/plugin-proposal-json-strings": "^7.10.1",
-    "@babel/plugin-proposal-logical-assignment-operators": "^7.10.1",
-    "@babel/plugin-proposal-nullish-coalescing-operator": "^7.10.1",
-    "@babel/plugin-proposal-numeric-separator": "^7.10.1",
-    "@babel/plugin-proposal-optional-chaining": "^7.10.1",
-    "@babel/plugin-proposal-pipeline-operator": "^7.10.1",
-    "@babel/plugin-proposal-throw-expressions": "^7.10.1",
-    "@babel/plugin-syntax-dynamic-import": "^7.8.3",
-    "@babel/plugin-syntax-import-meta": "^7.10.1",
-    "@babel/plugin-transform-react-constant-elements": "^7.10.1",
-    "@babel/plugin-transform-react-inline-elements": "^7.10.1",
-    "@babel/preset-env": "^7.10.2",
-    "@babel/preset-react": "^7.10.1",
-    "@babel/preset-typescript": "^7.10.1",
-    "@babel/register": "^7.10.1",
-    "@blockstack/eslint-config": "^1.0.5",
-    "@blockstack/prettier-config": "^0.0.6",
-    "@commitlint/config-conventional": "^8.3.4",
-    "@types/css-font-loading-module": "^0.0.4",
-    "@types/enzyme": "^3.10.5",
-    "@types/enzyme-adapter-react-16": "^1.0.6",
-    "@types/history": "^4.7.5",
-    "@types/jest": "^25.2.3",
-    "@types/node": "^14.0.9",
-    "@types/react": "^16.9.17",
-    "@types/react-dom": "^16.9.7",
-    "@types/react-redux": "^7.1.9",
-    "@types/react-router": "^5.1.7",
-    "@types/react-router-dom": "^5.1.5",
-    "@types/react-test-renderer": "^16.9.2",
-    "@types/redux-logger": "^3.0.8",
-    "@types/source-map-support": "^0.5.1",
-    "@types/tapable": "^1.0.5",
-    "@types/terser-webpack-plugin": "^3.0.0",
-    "@types/vfile-message": "^2.0.0",
-    "@types/webpack": "^4.41.17",
-    "@typescript-eslint/eslint-plugin": "^3.1.0",
-    "@typescript-eslint/parser": "^3.1.0",
+    "@actions/core": "1.2.4",
+    "@babel/core": "7.10.2",
+    "@babel/plugin-proposal-class-properties": "7.10.1",
+    "@babel/plugin-proposal-decorators": "7.10.1",
+    "@babel/plugin-proposal-do-expressions": "7.10.1",
+    "@babel/plugin-proposal-export-default-from": "7.10.1",
+    "@babel/plugin-proposal-export-namespace-from": "7.10.1",
+    "@babel/plugin-proposal-function-bind": "7.10.1",
+    "@babel/plugin-proposal-function-sent": "7.10.1",
+    "@babel/plugin-proposal-json-strings": "7.10.1",
+    "@babel/plugin-proposal-logical-assignment-operators": "7.10.1",
+    "@babel/plugin-proposal-nullish-coalescing-operator": "7.10.1",
+    "@babel/plugin-proposal-numeric-separator": "7.10.1",
+    "@babel/plugin-proposal-optional-chaining": "7.10.1",
+    "@babel/plugin-proposal-pipeline-operator": "7.10.1",
+    "@babel/plugin-proposal-throw-expressions": "7.10.1",
+    "@babel/plugin-syntax-dynamic-import": "7.8.3",
+    "@babel/plugin-syntax-import-meta": "7.10.1",
+    "@babel/plugin-transform-react-constant-elements": "7.10.1",
+    "@babel/plugin-transform-react-inline-elements": "7.10.1",
+    "@babel/preset-env": "7.10.2",
+    "@babel/preset-react": "7.10.1",
+    "@babel/preset-typescript": "7.10.1",
+    "@babel/register": "7.10.1",
+    "@blockstack/eslint-config": "1.0.5",
+    "@blockstack/prettier-config": "0.0.6",
+    "@commitlint/config-conventional": "8.3.4",
+    "@types/css-font-loading-module": "0.0.4",
+    "@types/enzyme": "3.10.5",
+    "@types/enzyme-adapter-react-16": "1.0.6",
+    "@types/history": "4.7.5",
+    "@types/jest": "25.2.3",
+    "@types/node": "14.0.9",
+    "@types/react": "16.9.17",
+    "@types/react-dom": "16.9.7",
+    "@types/react-redux": "7.1.9",
+    "@types/react-router": "5.1.7",
+    "@types/react-router-dom": "5.1.5",
+    "@types/react-test-renderer": "16.9.2",
+    "@types/redux-logger": "3.0.8",
+    "@types/source-map-support": "0.5.1",
+    "@types/tapable": "1.0.5",
+    "@types/terser-webpack-plugin": "3.0.0",
+    "@types/vfile-message": "2.0.0",
+    "@types/webpack": "4.41.17",
+    "@typescript-eslint/eslint-plugin": "3.1.0",
+    "@typescript-eslint/parser": "3.1.0",
     "babel-core": "7.0.0-bridge.0",
-    "babel-eslint": "^10.1.0",
-    "babel-jest": "^26.0.1",
-    "babel-loader": "^8.1.0",
-    "babel-plugin-dev-expression": "^0.2.2",
-    "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
-    "browserslist-config-erb": "^0.0.1",
