mirror of
https://github.com/super-linter/super-linter.git
synced 2024-12-21 23:02:09 -05:00
chore: move npm audit to a dedicate task (#6297)
Move 'npm audit' execution to a dedicated target (and corresponding step) so that we can modularize it, and avoid that it blocks that whole test suite.
This commit is contained in:
parent
e1cb86b6e8
commit
b2d0953bfc
3 changed files with 19 additions and 2 deletions
7
.github/workflows/ci.yml
vendored
7
.github/workflows/ci.yml
vendored
|
@ -252,7 +252,14 @@ jobs:
|
|||
- set-build-metadata
|
||||
- build-container-image
|
||||
- build-test-suite-matrix
|
||||
# Don't fail the entire test suite when:
|
||||
# - Running npm audit, so we can see test results even if there are
|
||||
# vulnerable dependencies that might be unrelated to the PR
|
||||
# - Running the 'test' target because it runs all the tests, including the
|
||||
# ones that are allowed to fail
|
||||
continue-on-error: ${{ matrix.test-case == 'npm-audit' || matrix.test-case == 'test' }}
|
||||
strategy:
|
||||
fail-fast: true
|
||||
matrix:
|
||||
test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }}
|
||||
images:
|
||||
|
|
|
@ -85,7 +85,6 @@ RUN apk add --no-cache \
|
|||
COPY dependencies/package.json dependencies/package-lock.json /
|
||||
RUN apk add --no-cache --virtual .node-build-deps \
|
||||
npm \
|
||||
&& npm audit \
|
||||
&& npm install --strict-peer-deps \
|
||||
&& npm cache clean --force \
|
||||
&& chown -R "$(id -u)":"$(id -g)" node_modules \
|
||||
|
|
13
Makefile
13
Makefile
|
@ -4,7 +4,7 @@
|
|||
all: info docker test ## Run all targets.
|
||||
|
||||
.PHONY: test
|
||||
test: info validate-container-image-labels docker-build-check docker-dev-container-build-check test-lib inspec lint-codebase fix-codebase test-default-config-files test-actions-runner-debug test-actions-steps-debug test-runner-debug test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-non-default-home-directory test-git-initial-commit test-git-merge-commit-push test-log-level test-use-find-and-ignore-gitignored-files test-linters-expect-failure-log-level-notice test-bash-exec-library-expect-success test-bash-exec-library-expect-failure test-save-super-linter-output test-save-super-linter-output-custom-path test-save-super-linter-custom-summary test-custom-gitleaks-log-level test-dont-save-super-linter-log-file test-dont-save-super-linter-output test-linters test-linters-fix-mode ## Run the test suite
|
||||
test: info validate-container-image-labels docker-build-check docker-dev-container-build-check npm-audit test-lib inspec lint-codebase fix-codebase test-default-config-files test-actions-runner-debug test-actions-steps-debug test-runner-debug test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-non-default-home-directory test-git-initial-commit test-git-merge-commit-push test-log-level test-use-find-and-ignore-gitignored-files test-linters-expect-failure-log-level-notice test-bash-exec-library-expect-success test-bash-exec-library-expect-failure test-save-super-linter-output test-save-super-linter-output-custom-path test-save-super-linter-custom-summary test-custom-gitleaks-log-level test-dont-save-super-linter-log-file test-dont-save-super-linter-output test-linters test-linters-fix-mode ## Run the test suite
|
||||
|
||||
# if this session isn't interactive, then we don't want to allocate a
|
||||
# TTY, which would fail, but if it is interactive, we do want to attach
|
||||
|
@ -165,6 +165,17 @@ validate-container-image-labels: ## Validate container image labels
|
|||
$(BUILD_REVISION) \
|
||||
$(BUILD_VERSION)
|
||||
|
||||
.PHONY: npm-audit
|
||||
npm-audit: ## Run npm audit to check for known vulnerable dependencies
|
||||
docker run $(DOCKER_FLAGS) \
|
||||
--entrypoint /bin/bash \
|
||||
--rm \
|
||||
-v "$(CURDIR)/dependencies/package-lock.json":/package-lock.json \
|
||||
-v "$(CURDIR)/dependencies/package.json":/package.json \
|
||||
--workdir / \
|
||||
$(SUPER_LINTER_TEST_CONTAINER_URL) \
|
||||
-c "npm audit"
|
||||
|
||||
# For some cases, mount a directory that doesn't have too many files to keep tests short
|
||||
|
||||
.PHONY: test-actions-runner-debug
|
||||
|
|
Loading…
Reference in a new issue