mirror of
https://github.com/ToolJet/ToolJet
synced 2026-05-22 16:38:21 +00:00
b55490493d
* [white-labelling] Logo related pending issues (#12243) * Working on refactoring and fixing white-labelling for modularisation * Working on fixes * Fixed: app builder logo issue * Refactored default state behaviour * Removed console logs * Added workspace slug * Adding single image changes from ee lts (#12272) (#12285) Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> * Moving Vulnerability CI from EE (#12288) * CE modularisation bugs (#12278) * Working on refactoring and fixing white-labelling for modularisation * Working on fixes * Fixed: app builder logo issue * Refactored default state behaviour * Removed console logs * Added workspace slug * Fixed: Able to update group name with space * Adding single image changes from ee lts (#12272) * Fixed: Able to add a user 2 times to the group * Fixed: Builder isn't able to datasiurces * Fixed: updated the builder check * Refactored the changes --------- Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> * Add data-cy for components in modularisation branch (#12296) * [modularisation-bugs] Fixing rest of the priority bugs (#12301) * Fixed: custom logout url issue * Fixed: fixed all workspace redirection issue * Fixed: made the datsource access same for ce and ee-basicplan builders * Fixed: sample db connection issue * Fixed: sample database query issue * Fixed: page isn't showing the organization list for user whose current organization is archived * Fixed: granular permission datasource page * remove license check for oidc login --------- Co-authored-by: Muhsin Shah C P <muhsinshah21@gmail.com> Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> Co-authored-by: Ajith KV <ajith.jaban@gmail.com> Co-authored-by: Anantshree Chandola <anantshreechandola23@gmail.com>
651 lines
No EOL
24 KiB
YAML
651 lines
No EOL
24 KiB
YAML
name: Vulnerability CI
|
|
|
|
# Controls when the workflow will run
|
|
on:
|
|
pull_request:
|
|
types: [labeled, unlabeled, closed]
|
|
|
|
# Allows you to run this workflow manually from the Actions tab
|
|
workflow_dispatch:
|
|
|
|
# Schedule the workflow to run every two weeks once
|
|
|
|
schedule:
|
|
- cron: '30 5 */14 * *'
|
|
|
|
jobs:
|
|
PeriodicVulnerability-CheckOn-frontend-code:
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: refs/heads/main
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix frontend install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix server audit --json > Periodic-frontend-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-frontend-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Periodic-frontend-audit-report
|
|
path: Periodic-frontend-audit.json
|
|
|
|
- name: Send Slack Notification
|
|
run: |
|
|
message="Periodic Security Audit Report Of Frontend directory\n
|
|
Node module vulnerabilities summary:\n
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
|
|
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
|
|
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
|
|
|
|
|
|
PeriodicVulnerability-CheckOn-server-code:
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: refs/heads/main
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix server install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix server audit --json > Periodic-server-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-server-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Periodic-server-audit-report
|
|
path: Periodic-server-audit.json
|
|
|
|
- name: Send Slack Notification
|
|
run: |
|
|
message="### Periodic Security Audit Report Of Server directory\n
|
|
Node module vulnerabilities summary:\n
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
|
|
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
|
|
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
|
|
|
|
|
|
PeriodicVulnerability-CheckOn-marketplace-code:
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: refs/heads/main
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix marketplace install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix marketplace audit --json > Periodic-marketplace-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-marketplace-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Periodic-marketplace-audit-report
|
|
path: Periodic-marketplace-audit.json
|
|
|
|
- name: Send Slack Notification
|
|
run: |
|
|
message="Periodic Security Audit Report Of Marketplace directory\n
|
|
Node module vulnerabilities summary:\n
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
|
|
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
|
|
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
|
|
|
|
|
|
PeriodicVulnerability-CheckOn-plugins-code:
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: refs/heads/main
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix plugins install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix plugins audit --json > Periodic-plugins-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-plugins-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Periodic-plugins-audit-report
|
|
path: Periodic-plugins-audit.json
|
|
|
|
- name: Send Slack Notification
|
|
run: |
|
|
message="Periodic Security Audit Report Of Plugins directory\n
|
|
Node module vulnerabilities summary:\n
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
|
|
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
|
|
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
|
|
|
|
|
|
PeriodicVulnerability-CheckOn-cypress-code:
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: refs/heads/main
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix cypress-tests install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix cypress-tests audit --json > Periodic-cypress-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-cypress-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Periodic-cypress-audit-report
|
|
path: Periodic-cypress-audit.json
|
|
|
|
- name: Send Slack Notification
|
|
run: |
|
|
message="Periodic Security Audit Report Of Cypress directory\n
|
|
Node module vulnerabilities summary:\n
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
|
|
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
|
|
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
|
|
|
|
|
|
PeriodicVulnerability-CheckOn-root-code:
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: refs/heads/main
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
|
|
- name: Running security audit
|
|
run: npm audit --json > Periodic-root-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-root-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Periodic-root-audit-report
|
|
path: Periodic-root-audit.json
|
|
|
|
- name: Send Slack Notification
|
|
run: |
|
|
