mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-21 05:31:06 -05:00
chore: move npm audit to a dedicate task (#6297)
Some checks failed
Publish Images / Build and Test (push) Has been cancelled
Build and Test / Set build metadata (push) Has been cancelled
Build and Test / Build test suite matrix (push) Has been cancelled
Build and Test / preview-release-notes (push) Has been cancelled
Lint commit / commitlint (push) Has been cancelled
Publish Images / Release (push) Has been cancelled
Build and Test / Build and Test (push) Has been cancelled
Build and Test / Test the Super-linter GitHub Action (push) Has been cancelled
Build and Test / Run test cases (push) Has been cancelled
Build and Test / Check if all the tests passed (push) Has been cancelled
Some checks failed
Publish Images / Build and Test (push) Has been cancelled
Build and Test / Set build metadata (push) Has been cancelled
Build and Test / Build test suite matrix (push) Has been cancelled
Build and Test / preview-release-notes (push) Has been cancelled
Lint commit / commitlint (push) Has been cancelled
Publish Images / Release (push) Has been cancelled
Build and Test / Build and Test (push) Has been cancelled
Build and Test / Test the Super-linter GitHub Action (push) Has been cancelled
Build and Test / Run test cases (push) Has been cancelled
Build and Test / Check if all the tests passed (push) Has been cancelled
Move 'npm audit' execution to a dedicated target (and corresponding step) so that we can modularize it, and avoid that it blocks that whole test suite.
This commit is contained in:
parent
e1cb86b6e8
commit
b2d0953bfc
3 changed files with 19 additions and 2 deletions
7
.github/workflows/ci.yml
vendored
7
.github/workflows/ci.yml
vendored
|
@ -252,7 +252,14 @@ jobs:
|
||||||
- set-build-metadata
|
- set-build-metadata
|
||||||
- build-container-image
|
- build-container-image
|
||||||
- build-test-suite-matrix
|
- build-test-suite-matrix
|
||||||
|
# Don't fail the entire test suite when:
|
||||||
|
# - Running npm audit, so we can see test results even if there are
|
||||||
|
# vulnerable dependencies that might be unrelated to the PR
|
||||||
|
# - Running the 'test' target because it runs all the tests, including the
|
||||||
|
# ones that are allowed to fail
|
||||||
|
continue-on-error: ${{ matrix.test-case == 'npm-audit' || matrix.test-case == 'test' }}
|
||||||
strategy:
|
strategy:
|
||||||
|
fail-fast: true
|
||||||
matrix:
|
matrix:
|
||||||
test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }}
|
test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }}
|
||||||
images:
|
images:
|
||||||
|
|
|
@ -85,7 +85,6 @@ RUN apk add --no-cache \
|
||||||
COPY dependencies/package.json dependencies/package-lock.json /
|
COPY dependencies/package.json dependencies/package-lock.json /
|
||||||
RUN apk add --no-cache --virtual .node-build-deps \
|
RUN apk add --no-cache --virtual .node-build-deps \
|
||||||
npm \
|
npm \
|
||||||
&& npm audit \
|
|
||||||
&& npm install --strict-peer-deps \
|
&& npm install --strict-peer-deps \
|
||||||
&& npm cache clean --force \
|
&& npm cache clean --force \
|
||||||
&& chown -R "$(id -u)":"$(id -g)" node_modules \
|
&& chown -R "$(id -u)":"$(id -g)" node_modules \
|
||||||
|
|
13
Makefile
13
Makefile
|
@ -4,7 +4,7 @@
|
||||||
all: info docker test ## Run all targets.
|
all: info docker test ## Run all targets.
|
||||||
|
|
||||||
.PHONY: test
|
.PHONY: test
|
||||||
test: info validate-container-image-labels docker-build-check docker-dev-container-build-check test-lib inspec lint-codebase fix-codebase test-default-config-files test-actions-runner-debug test-actions-steps-debug test-runner-debug test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-non-default-home-directory test-git-initial-commit test-git-merge-commit-push test-log-level test-use-find-and-ignore-gitignored-files test-linters-expect-failure-log-level-notice test-bash-exec-library-expect-success test-bash-exec-library-expect-failure test-save-super-linter-output test-save-super-linter-output-custom-path test-save-super-linter-custom-summary test-custom-gitleaks-log-level test-dont-save-super-linter-log-file test-dont-save-super-linter-output test-linters test-linters-fix-mode ## Run the test suite
|
test: info validate-container-image-labels docker-build-check docker-dev-container-build-check npm-audit test-lib inspec lint-codebase fix-codebase test-default-config-files test-actions-runner-debug test-actions-steps-debug test-runner-debug test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-non-default-home-directory test-git-initial-commit test-git-merge-commit-push test-log-level test-use-find-and-ignore-gitignored-files test-linters-expect-failure-log-level-notice test-bash-exec-library-expect-success test-bash-exec-library-expect-failure test-save-super-linter-output test-save-super-linter-output-custom-path test-save-super-linter-custom-summary test-custom-gitleaks-log-level test-dont-save-super-linter-log-file test-dont-save-super-linter-output test-linters test-linters-fix-mode ## Run the test suite
|
||||||
|
|
||||||
# if this session isn't interactive, then we don't want to allocate a
|
# if this session isn't interactive, then we don't want to allocate a
|
||||||
# TTY, which would fail, but if it is interactive, we do want to attach
|
# TTY, which would fail, but if it is interactive, we do want to attach
|
||||||
|
@ -165,6 +165,17 @@ validate-container-image-labels: ## Validate container image labels
|
||||||
$(BUILD_REVISION) \
|
$(BUILD_REVISION) \
|
||||||
$(BUILD_VERSION)
|
$(BUILD_VERSION)
|
||||||
|
|
||||||
|
.PHONY: npm-audit
|
||||||
|
npm-audit: ## Run npm audit to check for known vulnerable dependencies
|
||||||
|
docker run $(DOCKER_FLAGS) \
|
||||||
|
--entrypoint /bin/bash \
|
||||||
|
--rm \
|
||||||
|
-v "$(CURDIR)/dependencies/package-lock.json":/package-lock.json \
|
||||||
|
-v "$(CURDIR)/dependencies/package.json":/package.json \
|
||||||
|
--workdir / \
|
||||||
|
$(SUPER_LINTER_TEST_CONTAINER_URL) \
|
||||||
|
-c "npm audit"
|
||||||
|
|
||||||
# For some cases, mount a directory that doesn't have too many files to keep tests short
|
# For some cases, mount a directory that doesn't have too many files to keep tests short
|
||||||
|
|
||||||
.PHONY: test-actions-runner-debug
|
.PHONY: test-actions-runner-debug
|
||||||
|
|
Loading…
Reference in a new issue