Skip to content

[Snyk] Security upgrade react-scripts from 3.4.4 to 5.0.0 #2707

[Snyk] Security upgrade react-scripts from 3.4.4 to 5.0.0

[Snyk] Security upgrade react-scripts from 3.4.4 to 5.0.0 #2707

Workflow file for this run

name: build-pipeline
on:
pull_request:
branches:
- master
- v*
env:
DOCKER_BUILDKIT: 1 # Enable Docker_buildkit in all build jobs
jobs:
changes:
runs-on: ubuntu-latest
# Set job outputs to values from filter step
outputs:
frontend: ${{ steps.filter.outputs.frontend }}
graphql-server: ${{ steps.filter.outputs.graphql-server }}
authentication: ${{ steps.filter.outputs.authentication }}
subscriber: ${{ steps.filter.outputs.subscriber }}
event-tracker: ${{ steps.filter.outputs.event-tracker }}
# upgrade-agent-cp: ${{ steps.filter.outputs.upgrade-agent-cp }}
# dex-server: ${{ steps.filter.outputs.dex-server }}
steps:
# For pull requests it's not necessary to checkout the code
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
frontend:
- 'chaoscenter/web/**'
graphql-server:
- 'chaoscenter/graphql/server/**'
authentication:
- 'chaoscenter/authentication/**'
subscriber:
- 'chaoscenter/subscriber/**'
event-tracker:
- 'chaoscenter/event-tracker/**'
# upgrade-agent-cp:
# - 'chaoscenter/upgrade-agents/control-plane/**'
# dex-server:
# - 'chaoscenter/dex-server/**'
backend-checks:
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.graphql-server == 'true' || needs.changes.outputs.authentication == 'true' || needs.changes.outputs.subscriber == 'true' || needs.changes.outputs.event-tracker == 'true'
steps:
- name: Checkout repository
uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.20" # By default, the go version is v1.15 in runner.
- name: Check Golang imports order
uses: Jerome1337/[email protected]
with:
goimports-path: ./chaoscenter
- name: Backend checks
shell: bash
run: |
cd chaoscenter
make backend-services-checks
frontend-checks:
runs-on: ubuntu-latest
needs: changes
if: ${{ needs.changes.outputs.frontend == 'true' }}
steps:
- name: Checkout repository
uses: actions/checkout@v2
- uses: actions/setup-node@v3
with:
node-version: 16
- name: Frontend checks
shell: bash
run: |
cd chaoscenter
make frontend-services-checks
# backend-unit-tests:
# runs-on: ubuntu-latest
# needs:
# - changes
# - backend-checks
# steps:
# - name: Checkout repository
# uses: actions/checkout@v2
# - uses: actions/setup-go@v2
# with:
# go-version: "1.20" # By default, the go version is v1.15 in runner.
# - name: Backend unit tests
# shell: bash
# run: |
# cd chaoscenter
# make unit-tests
docker-build-graphql-server:
runs-on: ubuntu-latest
needs:
- backend-checks
- changes
# - backend-unit-tests
if: ${{ needs.changes.outputs.graphql-server == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build graphql server docker image
shell: bash
run: |
cd chaoscenter/graphql/server
docker build . -f Dockerfile -t docker.io/litmuschaos/litmusportal-server:${{ github.sha }} --build-arg TARGETARCH=amd64
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/litmuschaos/litmusportal-server:${{ github.sha }}'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
docker-build-authentication-server:
runs-on: ubuntu-latest
needs:
- backend-checks
- changes
# - backend-unit-tests
if: ${{ needs.changes.outputs.authentication == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build auth server docker image
shell: bash
run: |
cd chaoscenter/authentication
docker build . -f Dockerfile -t docker.io/litmuschaos/litmusportal-auth-server:${{ github.sha }} --build-arg TARGETARCH=amd64
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/litmuschaos/litmusportal-auth-server:${{ github.sha }}'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
docker-build-subscriber:
runs-on: ubuntu-latest
needs:
- backend-checks
- changes
# - backend-unit-tests
if: ${{ needs.changes.outputs.subscriber == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build subscriber docker image
shell: bash
run: |
cd chaoscenter/subscriber
docker build . -f Dockerfile -t docker.io/litmuschaos/litmusportal-subscriber:${{ github.sha }} --build-arg TARGETARCH=amd64
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/litmuschaos/litmusportal-subscriber:${{ github.sha }}'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
docker-build-frontend:
runs-on: ubuntu-latest
needs:
- frontend-checks
- changes
if: ${{ needs.changes.outputs.frontend == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: yarn build check
run: |
cd chaoscenter/web && yarn && yarn build
- name: web docker build check
shell: bash
run: |
cd chaoscenter/web
docker build . -f Dockerfile --build-arg TARGETARCH=amd64 -t docker.io/litmuschaos/litmusportal-frontend:${{ github.sha }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/litmuschaos/litmusportal-frontend:${{ github.sha }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
docker-build-event-tracker:
runs-on: ubuntu-latest
needs:
- backend-checks
- changes
# - backend-unit-tests
if: ${{ needs.changes.outputs.event-tracker == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build event tracker docker image
shell: bash
run: |
cd chaoscenter/event-tracker
docker build . -f Dockerfile -t docker.io/litmuschaos/litmusportal-event-tracker:${{ github.sha }} --build-arg TARGETARCH=amd64
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/litmuschaos/litmusportal-event-tracker:${{ github.sha }}'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
# docker-build-upgrade-agent-cp:
# runs-on: ubuntu-latest
# needs:
# - backend-checks
# - changes
# - backend-unit-tests
# if: ${{ needs.changes.outputs.upgrade-agent-cp == 'true' }}
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
# - name: Build control plane upgrade agent docker image
# shell: bash
# run: |
# cd chaoscenter/upgrade-agents/control-plane
# docker build . -f Dockerfile -t docker.io/litmuschaos/upgrade-agent-cp:${{ github.sha }} --build-arg TARGETARCH=amd64
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: 'docker.io/litmuschaos/upgrade-agent-cp:${{ github.sha }}'
# format: 'table'
# exit-code: '1'
# ignore-unfixed: true
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'
# docker-build-dex-server:
# runs-on: ubuntu-latest
# needs:
# - backend-checks
# - changes
# - backend-unit-tests
# if: needs.changes.outputs.dex-server == 'true'
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
# - name: Build dex-server docker image
# shell: bash
# run: |
# cd chaoscenter/dex-server
# docker images && docker build . -f Dockerfile --build-arg TARGETARCH=amd64