-    "chalk": "^4.0.0",
-    "concurrently": "^5.2.0",
-    "cross-env": "^7.0.0",
-    "cross-spawn": "^7.0.3",
-    "css-loader": "^3.5.3",
-    "detect-port": "^1.3.0",
+    "babel-eslint": "10.1.0",
+    "babel-jest": "26.0.1",
+    "babel-loader": "8.1.0",
+    "babel-plugin-dev-expression": "0.2.2",
+    "babel-plugin-transform-react-remove-prop-types": "0.4.24",
+    "browserslist-config-erb": "0.0.1",
+    "chalk": "4.0.0",
+    "concurrently": "5.2.0",
+    "cross-env": "7.0.0",
+    "cross-spawn": "7.0.3",
+    "css-loader": "3.5.3",
+    "detect-port": "1.3.0",
     "electron": "9.0.1",
     "electron-builder": "22.7.0",
-    "electron-devtools-installer": "^3.0.0",
-    "electron-rebuild": "^1.11.0",
-    "enzyme": "^3.11.0",
-    "enzyme-adapter-react-16": "^1.15.2",
-    "enzyme-to-json": "^3.5.0",
-    "eslint-plugin-react-hooks": "^4.0.4",
-    "fbjs-scripts": "^1.2.0",
-    "file-loader": "^6.0.0",
-    "husky": "^4.2.0",
-    "identity-obj-proxy": "^3.0.0",
-    "jest": "^26.0.1",
-    "lint-staged": "^10.2.7",
-    "mini-css-extract-plugin": "^0.9.0",
-    "node-sass": "^4.13.1",
-    "optimize-css-assets-webpack-plugin": "^5.0.3",
-    "prettier": "^2.0.5",
-    "react-test-renderer": "^16.12.0",
-    "redux-logger": "^3.0.6",
-    "rimraf": "^3.0.0",
-    "sass-loader": "^8.0.2",
-    "sinon": "^9.0.2",
-    "style-loader": "^1.1.3",
-    "terser-webpack-plugin": "^3.0.2",
-    "typed-css-modules-webpack-plugin": "^0.1.2",
-    "typescript": "^3.9.3",
-    "url-loader": "^4.1.0",
-    "webpack": "^4.43.0",
-    "webpack-bundle-analyzer": "^3.8.0",
-    "webpack-cli": "^3.3.11",
-    "webpack-dev-server": "^3.11.0",
-    "webpack-merge": "^4.2.2",
-    "yarn": "^1.21.1"
+    "electron-devtools-installer": "3.0.0",
+    "electron-rebuild": "1.11.0",
+    "enzyme": "3.11.0",
+    "enzyme-adapter-react-16": "1.15.2",
+    "enzyme-to-json": "3.5.0",
+    "eslint-plugin-react-hooks": "4.0.4",
+    "fbjs-scripts": "1.2.0",
+    "file-loader": "6.0.0",
+    "husky": "4.2.0",
+    "identity-obj-proxy": "3.0.0",
+    "jest": "26.0.1",
+    "lint-staged": "10.2.7",
+    "mini-css-extract-plugin": "0.9.0",
+    "node-sass": "4.13.1",
+    "optimize-css-assets-webpack-plugin": "5.0.3",
+    "prettier": "2.0.5",
+    "react-test-renderer": "16.12.0",
+    "redux-logger": "3.0.6",
+    "rimraf": "3.0.0",
+    "sass-loader": "8.0.2",
+    "sinon": "9.0.2",
+    "style-loader": "1.1.3",
+    "terser-webpack-plugin": "3.0.2",
+    "typed-css-modules-webpack-plugin": "0.1.2",
+    "typescript": "3.9.3",
+    "url-loader": "4.1.0",
+    "webpack": "4.43.0",
+    "webpack-bundle-analyzer": "3.8.0",
+    "webpack-cli": "3.3.11",
+    "webpack-dev-server": "3.11.0",
+    "webpack-merge": "4.2.2",
+    "yarn": "1.21.1"
   },
   "dependencies": {
-    "@blockstack/ui": "^1.6.1",
-    "@hot-loader/react-dom": "^16.13.0",
-    "connected-react-router": "^6.8.0",
-    "core-js": "^3.6.5",
-    "devtron": "^1.4.0",
-    "electron-debug": "^3.1.0",
+    "@blockstack/ui": "1.6.1",
+    "@hot-loader/react-dom": "16.13.0",
+    "connected-react-router": "6.8.0",
+    "core-js": "3.6.5",
+    "devtron": "1.4.0",
+    "electron-debug": "3.1.0",
     "electron-log": "4.2.0",
-    "electron-updater": "^4.3.1",
-    "eslint": "^7.1.0",
-    "eslint-plugin-import-helpers": "^1.0.2",
-    "history": "^4.10.1",
-    "minimist": "^1.2.5",
-    "react": "^16.12.0",
-    "react-dom": "^16.12.0",
-    "react-hot-loader": "^4.12.19",
-    "react-redux": "^7.1.3",
-    "react-router": "^5.1.2",
-    "react-router-dom": "^5.1.2",
-    "redux": "^4.0.5",
-    "redux-thunk": "^2.3.0",
-    "source-map-support": "^0.5.16",
-    "styled-components": "^5.1.1"
+    "electron-updater": "4.3.1",
+    "eslint": "7.1.0",
+    "eslint-plugin-import-helpers": "1.0.2",
+    "history": "4.10.1",
+    "minimist": "1.2.5",
+    "react": "16.12.0",
+    "react-dom": "16.12.0",
+    "react-hot-loader": "4.12.19",
+    "react-redux": "7.1.3",
+    "react-router": "5.1.2",
+    "react-router-dom": "5.1.2",
+    "redux": "4.0.5",
+    "redux-thunk": "2.3.0",
+    "source-map-support": "0.5.16",
+    "styled-components": "5.1.1"
   },
   "devEngines": {
     "node": ">=7.x",