message="Periodic Security Audit Report Of Root directory\n
|
|
Node module vulnerabilities summary:\n
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
|
|
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
|
|
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
|
|
|
|
|
|
ManualVulnerability-CheckOn-frontend-code:
|
|
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'frontend-vulnerability' || github.event.label.name == 'check-vulnerability') }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix frontend install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix frontend audit --json > frontend-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' frontend-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: frontend-audit-report
|
|
path: frontend-audit.json
|
|
|
|
- name: Create or update PR comment
|
|
uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: ${{ github.repository }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
### Security Audit Report Of Frontend directory
|
|
**Node module vulnerabilities summary:**
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
|
|
|
|
Please find the JSON file in the [summary page](${{ github.frontend_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
|
|
|
|
|
|
ManualVulnerability-CheckOn-server-code:
|
|
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'server-vulnerability' || github.event.label.name == 'check-vulnerability') }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix server install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix server audit --json > server-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' server-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: server-audit-report
|
|
path: server-audit.json
|
|
|
|
- name: Create or update PR comment
|
|
uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: ${{ github.repository }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
### Security Audit Report Of Server directory
|
|
**Node module vulnerabilities summary:**
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
|
|
|
|
Please find the JSON file in the [summary page](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
|
|
|
|
|
|
ManualVulnerability-CheckOn-marketplace-code:
|
|
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'marketplace-vulnerability' || github.event.label.name == 'check-vulnerability') }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix marketplace install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix marketplace audit --json > marketplace-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' marketplace-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: marketplace-audit-report
|
|
path: marketplace-audit.json
|
|
|
|
- name: Create or update PR comment
|
|
uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: ${{ github.repository }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
### Security Audit Report Of Marketplace directory
|
|
**Node module vulnerabilities summary:**
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
|
|
|
|
Please find the JSON file in the [summary page](${{ github.marketplace_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
|
|
|
|
|
|
ManualVulnerability-CheckOn-plugins-code:
|
|
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'plugins-vulnerability' || github.event.label.name == 'check-vulnerability') }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix plugins install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix plugins audit --json > plugins-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' plugins-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: plugins-audit-report
|
|
path: plugins-audit.json
|
|
|
|
- name: Create or update PR comment
|
|
uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: ${{ github.repository }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
### Security Audit Report Of Plugins directory
|
|
**Node module vulnerabilities summary:**
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
|
|
|
|
Please find the JSON file in the [summary page](${{ github.plugins_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
|
|
|
|
|
|
|
|
ManualVulnerability-CheckOn-cypress-code:
|
|
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'cypress-vulnerability' || github.event.label.name == 'check-vulnerability') }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm --prefix cypress-tests install
|
|
|
|
- name: Running security audit
|
|
run: npm --prefix cypress-tests audit --json > cypress-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' cypress-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: cypress-audit-report
|
|
path: cypress-audit.json
|
|
|
|
- name: Create or update PR comment
|
|
uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: ${{ github.repository }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
### Security Audit Report Of Cypress directory
|
|
**Node module vulnerabilities summary:**
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
|
|
|
|
Please find the JSON file in the [summary page](${{ github.cypress_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
|
|
|
|
|
|
|
|
ManualVulnerability-CheckOn-root-code:
|
|
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'root-vulnerability' || github.event.label.name == 'check-vulnerability') }}
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
|
|
- name: Use Node.js 18.18.2
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 18.18.2
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
|
|
- name: Running security audit
|
|
run: npm audit --json > root-audit.json
|
|
continue-on-error: true
|
|
|
|
- name: Parse audit summary
|
|
id: parse-audit
|
|
run: |
|
|
vulnerabilities=$(jq '.metadata.vulnerabilities' root-audit.json)
|
|
moderate=$(echo $vulnerabilities | jq '.moderate')
|
|
high=$(echo $vulnerabilities | jq '.high')
|
|
critical=$(echo $vulnerabilities | jq '.critical')
|
|
echo "::set-output name=moderate::$moderate"
|
|
echo "::set-output name=high::$high"
|
|
echo "::set-output name=critical::$critical"
|
|
|
|
- name: Upload audit report
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: root-audit-report
|
|
path: root-audit.json
|
|
|
|
- name: Create or update PR comment
|
|
uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
repository: ${{ github.repository }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
### Security Audit Report Of Root directory
|
|
**Node module vulnerabilities summary:**
|
|
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
|
|
🟠 High: ${{ steps.parse-audit.outputs.high }}
|
|
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}
|
|
|
|
Please find the JSON file in the [summary page](${{ github.root_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). |