Update dependency @angular/common to v19 [SECURITY] #324
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| push: | |
| branches: [ "**" ] | |
| pull_request_target: | |
| types: [ opened, synchronize ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| statuses: write | |
| checks: write | |
| contents: write | |
| pull-requests: write | |
| actions: write | |
| security-events: write | |
| defaults: | |
| run: | |
| working-directory: ./mdm-ui # Only applies to `run` steps | |
| steps: | |
| - name: Get User Permission | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| id: checkAccess | |
| uses: actions-cool/check-user-permission@v2 | |
| with: | |
| require: write | |
| username: ${{ github.triggering_actor }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check User Permission | |
| if: ${{ github.event_name == 'pull_request_target' && steps.checkAccess.outputs.require-result == 'false' }} | |
| run: | | |
| echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
| echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" | |
| echo "Job originally triggered by ${{ github.actor }}" | |
| exit 1 | |
| - name: Checkout PR head (gated for pull_request_target) | |
| if: ${{ github.event_name == 'pull_request_target' && steps.checkAccess.outputs.require-result == 'true' }} | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} # This is dangerous without the first access check | |
| path: ./mdm-ui | |
| - name: Checkout default (push/pull_request) | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: actions/checkout@v6 | |
| with: | |
| path: ./mdm-ui | |
| - name: Install and configure | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.16.0' | |
| - name: Install tools | |
| run: | | |
| npm i -g npm@10.2.3 | |
| npm i -g @angular/cli | |
| npm i -g symlinked | |
| npm i -g npm-check | |
| - name: Check tool versions | |
| run: | | |
| node --version | |
| npm --version | |
| - name: Clean install dependencies | |
| run: | | |
| npm config set registry https://registry.npmjs.org/ | |
| npm install | |
| ######### | |
| # Link a local copy of mdm-resources | |
| ######### | |
| - name: Checkout mdm-resources | |
| if: success() && github.ref != 'refs/heads/main' | |
| # working-directory: ./mdm-resources | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: MauroDataMapper/mdm-resources | |
| ref: refs/heads/develop | |
| path: ./mdm-resources | |
| - name: Build mdm-resources | |
| if: success() && github.ref != 'refs/heads/main' | |
| working-directory: ./mdm-resources | |
| run: | | |
| npm install | |
| npm run build | |
| npm link | |
| # Back in the (default) mdm-ui directory | |
| - name: Link mdm-resources | |
| if: success() && github.ref != 'refs/heads/main' | |
| run: | | |
| npm link @maurodatamapper/mdm-resources | |
| - name: Report links | |
| run: symlinked names | |
| - name: License header check | |
| run: npm run license-check check | |
| - name: Check tool versions | |
| run: | | |
| node --version | |
| npm --version | |
| npx tsc --version | |
| npx jest --version | |
| npm ls jsdom jest ts-jest @angular/core | |
| printenv | grep -v -i 'token\|secret\|key' | sort | |
| - name: Run tests | |
| run: npx jest --coverage | |
| - name: Report Test results | |
| uses: dorny/test-reporter@v1 | |
| if: success() || failure() | |
| with: | |
| working-directory: ./mdm-ui | |
| name: Test Results | |
| path: 'test-report/junit.xml' | |
| reporter: java-junit | |
| # Can't successfully get Megalinter to run in another folder. | |
| # Disable it and use the native eslint instead | |
| #- name: MegaLinter | |
| # uses: oxsecurity/megalinter/flavors/javascript@v7.12.0 | |
| # env: | |
| # # All available variables are described in documentation | |
| # # https://megalinter.io/configuration/ | |
| # VALIDATE_ALL_CODEBASE: true | |
| # ENABLE_LINTERS: TYPESCRIPT_ES | |
| # LINTER_RULES_PATH: '.eslintrc.json' # This is the default anyway | |
| # DISABLE_ERRORS: true #Flag to have the linter complete with exit code 0 even if errors were detected. | |
| # SARIF_REPORTER: true | |
| # GITHUB_STATUS_REPORTER: true | |
| # GITHUB_COMMENT_REPORTER: true | |
| # MARKDOWN_SUMMARY_REPORTER: true | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| #- name: Upload MegaLinter scan results to GitHub Security tab | |
| # if: ${{ success() }} || ${{ failure() }} | |
| # uses: github/codeql-action/upload-sarif@v3 | |
| # with: | |
| # checkout_path: ./mdm-ui | |
| # sarif_file: 'megalinter-reports/megalinter-report.sarif' | |
| - name: Run ESLint | |
| run: npm run eslint-junit || true # Always succeed, even with linting errors | |
| - name: Report ESLint results | |
| uses: dorny/test-reporter@v1 | |
| if: success() || failure() | |
| with: | |
| working-directory: ./mdm-ui | |
| name: ESLint Results | |
| path: "eslint/eslint-junit.xml" | |
| reporter: java-junit | |
| fail-on-error: false | |
| - name: Run ESLint | |
| run: npm run eslint-sarif || true # Always succeed, even with linting errors | |
| - name: Upload EsLint scan results to GitHub Security tab | |
| if: ${{ github.repository == 'MauroDataMapper/mdm-ui' && (success() || failure()) }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: './mdm-ui/eslint/eslint_report.sarif' | |
| - name: Build distribution with original theme | |
| run: npm run dist | |
| - name: Build distribution with nhs digital theme | |
| run: npm run dist | |
| env: | |
| MDM_UI_THEME_NAME: nhs-digital | |
| - name: Archive distribution artifacts | |
| if: ${{ github.repository == 'MauroDataMapper/mdm-ui' && success() && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' )}} | |
| run: | | |
| cd dist ; \ | |
| for i in mdm-ui-*.tgz; do \ | |
| echo Uploading $i... ; \ | |
| curl -X PUT -H "X-Generate-Checksums: true" -u ${{secrets.MAURO_SNAPSHOT_REPOSITORY_USERNAME}}:${{secrets.MAURO_SNAPSHOT_REPOSITORY_PASSWORD}} -T $i https://mauro-repository.com/artifacts-snapshots/mauroDataMapper/mdm-ui/$i ; \ | |
| done | |
| - name: Send a stream message | |
| if: ${{ github.repository == 'MauroDataMapper/mdm-ui' }} | |
| uses: zulip/github-actions-zulip/send-message@v1 | |
| with: | |
| api-key: ${{ secrets.ZULIP_API_KEY }} | |
| email: "githubactionsbot-bot@maurodatamapper.zulipchat.com" | |
| organization-url: "https://maurodatamapper.zulipchat.com" | |
| to: "build/github-actions" | |
| type: "stream" | |
| topic: "${{github.repository}}" | |
| content: "${{ job.status == 'success' && ':check_mark:' || ':cross_mark:' }} ${{github.repository}} : **${{github.ref}}**\nGitHub Actions build result: **${{ job.status }}**\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" | |