name: Synpress CI on: push: pull_request: branches: [master, dev] jobs: audit: # run only on master/dev branch and pull requests if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev' || github.event_name == 'pull_request' runs-on: ubuntu-latest container: image: ghcr.io/synthetixio/docker-sec-tools/alpine:16.13 credentials: username: synthetixio password: ${{ secrets.GH_PACKAGES_READ_ONLY }} steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # pin@v2 - name: Audit dependencies run: npm audit --audit-level=critical - name: Lockfile lint run: lockfile-lint -p package-lock.json --type npm --allowed-hosts npm --validate-https --empty-hostname false build: needs: audit # run only on audit success or audit skipped if: always() && (needs.audit.result == 'success' || needs.audit.result == 'skipped') runs-on: ubuntu-latest container: image: ghcr.io/synthetixio/docker-node/alpine:16.13 credentials: username: synthetixio password: ${{ secrets.GH_PACKAGES_READ_ONLY }} steps: - name: Checkout uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # pin@v2 - name: Set npm cache directory run: npm config set cache .npm-cache --global continue-on-error: true - uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed # pin@v2 with: path: | .npm-cache node_modules key: ${{ runner.os }}-node-16-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node-16- continue-on-error: true # fix: permission issues on ghactions+docker+npm@7 - name: Chown workspace run: chown -R $(whoami) . - name: Install dependencies run: npm install --prefer-offline --no-audit - name: Lint # run only on master/dev branch and pull requests if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev' || github.event_name == 'pull_request' run: npm run lint:sarif - name: Upload lint results # run if lint failed and only on master/dev branch and pull requests if: always() && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev' || github.event_name == 'pull_request') uses: github/codeql-action/upload-sarif@1a927e9307bc11970b2c679922ebc4d03a5bd980 # pin@codeql-bundle-20210517 with: sarif_file: lint-results.sarif continue-on-error: true # e2e: # needs: build # # run only on master/dev branch # if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev' || github.event_name == 'pull_request' # runs-on: ubuntu-latest # container: # image: ghcr.io/synthetixio/docker-e2e/ubuntu:16.13 # credentials: # username: synthetixio # password: ${{ secrets.GH_PACKAGES_READ_ONLY }} # steps: # - name: Checkout # uses: actions/checkout@1e204e9a9253d643386038d443f96446fa156a97 # pin@v2 # - name: Set npm cache directory # run: npm config set cache .npm-cache --global # continue-on-error: true # - name: Cache node modules # uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed # pin@v2 # with: # path: | # .npm-cache # node_modules # key: ${{ runner.os }}-ubuntu-e2e-16-${{ hashFiles('**/package-lock.json') }} # restore-keys: | # ${{ runner.os }}-ubuntu-e2e-16- # continue-on-error: true # # fix: permission issues on ghactions+docker+npm@7 # - name: Chown workspace # run: chown -R $(whoami) . # - name: Install dependencies # run: npm install --prefer-offline --no-audit # env: # CYPRESS_CACHE_FOLDER: ${{ github.workspace }}/node_modules/.cache/Cypress # - name: Run e2e tests # run: npm run test:e2e:ci # env: # SKIP_METAMASK_SETUP: ${{ secrets.SKIP_METAMASK_SETUP }} # CYPRESS_PRIVATE_KEY_WITH_FUNDS: ${{ secrets.CYPRESS_PRIVATE_KEY_WITH_FUNDS }} # CYPRESS_PROJECT_ID: ${{ secrets.CYPRESS_PROJECT_ID }} # CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # CYPRESS_CACHE_FOLDER: ${{ github.workspace }}/node_modules/.cache/Cypress # - name: Archive e2e artifacts # uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074 # pin@v2 # if: always() # with: # name: e2e-artifacts # path: | # tests/e2e/videos # tests/e2e/screenshots # continue-on-error: true