feat: work around CVE-2022-24765 changes and update to esm release bi…

…nary BREAKING CHANGE: adjust for https://github.blog/2022-04-12-git-security-vulnerability-announced/#cve-2022-24765 closes open-sauced#10
OgDev-01 · May 16, 2023 · 57c4acc · 57c4acc
1 parent c151ff0
commit 57c4acc
Show file tree

Hide file tree

Showing 9 changed files with 3,907 additions and 2,083 deletions.
diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml
@@ -1,4 +1,4 @@
-name: "Development"
+name: Development
 
 on:
   pull_request:
@@ -7,8 +7,49 @@ on:
       - edited
       - synchronize
       - reopened
+  workflow_call:
 
 jobs:
   test:
-    name: Test and lint
-    uses: open-sauced/open-sauced/.github/workflows/development.yml@main
+    name: Test application
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: "☁️ checkout repository"
+        uses: actions/checkout@v3
+
+      - name: "🔧 setup node"
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: "🔧 install npm@latest"
+        run: npm i -g npm@latest
+
+      - name: "📦 install dependencies"
+        uses: bahmutov/npm-install@v1
+
+      - name: "🔍 run tests"
+        run: npm run test --if-present
+
+  lint:
+    name: Code standards
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: "☁️ checkout repository"
+        uses: actions/checkout@v3
+
+      - name: "🔧 setup node"
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: "🔧 install npm@latest"
+        run: npm i -g npm@latest
+
+      - name: "📦 install dependencies"
+        uses: bahmutov/npm-install@v1
+
+      - name: "🔍 lint code"
+        run: npm run lint --if-present
diff --git a/.github/workflows/marketplace.yml b/.github/workflows/marketplace.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,18 +9,22 @@ on:
       - next
 
 jobs:
+  test:
+    name: Test and lint
+    uses: ./.github/workflows/development.yml
+
   docker:
     name: Build container
     runs-on: ubuntu-latest
     steps:
       - name: "☁️ checkout repository"
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: "🔧 setup buildx"
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: "🔧 cache docker layers"
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -29,13 +33,13 @@ jobs:
 
       - name: "🔧 docker meta"
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: ${{ github.repository }}
           tags: latest
 
       - name: "📦 docker build"
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: .
           tags: ${{ steps.meta.outputs.tags }}
@@ -46,7 +50,7 @@ jobs:
           cache-to: type=gha, scope=${{ github.workflow }}
 
       - name: "📂 docker artifacts"
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: docker
           path: /tmp/docker.tar
@@ -57,16 +61,17 @@ jobs:
       url: https://github.com/${{ github.repository }}/releases/tag/${{ env.RELEASE_TAG }}
     name: Semantic release
     needs:
+      - test
       - docker
     runs-on: ubuntu-latest
     steps:
       - name: "☁️ checkout repository"
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
       - name: "🔧 setup node"
-        uses: actions/setup-node@v2.1.5
+        uses: actions/setup-node@v3
         with:
           node-version: 16
 
@@ -77,7 +82,7 @@ jobs:
         uses: bahmutov/npm-install@v1
 
       - name: "📂 download docker artifacts"
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
         with:
           name: docker
           path: /tmp
@@ -95,14 +100,21 @@ jobs:
         run: |
           npx semantic-release
 
+      - name: "echo outputs"
+        run: |
+          echo "RELEASE_TAG: ${{ env.RELEASE_TAG }}"
+          echo "RELEASE_VERSION: ${{ env.RELEASE_VERSION }}"
+          echo "outputs.release-tag: ${{ steps.release.outputs.release-tag }}"
+          echo "outputs.release-version: ${{ steps.release.outputs.release-version }}"
+
   cleanup:
     name: Cleanup actions
     needs:
       - release
     runs-on: ubuntu-latest
     steps:
       - name: "♻️ remove build artifacts"
-        uses: geekyeggo/delete-artifact@v1
+        uses: geekyeggo/delete-artifact@v2
         with:
           name: |
             docker
diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,18 @@
-FROM node:16-alpine
+FROM node:18-alpine
 
-RUN apk --update --no-cache add git git-lfs jq openssh
+RUN apk add --update --no-cache git git-lfs jq openssh
 
 COPY package.json /
 
 RUN npm i -g npm@latest
 RUN npm i -g $( jq -j '.dependencies|to_entries|map("\(.key)@\(.value) ")|.[]' /package.json )
 
-COPY release.config.js /usr/local/lib/
+COPY release.config.js /usr/local/lib/release.config.js
 
 RUN apk add --update make \
   && rm -rf /var/cache/apk/* \
   && rm -rf /package.json
 
-ENTRYPOINT ["npx"]
+COPY entrypoint.sh /entrypoint.sh
 
-CMD ["semantic-release", "--extends", "/usr/local/lib/release.config.js"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Open Sauced
+Copyright (c) 2023 Open Sauced
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/sh -l
+
+git config --global --add safe.directory "$GITHUB_WORKSPACE"
+npx semantic-release --extends /usr/local/lib/release.config.js