improved CI/CD github workflows to make security checks & fixed security holes #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: TrackStack Continuous Integration Pipeline | |
| on: | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize] | |
| jobs: | |
| Frontend-Pipeline: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./front | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Check style | |
| run: npm run lint | |
| - name: Check Security | |
| run: npx eslint . | |
| Backend-Pipeline: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./back | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Check style | |
| run: npm run lint | |
| - name: Check security | |
| run: npx eslint . | |
| - name: Run tests | |
| run: npm run test | |
| Playwright-E2E-Tests: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./e2e | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Install Frontend dependencies | |
| run: npm ci | |
| working-directory: ./front | |
| - name: Build Frontend | |
| run: npm run build | |
| working-directory: ./front | |
| - name: Install Backend dependencies | |
| run: npm ci | |
| working-directory: ./back | |
| - name: Build Backend | |
| run: npm run build | |
| working-directory: ./back | |
| - name: Install Playwright dependencies | |
| run: npm ci | |
| - name: Install Playwright Browsers | |
| run: npx playwright install --with-deps | |
| - name: Run Server | |
| run: npm run start:prod & | |
| working-directory: ./back | |
| env: | |
| DB_URL: ${{ secrets.DB_URL }} | |
| DB_PORT: ${{ secrets.DB_PORT }} | |
| ELASTICSEARCH_NODE: ${{ secrets.ELASTICSEARCH_NODE }} | |
| - name: Running Playwright tests | |
| run: npm run test | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: playwright-report | |
| path: playwright-report/ | |
| retention-days: 30 |