fix(deps): fix critical vulnerabilities #7781
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint, Build, Test and Doc | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - alpha | |
| - "alpha-*" | |
| - beta | |
| - "beta-*" | |
| pull_request: | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| jobs: | |
| build: | |
| name: Installing & Building | |
| runs-on: ubuntu-latest | |
| if: "!contains(github.event.head_commit.message, '[skip ci]')" | |
| steps: | |
| - name: Cancel previous running workflows | |
| uses: fkirc/skip-duplicate-actions@master | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/*/node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('yarn.lock') }}-${{ hashFiles('packages/*/package.json') }} | |
| - name: Install & Bootstrap | |
| run: yarn && yarn bootstrap --ci | |
| - name: Build | |
| run: yarn build | |
| - uses: actions/cache/save@v4 | |
| with: | |
| path: packages/*/dist | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| lint: | |
| name: Lint commit messages | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Lint commit message | |
| uses: wagoid/commitlint-github-action@v5 | |
| test: | |
| name: Linting & Testing | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: [build] | |
| strategy: | |
| matrix: | |
| package: | |
| - agent | |
| - agent-client | |
| - agent-testing | |
| - agent-toolkit | |
| - ai-proxy | |
| - forest-cloud | |
| - mcp-server | |
| - datasource-customizer | |
| - datasource-dummy | |
| - datasource-mongoose | |
| - datasource-replica | |
| - datasource-mongo | |
| - datasource-sequelize | |
| - datasource-sql | |
| - datasource-toolkit | |
| - forestadmin-client | |
| - plugin-aws-s3 | |
| - plugin-export-advanced | |
| - plugin-flattener | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| - name: Start docker containers | |
| if: ${{ matrix.package == 'datasource-mongo' || matrix.package == 'datasource-mongoose' || matrix.package == 'datasource-sql' || matrix.package == 'datasource-sequelize' }} | |
| run: docker compose -f ./packages/${{ matrix.package }}/docker-compose.yml up -d; sleep 5 | |
| - name: Restore dependencies from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/*/node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('yarn.lock') }}-${{ hashFiles('packages/*/package.json') }} | |
| fail-on-cache-miss: true | |
| - name: Restore build from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: packages/*/dist | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: Lint Typescript | |
| run: cd packages/${{ matrix.package }} && yarn lint && cd - | |
| - name: Test code (excluding LLM integration tests) | |
| run: cd packages/${{ matrix.package }} && yarn test --coverage --testPathIgnorePatterns='llm.integration' && cd - | |
| - name: Upload coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.package }} | |
| path: packages/${{ matrix.package }}/coverage/clover.xml | |
| retention-days: 1 | |
| llm-integration-tests: | |
| name: LLM Integration Tests (ai-proxy) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| needs: [build] | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| - name: Restore dependencies from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/*/node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('yarn.lock') }}-${{ hashFiles('packages/*/package.json') }} | |
| fail-on-cache-miss: true | |
| - name: Restore build from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: packages/*/dist | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: Run LLM integration tests | |
| run: yarn workspace @forestadmin/ai-proxy test --testPathPattern='llm.integration' | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} | |
| send-coverage: | |
| name: Send Coverage | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: [test] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download coverage reports | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: reports | |
| - name: Send coverage | |
| uses: qltysh/qlty-action/coverage@8d5c844f32f80364ccc135534671640466e7f610 #v1.1 | |
| with: | |
| oidc: true | |
| files: | | |
| ${{github.workspace}}/reports/**/clover.xml | |
| build-api-reference: | |
| name: Build API Reference | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| - name: Restore dependencies from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/*/node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('yarn.lock') }}-${{ hashFiles('packages/*/package.json') }} | |
| fail-on-cache-miss: true | |
| - name: Restore build from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: packages/*/dist | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: Build doc | |
| run: yarn docs | |
| - name: Archive documentation artifacts | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: api-reference | |
| release: | |
| name: Release packages | |
| runs-on: ubuntu-latest | |
| needs: [build-api-reference, send-coverage, lint] | |
| if: | | |
| github.event_name == 'push' | |
| && ( | |
| github.ref == 'refs/heads/main' | |
| || github.ref == 'refs/heads/beta' | |
| || github.ref == 'refs/heads/alpha' | |
| || startsWith(github.ref, 'refs/heads/alpha-') | |
| || startsWith(github.ref, 'refs/heads/beta-') | |
| ) | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false # GITHUB_TOKEN must not be set for the semantic release | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| - name: Restore dependencies from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/*/node_modules | |
| key: ${{ runner.os }}-modules-${{ hashFiles('yarn.lock') }}-${{ hashFiles('packages/*/package.json') }} | |
| fail-on-cache-miss: true | |
| - name: Install npm >= 11.15.0 | |
| run: npm install -g npm@latest | |
| - name: Restore build from cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: packages/*/dist | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: Disable workspaces-update | |
| run: npm config set workspaces-update false | |
| - name: "Run multi-semantic-release" | |
| run: "$(yarn bin)/multi-semantic-release --deps.bump=override" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} | |
| GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} | |
| GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} | |
| GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| NPM_CONFIG_PROVENANCE: true | |
| publish-api-reference: | |
| name: Publish API Reference | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [build-api-reference, send-coverage, lint] | |
| steps: | |
| - name: Setup Pages | |
| uses: actions/configure-pages@v3 | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 |